free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tidying

This commit is contained in:
Bob Mottram 2018-02-26 13:50:40 +00:00
parent 8b4ddff6eb
commit 8848ea40ef
27 changed files with 2047 additions and 2043 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/cronic
View File

@ -12,14 +12,14 @@ ERR=$TMP/cronic.err
TRACE=$TMP/cronic.trace
set +e
"$@" >$OUT 2>$TRACE
"$@" >"$OUT" 2>"$TRACE"
RESULT=$?
set -e
PATTERN="^${PS4:0:1}\\+${PS4:1}"
if grep -aq "$PATTERN" $TRACE
if grep -aq "$PATTERN" "$TRACE"
then
! grep -av "$PATTERN" $TRACE > $ERR
! grep -av "$PATTERN" "$TRACE" > "$ERR"
else
ERR=$TRACE
fi
@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ]
echo
echo "STANDARD OUTPUT:"
cat "$OUT"
if [ $TRACE != $ERR ]
if [ "$TRACE" != "$ERR" ]
then
echo
echo "TRACE-ERROR OUTPUT:"

97
src/freedombone
View File

@ -42,61 +42,61 @@ fi
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
source $f
source "$f"
done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES
do
source $f
source "$f"
done
command_options=$1
command_options="$1"
if [[ $command_options == "menuconfig-full" ]]; then
if [[ "$command_options" == "menuconfig-full" ]]; then
MINIMAL_INSTALL="no"
fi
if [[ $command_options == "menuconfig-onion" ]]; then
if [[ "$command_options" == "menuconfig-onion" ]]; then
MINIMAL_INSTALL="yes"
ONION_ONLY="yes"
fi
if [[ $command_options == "menuconfig-gnusocial" ]]; then
if [[ "$command_options" == "menuconfig-gnusocial" ]]; then
MINIMAL_INSTALL="yes"
ONION_ONLY="no"
SOCIALINSTANCE='gnusocial'
fi
if [[ $command_options == "menuconfig-postactiv" ]]; then
if [[ "$command_options" == "menuconfig-postactiv" ]]; then
MINIMAL_INSTALL="yes"
ONION_ONLY="no"
SOCIALINSTANCE='postactiv'
fi
if [ ! $CONFIGURATION_FILE ]; then
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
if [ ! "$CONFIGURATION_FILE" ]; then
CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
fi
if [ ! $COMPLETION_FILE ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
if [ ! "$COMPLETION_FILE" ]; then
COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
fi
# before the interactive config so that wifi adaptors may be detected
setup_wifi_atheros
if [[ $command_options == "menuconfig"* ]]; then
if [[ "$command_options" == "menuconfig"* ]]; then
if [[ "$2" == "--reset" ]]; then
if [ -f $CONFIGURATION_FILE ]; then
rm $CONFIGURATION_FILE
if [ -f "$CONFIGURATION_FILE" ]; then
rm "$CONFIGURATION_FILE"
fi
if [ -f $COMPLETION_FILE ]; then
rm $COMPLETION_FILE
if [ -f "$COMPLETION_FILE" ]; then
rm "$COMPLETION_FILE"
fi
if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then
rm /usr/share/${PROJECT_NAME}/installed.txt
if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then
rm "/usr/share/${PROJECT_NAME}/installed.txt"
fi
if [ -f /root/removed ]; then
rm /root/removed
@ -104,18 +104,18 @@ if [[ $command_options == "menuconfig"* ]]; then
fi
# clear the interactive file which indicates configuration success
interactive_file=$HOME/.${PROJECT_NAME}-interactive
if [ -f $interactive_file ]; then
rm $interactive_file
interactive_file="$HOME/.${PROJECT_NAME}-interactive"
if [ -f "$interactive_file" ]; then
rm "$interactive_file"
fi
interactive_configuration
# check that the interactive file was created
if [ ! -f $interactive_file ]; then
if [ ! -f "$interactive_file" ]; then
exit 6393562
fi
rm $interactive_file
rm "$interactive_file"
else
while [ $# -gt 1 ]
do
@ -169,12 +169,12 @@ else
# Static IP address for the system
--ip)
shift
LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
LOCAL_NETWORK_STATIC_IP_ADDRESS="$1"
;;
# IP address for the internet router
--iprouter)
shift
ROUTER_IP_ADDRESS=$1
ROUTER_IP_ADDRESS="$1"
;;
# ssh port
--ssh)
@ -214,61 +214,61 @@ else
# Mumble server password
--vpass)
shift
MUMBLE_SERVER_PASSWORD=$1
MUMBLE_SERVER_PASSWORD="$1"
;;
# Mumble server port
--vport)
shift
MUMBLE_PORT=$1
MUMBLE_PORT="$1"
;;
# DNS Nameserver 1
--ns1)
shift
NAMESERVER1=$1
NAMESERVER1="$1"
;;
# DNS Nameserver 2
--ns2)
shift
NAMESERVER2=$1
NAMESERVER2="$1"
;;
# DNS Nameserver 3
--ns3)
shift
NAMESERVER3=$1
NAMESERVER3="$1"
;;
# DNS Nameserver 4
--ns4)
shift
NAMESERVER4=$1
NAMESERVER4="$1"
;;
# DNS Nameserver 5
--ns5)
shift
NAMESERVER5=$1
NAMESERVER5="$1"
;;
# DNS Nameserver 6
--ns6)
shift
NAMESERVER6=$1
NAMESERVER6="$1"
;;
# Debian repository
--repo)
shift
DEBIAN_REPO=$1
DEBIAN_REPO="$1"
;;
# clear the config file
--reset)
if [ -f $CONFIGURATION_FILE ]; then
rm $CONFIGURATION_FILE
if [ -f "$CONFIGURATION_FILE" ]; then
rm "$CONFIGURATION_FILE"
fi
if [ -f $COMPLETION_FILE ]; then
rm $COMPLETION_FILE
if [ -f "$COMPLETION_FILE" ]; then
rm "$COMPLETION_FILE"
fi
;;
# minimal install
--minimal)
shift
MINIMAL_INSTALL=$1
MINIMAL_INSTALL="$1"
;;
*)
# unknown option
@ -293,7 +293,7 @@ function parse_args {
read_config_param 'DDNS_USERNAME'
read_config_param 'DDNS_PASSWORD'
if [ ! -d /home/$MY_USERNAME ]; then
if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
exit 1
fi
@ -304,7 +304,7 @@ function parse_args {
exit 2
fi
fi
if [ ! $MY_USERNAME ]; then
if [ ! "$MY_USERNAME" ]; then
echo 'No username specified'
show_help
exit 3
@ -312,11 +312,11 @@ function parse_args {
if [[ $SYSTEM_TYPE != "mesh"* ]]; then
if [[ "$DDNS_PROVIDER" != 'none' ]]; then
if [[ $ONION_ONLY == "no" ]]; then
if [ ! $DDNS_USERNAME ]; then
if [ ! "$DDNS_USERNAME" ]; then
echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
exit 7823
fi
if [ ! $DDNS_PASSWORD ]; then
if [ ! "$DDNS_PASSWORD" ]; then
echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
exit 6382
fi
@ -324,7 +324,7 @@ function parse_args {
fi
fi
if [ ! $SYSTEM_TYPE ]; then
if [ ! "$SYSTEM_TYPE" ]; then
SYSTEM_TYPE=$'full'
write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE"
fi
@ -338,8 +338,7 @@ function parse_args {
# run some initial tests
clear
${PROJECT_NAME}-tests
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-tests"; then
exit 768252
fi
@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions
setup_utils
setup_email
setup_web
setup_apps $command_options
setup_apps "$command_options"
setup_final
echo ''

115
src/freedombone-addcert
View File

@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
source $f
source "$f"
done
# Don't pin certs by default
@ -145,11 +145,11 @@ do
;;
--dhkey)
shift
DH_KEYLENGTH=${1}
DH_KEYLENGTH="${1}"
;;
--pin)
shift
PIN_CERTS=${1}
PIN_CERTS="${1}"
;;
*)
# unknown option
@ -158,8 +158,8 @@ do
shift
done
if [ ! $HOSTNAME ]; then
if [ ! $LETSENCRYPT_HOSTNAME ]; then
if [ ! "$HOSTNAME" ]; then
if [ ! "$LETSENCRYPT_HOSTNAME" ]; then
echo $'No hostname specified'
exit 5748
fi
@ -180,16 +180,16 @@ function remove_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME
# disable the site if needed
if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
nginx_dissite ${LETSENCRYPT_HOSTNAME}
if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then
if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then
nginx_dissite "${LETSENCRYPT_HOSTNAME}"
fi
fi
# remove the cert
rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*"
rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*"
rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf"
# restart the web server
systemctl restart nginx
@ -199,14 +199,14 @@ function add_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME
# obtain the email address for the admin user
if [ ! $MY_EMAIL_ADDRESS ]; then
if [ -f $CONFIGURATION_FILE ]; then
if [ ! "$MY_EMAIL_ADDRESS" ]; then
if [ -f "$CONFIGURATION_FILE" ]; then
read_config_param MY_EMAIL_ADDRESS
fi
fi
if [ ! $MY_EMAIL_ADDRESS ]; then
if [ -f $COMPLETION_FILE ]; then
if grep -q "Admin user:" $COMPLETION_FILE; then
if [ ! "$MY_EMAIL_ADDRESS" ]; then
if [ -f "$COMPLETION_FILE" ]; then
if grep -q "Admin user:" "$COMPLETION_FILE"; then
function_check get_completion_param
ADMIN_USER=$(get_completion_param "Admin user")
if [ ${#ADMIN_USER} -eq 0 ]; then
@ -232,8 +232,7 @@ function add_cert_letsencrypt {
chgrp -R root /etc/letsencrypt
chmod -R 777 /etc/letsencrypt
certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
if [ ! "$?" = "0" ]; then
if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then
echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
echo $'Also see https://letsencrypt.status.io to check for any service outages'
chgrp -R ssl-cert /etc/letsencrypt
@ -245,42 +244,42 @@ function add_cert_letsencrypt {
fi
# replace some legacy filenames
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then
mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then
mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
# link the private key
if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then
mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old"
else
rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
fi
fi
if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
# link the public key
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then
mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old"
else
rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi
fi
if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem"
update_default_domain
@ -291,12 +290,11 @@ function add_cert_letsencrypt {
chmod -R g=rX /etc/letsencrypt
chown -R root:ssl-cert /etc/letsencrypt
nginx_ensite ${LETSENCRYPT_HOSTNAME}
nginx_ensite "${LETSENCRYPT_HOSTNAME}"
systemctl start nginx
if [ $PIN_CERTS ]; then
${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
if [ ! "$?" = "0" ]; then
if [ "$PIN_CERTS" ]; then
if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then
echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
exit 62878
fi
@ -304,21 +302,20 @@ function add_cert_letsencrypt {
}
function add_cert_selfsigned {
if [[ $ORGANISATION == "Freedombone-CA" ]]; then
if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then
CERTFILE="ca-$HOSTNAME"
fi
openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
-out /etc/ssl/certs/${CERTFILE}.crt
chmod 400 /etc/ssl/private/${CERTFILE}.key
chmod 640 /etc/ssl/certs/${CERTFILE}.crt
cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
-newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
-out "/etc/ssl/certs/${CERTFILE}.crt"
chmod 400 "/etc/ssl/private/${CERTFILE}.key"
chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
if [ $PIN_CERTS ]; then
${PROJECT_NAME}-pin-cert $CERTFILE
if [ ! "$?" = "0" ]; then
if [ "$PIN_CERTS" ]; then
if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
echo $"Certificate for $CERTFILE could not be pinned"
exit 62879
fi
@ -326,9 +323,9 @@ function add_cert_selfsigned {
}
function generate_dh_params {
if [ ! $NODH ]; then
if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
if [ ! "$NODH" ]; then
if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then
"${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes
fi
fi
}
@ -346,12 +343,12 @@ function make_cert_bundle {
}
function create_cert {
if [ $remove_cert ]; then
if [ "$remove_cert" ]; then
remove_cert_letsencrypt
return
fi
if [ $LETSENCRYPT_HOSTNAME ]; then
if [ "$LETSENCRYPT_HOSTNAME" ]; then
add_cert_letsencrypt
else
add_cert_selfsigned

135
src/freedombone-addemail
View File

@ -52,49 +52,49 @@ do
key="$1"
case $key in
-h|--help)
show_help
;;
-u|--user)
shift
MYUSERNAME="$1"
;;
-e|--email)
shift
EMAILADDRESS="$1"
;;
-s|--subject)
shift
SUBJECT_TEXT="$1"
;;
-g|--group)
shift
GROUP_NAME="$1"
;;
-p|--public)
shift
PUBLIC="$1"
;;
*)
# unknown option
;;
-h|--help)
show_help
;;
-u|--user)
shift
MYUSERNAME="$1"
;;
-e|--email)
shift
EMAILADDRESS="$1"
;;
-s|--subject)
shift
SUBJECT_TEXT="$1"
;;
-g|--group)
shift
GROUP_NAME="$1"
;;
-p|--public)
shift
PUBLIC="$1"
;;
*)
# unknown option
;;
esac
shift
done
if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then
if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then
show_help
fi
if [ ${#EMAILADDRESS} -lt 2 ]; then
if [ "${#EMAILADDRESS}" -lt 2 ]; then
if [ ${#SUBJECT_TEXT} -lt 2 ]; then
show_help
show_help
fi
fi
MUTTRC=/home/$MYUSERNAME/.muttrc
PM=/home/$MYUSERNAME/.procmailrc
LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME
MUTTRC="/home/$MYUSERNAME/.muttrc"
PM="/home/$MYUSERNAME/.procmailrc"
LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME"
proc_rule=" * ^From:.*$EMAILADDRESS"
proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME"
@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then
fi
if [ ! -d "$LISTDIR" ]; then
mkdir -m 700 $LISTDIR
mkdir -m 700 $LISTDIR/tmp
mkdir -m 700 $LISTDIR/new
mkdir -m 700 $LISTDIR/cur
mkdir -m 700 "$LISTDIR"
mkdir -m 700 "$LISTDIR/tmp"
mkdir -m 700 "$LISTDIR/new"
mkdir -m 700 "$LISTDIR/cur"
fi
chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
if ! grep -q "$proc_comment" $PM; then
chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
if ! grep -q "$proc_comment" "$PM"; then
if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage
echo '' >> $PM
echo "$proc_comment" >> $PM
echo ":0" >> $PM
echo "$proc_rule" >> $PM
echo "$LISTDIR/new" >> $PM
echo "# End of rule" >> $PM
# private emails go after the encryption stage
{ echo '';
echo "$proc_comment";
echo ":0";
echo "$proc_rule";
echo "$LISTDIR/new";
echo "# End of rule"; } >> "$PM"
else
# public emails are copied before the encryption stage
if ! grep -q '# encrypt' $PM; then
echo '' >> $PM
echo "$proc_comment" >> $PM
echo ":0" >> $PM
echo "$proc_rule" >> $PM
echo "$LISTDIR/new" >> $PM
echo "# End of rule" >> $PM
else
filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n")
sed -i "/# encrypt/i ${filter}" $PM
# public emails are copied before the encryption stage
if ! grep -q '# encrypt' "$PM"; then
{ echo '';
echo "$proc_comment";
echo ":0";
echo "$proc_rule";
echo "$LISTDIR/new";
echo "# End of rule"; } >> "$PM"
else
sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
fi
fi
fi
chown $MYUSERNAME:$MYUSERNAME $PM
chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
fi
if [ ! -f "$MUTTRC" ]; then
cp /etc/Muttrc $MUTTRC
chown $MYUSERNAME:$MYUSERNAME $MUTTRC
cp /etc/Muttrc "$MUTTRC"
chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi
PROCMAILLOG=/home/$MYUSERNAME/log
if [ ! -d $PROCMAILLOG ]; then
mkdir $PROCMAILLOG
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
if [ ! -d "$PROCMAILLOG" ]; then
mkdir "$PROCMAILLOG"
chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then
if ! grep -q "=$GROUP_NAME" $MUTTRC; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC
chown $MYUSERNAME:$MYUSERNAME $MUTTRC
MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then
if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC"
chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi
fi

153
src/freedombone-addlist
View File

@ -52,119 +52,114 @@ do
key="$1"
case $key in
-h|--help)
show_help
;;
-u|--user)
shift
MYUSERNAME="$1"
;;
-l|--list)
shift
MAILINGLIST="$1"
;;
-s|--subject)
shift
SUBJECTTAG="$1"
;;
-e|--email)
shift
LIST_ADDRESS="$1"
;;
-p|--public)
shift
PUBLIC="$1"
;;
*)
# unknown option
;;
-h|--help)
show_help
;;
-u|--user)
shift
MYUSERNAME="$1"
;;
-l|--list)
shift
MAILINGLIST="$1"
;;
-s|--subject)
shift
SUBJECTTAG="$1"
;;
-e|--email)
shift
LIST_ADDRESS="$1"
;;
-p|--public)
shift
PUBLIC="$1"
;;
*)
# unknown option
;;
esac
shift
done
if [ ! $MYUSERNAME ]; then
if [ ! "$MYUSERNAME" ]; then
show_help
fi
if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then
if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then
show_help
fi
MUTTRC=/home/$MYUSERNAME/.muttrc
PM=/home/$MYUSERNAME/.procmailrc
LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST
MUTTRC="/home/$MYUSERNAME/.muttrc"
PM="/home/$MYUSERNAME/.procmailrc"
LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST"
if grep -q "=$MAILINGLIST" $MUTTRC; then
if grep -q "=$MAILINGLIST" "$MUTTRC"; then
echo $"Mailing list $MAILINGLIST was already added"
fi
if [ ! -d "$LISTDIR" ]; then
mkdir -m 700 $LISTDIR
mkdir -m 700 $LISTDIR/tmp
mkdir -m 700 $LISTDIR/new
mkdir -m 700 $LISTDIR/cur
mkdir -m 700 "$LISTDIR"
mkdir -m 700 "$LISTDIR/tmp"
mkdir -m 700 "$LISTDIR/new"
mkdir -m 700 "$LISTDIR/cur"
fi
chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
if [ ${#SUBJECTTAG} -gt 0 ]; then
# use the subject tag
if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then
if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage
filter="
# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
:0
* ^Subject:.*()\[$SUBJECTTAG\]
$LISTDIR/new
# End of rule
"
echo "$filter" >> $PM
else
# public emails are copied before hte encryption stage
if ! grep -q '# encrypt' $PM; then
filter="
# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
:0
* ^Subject:.*()\[$SUBJECTTAG\]
$LISTDIR/new
# End of rule
"
echo "$filter" >> $PM
if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then
if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage
{ echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
echo ":0";
echo " * ^Subject:.*()\\[$SUBJECTTAG\\]";
echo "$LISTDIR/new";
echo "# End of rule";
echo ""; } >> "$PM"
else
filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n")
sed -i "/# encrypt/i ${filter}" $PM
# public emails are copied before hte encryption stage
if ! grep -q '# encrypt' "$PM"; then
{ echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
echo ":0";
echo " * ^Subject:.*()\\[$SUBJECTTAG\\]";
echo "$LISTDIR/new";
echo "# End of rule";
echo ""; } >> "$PM"
else
sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
fi
fi
fi
chown $MYUSERNAME:$MYUSERNAME $PM
chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
fi
else
exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC)
exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")"
fi
if [ ! -f "$MUTTRC" ]; then
cp /etc/Muttrc $MUTTRC
chown $MYUSERNAME:$MYUSERNAME $MUTTRC
cp /etc/Muttrc "$MUTTRC"
chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi
PROCMAILLOG=/home/$MYUSERNAME/log
if [ ! -d $PROCMAILLOG ]; then
mkdir $PROCMAILLOG
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
PROCMAILLOG="/home/$MYUSERNAME/log"
if [ ! -d "$PROCMAILLOG" ]; then
mkdir "$PROCMAILLOG"
chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then
if ! grep -q "=$MAILINGLIST" $MUTTRC; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC
chown $MYUSERNAME:$MYUSERNAME $MUTTRC
MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then
if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC"
chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi
fi
if [ $LIST_ADDRESS ]; then
sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC
if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then
echo "subscribe $LIST_ADDRESS" >> $MUTTRC
if [ "$LIST_ADDRESS" ]; then
sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC"
if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then
echo "subscribe $LIST_ADDRESS" >> "$MUTTRC"
fi
fi

62
src/freedombone-addremove
View File

@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove
export TEXTDOMAINDIR="/usr/share/locale"
PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then
if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
PROJECT_INSTALL_DIR=/usr/bin
fi
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
# Start including files
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
source $f
source "$f"
done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES
do
source $f
source "$f"
done
# End including files
@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed {
return
fi
if [ -f $REMOVED_APPS_FILE ]; then
rm $REMOVED_APPS_FILE
if [ -f "$REMOVED_APPS_FILE" ]; then
rm "$REMOVED_APPS_FILE"
fi
app_index=0
for app_name in "${APPS_AVAILABLE[@]}"
do
if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then
echo "_${app_name}_" >> $REMOVED_APPS_FILE
echo "_${app_name}_" >> "$REMOVED_APPS_FILE"
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
}
@ -93,7 +93,7 @@ function app_expected_to_be_installed {
echo "0"
return
fi
if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
echo "0"
return
fi
@ -102,7 +102,7 @@ function app_expected_to_be_installed {
}
function show_apps {
select_all_apps=$1
select_all_apps="$1"
applist=""
n=1
app_index=0
@ -117,19 +117,20 @@ function show_apps {
applist="$applist $n $a on"
fi
fi
n=$[n+1]
app_index=$[app_index+1]
n=$((n+1))
app_index=$((app_index+1))
done
choices=$(dialog --stdout --backtitle $"Freedombone" \
--title $"Add/Remove Applications" \
--checklist $'Choose:' \
27 40 20 $applist)
27 40 20 "$applist")
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
for choice in $choices
do
app_index=$[choice-1]
app_index=$((choice-1))
APPS_CHOSEN[$app_index]="1"
done
else
@ -151,10 +152,10 @@ function remove_apps_selected {
else
removals="${APPS_AVAILABLE[$app_index]}"
fi
n=$[n+1]
n=$((n+1))
fi
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
# if no apps to be removed then don't do anything
@ -166,7 +167,7 @@ function remove_apps_selected {
dialog --title $"Remove applications" \
--backtitle $"Freedombone" \
--defaultno \
--yesno $"\nYou have chosen to remove $n apps.\n\n $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60
--yesno $"\\nYou have chosen to remove $n apps.\\n\\n $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60
sel=$?
case $sel in
1) return;;
@ -195,10 +196,10 @@ function install_apps_selected {
else
installs="${APPS_AVAILABLE[$app_index]}"
fi
n=$[n+1]
n=$((n+1))
fi
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
# if no apps to be installed then don't do anything
@ -212,13 +213,13 @@ function install_apps_selected {
dialog --title $"$installs" \
--backtitle $"Freedombone" \
--defaultno \
--yesno $"\nThis will install the $installs app\n\nProceed?" 9 40
--yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40
else
dialog_height=$((15 + $n))
dialog_height=$((15 + "$n"))
dialog --title $"Add applications" \
--backtitle $"Freedombone" \
--defaultno \
--yesno $"\nYou have chosen to install $n apps\n\n $installs\n\nProceed?" $dialog_height 60
--yesno $"\\nYou have chosen to install $n apps\\n\\n $installs\\n\\nProceed?" $dialog_height 60
fi
sel=$?
case $sel in
@ -232,14 +233,13 @@ function install_apps_selected {
# install the apps
read_configuration
install_apps interactive
if [ ! $APP_INSTALLED_SUCCESS ]; then
if [ ! "$APP_INSTALLED_SUCCESS" ]; then
echo $'One or more apps failed to install'
fi
}
if [[ $1 == "test"* ]]; then
${PROJECT_NAME}-tests
if [ ! "$?" = "0" ]; then
if ! ${PROJECT_NAME}-tests; then
exit 2
fi
fi
@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then
exit 1
fi
show_apps $1
mark_unselected_apps_as_removed $1
show_apps "$1"
mark_unselected_apps_as_removed "$1"
clear

185
src/freedombone-adduser
View File

@ -34,18 +34,18 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-adduser
export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
source $f
source "$f"
done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES
do
source $f
source "$f"
done
ADD_USERNAME=$1
@ -55,35 +55,35 @@ SSH_PORT=2222
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
DEFAULT_DOMAIN_NAME=
if [ ! $ADD_USERNAME ]; then
if [ ! "$ADD_USERNAME" ]; then
echo $'No username was given'
exit 1
fi
if [ -d /home/$ADD_USERNAME ]; then
if [ -d "/home/$ADD_USERNAME" ]; then
echo $"The user $ADD_USERNAME already exists"
exit 2
fi
if [ ! -f $COMPLETION_FILE ]; then
if [ ! -f "$COMPLETION_FILE" ]; then
echo $"$COMPLETION_FILE not found"
userdel -r $ADD_USERNAME
userdel -r "$ADD_USERNAME"
exit 3
fi
# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME
adduser $ADD_USERNAME sasl
groupadd $ADD_USERNAME
useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
adduser "$ADD_USERNAME" sasl
groupadd "$ADD_USERNAME"
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
if [ ! -d /home/$ADD_USERNAME ]; then
if [ ! -d "/home/$ADD_USERNAME" ]; then
echo $'Home directory was not created'
exit 4
fi
@ -91,15 +91,15 @@ fi
if [ "$SSH_PUBLIC_KEY" ]; then
if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
if [ -f "$SSH_PUBLIC_KEY" ]; then
mkdir /home/$ADD_USERNAME/.ssh
cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
mkdir "/home/$ADD_USERNAME/.ssh"
cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed'
else
if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
mkdir /home/$ADD_USERNAME/.ssh
echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
mkdir "/home/$ADD_USERNAME/.ssh"
echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed'
else
echo $'The second parameter does not look like an ssh key'
@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then
fi
fi
if [ -d /home/$ADD_USERNAME/Maildir ]; then
if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then
sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc
if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
else
echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc
echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
fi
USERN='$USER@'
sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
fi
# generate a gpg key
echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
mkdir /home/$ADD_USERNAME/.gnupg
echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf
echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
mkdir "/home/$ADD_USERNAME/.gnupg"
{ echo "keyserver $GPG_KEYSERVER";
echo 'keyserver-options auto-key-retrieve';
echo '';
echo '# default preferences';
echo 'personal-digest-preferences SHA256';
echo 'cert-digest-algo SHA256';
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
chmod 700 /home/$ADD_USERNAME/.gnupg
chmod 600 /home/$ADD_USERNAME/.gnupg/*
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
chmod 700 "/home/$ADD_USERNAME/.gnupg"
chmod 600 "/home/$ADD_USERNAME/.gnupg/*"
# Generate a GPG key
echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo "Name-Real: $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
{ echo 'Key-Type: eddsa';
echo 'Key-Curve: Ed25519';
echo 'Subkey-Type: eddsa';
echo "Name-Real: $ADD_USERNAME";
echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
echo 'Expire-Date: 0';
echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then
echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
userdel -r $ADD_USERNAME
userdel -r "$ADD_USERNAME"
exit 7
fi
gpg_agent_setup $ADD_USERNAME
gpg_agent_setup "$ADD_USERNAME"
# add a monkeysphere subkey
#echo $'Adding monkeysphere subkey'
@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME
#echo $'Updating monkeysphere users'
#monkeysphere-authentication update-users
if [ -f /home/$ADD_USERNAME/.muttrc ]; then
if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
# encrypt outgoing mail to the "sent" folder
if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
echo '' >> /home/$ADD_USERNAME/.muttrc
echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
{ echo '';
echo $'# Encrypt items in the Sent folder';
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
else
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
fi
if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
else
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
fi
fi
if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then
echo '' >> /home/$ADD_USERNAME/README
echo '' >> /home/$ADD_USERNAME/README
echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README
echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README
echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README
echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README
echo $'You can change the it with:' >> /home/$ADD_USERNAME/README
echo '' >> /home/$ADD_USERNAME/README
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README
echo ' passwd' >> /home/$ADD_USERNAME/README
echo ' save' >> /home/$ADD_USERNAME/README
echo ' quit' >> /home/$ADD_USERNAME/README
if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then
{ echo '';
echo '';
echo $'# Change your GPG password';
echo $"It's very important to add a password to your GPG key so that";
echo $"if anyone does get access to your email they still won't be able";
echo $'to read them without knowning the GPG password.';
echo $'You can change the it with:';
echo '';
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID";
echo ' passwd';
echo ' save';
echo ' quit'; } >> "/home/$ADD_USERNAME/README"
fi
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README
chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY
chmod 600 /home/$ADD_USERNAME/README
chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README"
chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY"
chmod 600 "/home/$ADD_USERNAME/README"
echo $'Detecting installed apps...'
detect_apps
get_apps_installed_names
for app_name in "${APPS_INSTALLED_NAMES[@]}"
do
if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
echo $"Adding user to ${app_name}"
app_load_variables ${app_name}
retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
app_load_variables "${app_name}"
retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
if [[ $retval != '0' ]]; then
echo $"Failed with error code ${retval}"
${PROJECT_NAME}-rmuser $ADD_USERNAME --force
"${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force
exit 672392
fi
if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then
echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE
if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
fi
fi
done
if [ -f /etc/nginx/.htpasswd ]; then
if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
fi
fi
# add user menu on ssh login
if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
fi
# fix some gpg strangeness when searching for keys
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr
if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then
chmod +x /home/$ADD_USERNAME/.gnupg/crls.d
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
fi
${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
gpg_agent_enable $ADD_USERNAME
gpg_agent_enable "$ADD_USERNAME"
clear

303
src/freedombone-app-akaunting
View File

@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY
MY_USERNAME)
function akaunting_remove_bad_links {
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658
# copy jquery locally
jquery_version='1.12.4'
if [ ! -f jquery-${jquery_version}.js ]; then
cd /var/www/$GHOST_DOMAIN_NAME/htdocs
cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
wget https://code.jquery.com/jquery-${jquery_version}.js
jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@ -74,7 +74,7 @@ function akaunting_remove_bad_links {
sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css
sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html
chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
}
function logging_on_akaunting {
@ -88,65 +88,66 @@ function logging_off_akaunting {
function remove_user_akaunting {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting
}
function add_user_akaunting {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password"
echo '0'
}
function install_interactive_akaunting {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
if [[ "$ONION_ONLY" != "no" ]]; then
AKAUNTING_DOMAIN_NAME='akaunting.local'
else
AKAUNTING_DETAILS_COMPLETE=
while [ ! $AKAUNTING_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"Akaunting Configuration" \
--form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
--form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data
2> "$data"
else
dialog --backtitle $"Freedombone Configuration" \
--title $"Akaunting Configuration" \
--form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
--form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data
2> "$data"
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 1;;
esac
AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $AKAUNTING_DOMAIN_NAME ]; then
AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$AKAUNTING_DOMAIN_NAME" ]; then
if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
AKAUNTING_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then
if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then
AKAUNTING_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
AKAUNTING_CODE=$(cat $data | sed -n 2p)
AKAUNTING_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$AKAUNTING_CODE"
if [ ! $VALID_CODE ]; then
if [ ! "$VALID_CODE" ]; then
AKAUNTING_DOMAIN_NAME=
fi
fi
@ -155,6 +156,7 @@ function install_interactive_akaunting {
if [ $AKAUNTING_DOMAIN_NAME ]; then
AKAUNTING_DETAILS_COMPLETE="yes"
fi
rm -f "$data"
done
write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE"
@ -169,23 +171,23 @@ function change_password_akaunting {
read_config_param 'AKAUNTING_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password"
}
function akaunting_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then
AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME
create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME"
}
function reconfigure_akaunting {
@ -198,70 +200,69 @@ function upgrade_akaunting {
return
fi
if grep -q "akaunting domain" $COMPLETION_FILE; then
if grep -q "akaunting domain" "$COMPLETION_FILE"; then
AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO
set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835
install_composer
akaunting_remove_bad_links
chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
}
function backup_local_akaunting {
akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
if [ -d $akaunting_path ]; then
suspend_site ${AKAUNTING_DOMAIN_NAME}
akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
if [ -d "$akaunting_path" ]; then
suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check backup_database_to_usb
backup_database_to_usb akaunting
backup_directory_to_usb $akaunting_path akaunting
backup_directory_to_usb "$akaunting_path" akaunting
restart_site
fi
}
function restore_local_akaunting {
temp_restore_dir=/root/tempakaunting
akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
suspend_site ${AKAUNTING_DOMAIN_NAME}
suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check akaunting_create_database
akaunting_create_database
restore_database akaunting ${AKAUNTING_DOMAIN_NAME}
chown www-data:www-data $akaunting_dir
restore_database akaunting "${AKAUNTING_DOMAIN_NAME}"
chown www-data:www-data "$akaunting_dir"
restart_site
}
function backup_remote_akaunting {
akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
if [ -d $akaunting_path ]; then
suspend_site ${AKAUNTING_DOMAIN_NAME}
akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
if [ -d "$akaunting_path" ]; then
suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check backup_database_to_friend
backup_database_to_friend akaunting
backup_directory_to_friend $akaunting_path akaunting
backup_directory_to_friend "$akaunting_path" akaunting
restart_site
fi
}
function restore_remote_akaunting {
temp_restore_dir=/root/tempakaunting
akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
suspend_site ${AKAUNTING_DOMAIN_NAME}
suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check akaunting_create_database
akaunting_create_database
restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME}
chown www-data:www-data $akaunting_dir
restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}"
chown www-data:www-data "$akaunting_dir"
restart_site
}
@ -274,28 +275,28 @@ function remove_akaunting {
read_config_param "AKAUNTING_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $AKAUNTING_DOMAIN_NAME"
nginx_dissite $AKAUNTING_DOMAIN_NAME
remove_certs $AKAUNTING_DOMAIN_NAME
nginx_dissite "$AKAUNTING_DOMAIN_NAME"
remove_certs "$AKAUNTING_DOMAIN_NAME"
if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
rm -rf /var/www/$AKAUNTING_DOMAIN_NAME
if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME"
fi
if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME"
fi
function_check drop_database
drop_database akaunting
function_check remove_onion_service
remove_onion_service akaunting ${AKAUNTING_ONION_PORT}
remove_onion_service akaunting "${AKAUNTING_ONION_PORT}"
if grep -q "akaunting" /etc/crontab; then
sed -i "/akaunting/d" /etc/crontab
fi
remove_app akaunting
remove_completion_param install_akaunting
sed -i '/akaunting/d' $COMPLETION_FILE
sed -i '/akaunting/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain $AKAUNTING_DOMAIN_NAME
remove_ddns_domain "$AKAUNTING_DOMAIN_NAME"
}
function install_akaunting {
@ -303,7 +304,7 @@ function install_akaunting {
ONION_ONLY='no'
fi
if [ ! $AKAUNTING_DOMAIN_NAME ]; then
if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then
echo $'No domain name was given for akaunting'
exit 89353
fi
@ -317,142 +318,142 @@ function install_akaunting {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
mkdir /var/www/$AKAUNTING_DOMAIN_NAME
if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
mkdir "/var/www/$AKAUNTING_DOMAIN_NAME"
fi
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/akaunting ]; then
mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735
git pull
else
function_check git_clone
git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
fi
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone akaunting repo'
exit 2589389
fi
fi
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT
cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527
git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT"
set_completion_param "akaunting commit" "$AKAUNTING_COMMIT"
chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524
install_composer
function_check akaunting_create_database
akaunting_create_database
function_check add_ddns_domain
add_ddns_domain $AKAUNTING_DOMAIN_NAME
add_ddns_domain "$AKAUNTING_DOMAIN_NAME"
AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT})
akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php"
echo 'server {' >> $akaunting_nginx_site
echo ' listen 443 ssl;' >> $akaunting_nginx_site
echo ' #listen [::]:443 ssl;' >> $akaunting_nginx_site
echo " server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $AKAUNTING_DOMAIN_NAME;";
echo ''; } >> "$akaunting_nginx_site"
function_check nginx_compress
nginx_compress $AKAUNTING_DOMAIN_NAME
echo '' >> $akaunting_nginx_site
echo ' # Security' >> $akaunting_nginx_site
nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> "$akaunting_nginx_site"
echo ' # Security' >> "$akaunting_nginx_site"
function_check nginx_ssl
nginx_ssl $AKAUNTING_DOMAIN_NAME
nginx_ssl "$AKAUNTING_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' access_log /dev/null;' >> $akaunting_nginx_site
echo ' error_log /dev/null;' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' index index.php;' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location ~ \.php {' >> $akaunting_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location / {' >> $akaunting_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.php;';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' location / {'; } >> "$akaunting_nginx_site"
function_check nginx_limits
nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location @akaunting {' >> $akaunting_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site
echo ' deny all;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo '}' >> $akaunting_nginx_site
nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @akaunting;";
echo ' }';
echo '';
echo ' location @akaunting {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '';
echo '}'; } >> "$akaunting_nginx_site"
else
echo -n '' > $akaunting_nginx_site
echo -n '' > "$akaunting_nginx_site"
fi
echo 'server {' >> $akaunting_nginx_site
echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site
echo " server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
function_check nginx_compress
nginx_compress $AKAUNTING_DOMAIN_NAME
echo '' >> $akaunting_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;";
echo " server_name $AKAUNTING_ONION_HOSTNAME;";
echo ''; } >> "$akaunting_nginx_site"
function_check nginx_compress
nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> "$akaunting_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
echo '' >> $akaunting_nginx_site
echo ' access_log /dev/null;' >> $akaunting_nginx_site
echo ' error_log /dev/null;' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' index index.php;' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location ~ \.php {' >> $akaunting_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location / {' >> $akaunting_nginx_site
nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
{ echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.php;';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' location / {'; } >> "$akaunting_nginx_site"
function_check nginx_limits
nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location @akaunting {' >> $akaunting_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '' >> $akaunting_nginx_site
echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site
echo ' deny all;' >> $akaunting_nginx_site
echo ' }' >> $akaunting_nginx_site
echo '}' >> $akaunting_nginx_site
nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @akaunting;";
echo ' }';
echo '';
echo ' location @akaunting {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "$akaunting_nginx_site"
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes'
create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes'
function_check nginx_ensite
nginx_ensite $AKAUNTING_DOMAIN_NAME
nginx_ensite "$AKAUNTING_DOMAIN_NAME"
akaunting_remove_bad_links
@ -460,7 +461,7 @@ function install_akaunting {
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME"

53
src/freedombone-app-batman
View File

@ -90,8 +90,7 @@ function restore_remote_batman {
}
function remove_batman {
${PROJECT_NAME}-mesh-install -f batman --remove yes
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then
echo $'Failed to remove batman'
exit 79353
fi
@ -100,45 +99,46 @@ function remove_batman {
}
function mesh_install_batman {
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
chroot "$rootdir" apt-get -yq install wireless-tools rfkill
if ! grep -q "batman_adv" $rootdir/etc/modules; then
echo 'batman_adv' >> $rootdir/etc/modules
if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
echo 'batman_adv' >> "$rootdir/etc/modules"
fi
BATMAN_SCRIPT=$rootdir/var/lib/batman
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then
cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
else
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
fi
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
echo '[Unit]' > $BATMAN_DAEMON
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
echo 'After=network.target' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '[Service]' >> $BATMAN_DAEMON
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
echo 'Restart=on-failure' >> $BATMAN_DAEMON
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
echo 'TimeoutSec=300' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '[Install]' >> $BATMAN_DAEMON
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
{ echo '[Unit]';
echo 'Description=B.A.T.M.A.N. Advanced';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'RemainAfterExit=yes';
echo "ExecStart=/var/lib/batman start";
echo "ExecStop=/var/lib/batman stop";
echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4';
echo '';
echo '# Allow time for the server to start/stop';
echo 'TimeoutSec=300';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
chroot "$rootdir" systemctl enable batman
}
function install_batman {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
mesh_install_batman
return
fi
@ -146,8 +146,7 @@ function install_batman {
return
fi
${PROJECT_NAME}-mesh-install -f batman
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-mesh-install" -f batman; then
echo $'Failed to install batman'
exit 72524
fi

244
src/freedombone-app-bdsmail
View File

@ -49,29 +49,29 @@ function bdsmail_configure_users {
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# Add the user to the i2p group
usermod -a -G i2psvc $USERNAME
usermod -a -G i2psvc "$USERNAME"
if [ -f /home/$USERNAME/.muttrc ]; then
if [ -f "/home/$USERNAME/.muttrc" ]; then
# Create a mutt i2p folder
if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then
MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc)
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc
if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc")
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc"
fi
# Create a mutt folder hook to the i2p config
if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
echo 'folder-hook !i2p/* source ~/.muttrc' >> /home/$USERNAME/.muttrc
if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
echo 'folder-hook !i2p/* source ~/.muttrc' >> "/home/$USERNAME/.muttrc"
fi
if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc
if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc"
fi
fi
# Create a directory where i2p mail will be stored
if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then
mkdir -p /home/$USERNAME/Maildir/i2p/cur
mkdir -p /home/$USERNAME/Maildir/i2p/new
chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p
if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then
mkdir -p "/home/$USERNAME/Maildir/i2p/cur"
mkdir -p "/home/$USERNAME/Maildir/i2p/new"
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p"
fi
fi
done
@ -93,18 +93,18 @@ function add_user_bdsmail {
new_username="$1"
new_user_password="$2"
if [ ! -d /home/$new_username/.mutt ]; then
mkdir /home/$new_username/.mutt
cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt
if [ ! -d "/home/$new_username/.mutt" ]; then
mkdir "/home/$new_username/.mutt"
cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt"
fi
read_config_param MY_USERNAME
BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail)
sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail
sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail
BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail)
sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail"
sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail"
bdsmail_configure_users
cd $BDSMAIL_DIR
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD"
chown -R $new_username:$new_username /home/$new_username/.mutt
cd $BDSMAIL_DIR || exit 57247684234
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD"
chown -R "$new_username":"$new_username" "/home/$new_username/.mutt"
echo '0'
}
@ -117,16 +117,16 @@ function change_password_bdsmail {
curr_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password"
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
cd $BDSMAIL_DIR
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password"
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
fi
done
}
@ -136,9 +136,9 @@ function bdsmail_update_domain {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail"
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
fi
done
}
@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation {
sleep 30
bds_domain=$(bdsmail_domain)
sleep_ctr=$((sleep_ctr + 1))
if [ $sleep_ctr -gt 100 ]; then
if [ "$sleep_ctr" -gt 100 ]; then
break
fi
done
@ -178,9 +178,9 @@ function upgrade_bdsmail {
fi
# update to the next commit
set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO
cd $BDSMAIL_DIR
make GOROOT=/home/go/go${GO_VERSION}
set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO"
cd $BDSMAIL_DIR || exit 2457245
make GOROOT="/home/go/go${GO_VERSION}"
chown -R i2psvc:i2psvc $BDSMAIL_DIR
systemctl restart bdsmail
@ -210,7 +210,7 @@ function restore_local_bdsmail {
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir bdsmail
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
if [ -d $temp_restore_dir$bdsmail_dir ]; then
cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
else
if [ ! -d $bdsmail_dir ]; then
@ -246,7 +246,7 @@ function restore_remote_bdsmail {
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir bdsmail
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
if [ -d $temp_restore_dir$bdsmail_dir ]; then
cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
else
if [ ! -d $bdsmail_dir ]; then
@ -272,33 +272,33 @@ function remove_bdsmail {
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# remove the user from the i2p group
deluser $USERNAME i2psvc
deluser "$USERNAME" i2psvc
# Remove mutt folder hook to the i2p config
if [ -f /home/$USERNAME/.muttrc ]; then
if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc
if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc"
fi
if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc
if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc"
fi
fi
# Remove folder
if grep -q ' =i2p' /home/$USERNAME/.muttrc; then
sed -i 's| =i2p||g' /home/$USERNAME/.muttrc
if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc"
fi
# NOTE: leave Maildir/i2p/cur. We might want to archive that
# or just be reinstalling the system without losing mail
rm -rf /home/$USERNAME/Maildir/i2p/new
rm -rf "/home/$USERNAME/Maildir/i2p/new"
fi
done
remove_i2p
remove_app bdsmail
remove_completion_param install_bdsmail
sed -i '/bdsmail/d' $COMPLETION_FILE
sed -i '/bdsmail/d' "$COMPLETION_FILE"
rm -rf /etc/skel/.mutt
if [ -d $BDSMAIL_DIR ]; then
rm -rf $BDSMAIL_DIR
@ -322,7 +322,7 @@ function install_bdsmail {
cd $BDSMAIL_DIR
git pull
else
git_clone $BDSMAIL_REPO $BDSMAIL_DIR
git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
fi
if [ ! -d $BDSMAIL_DIR ]; then
@ -331,13 +331,13 @@ function install_bdsmail {
fi
cd $BDSMAIL_DIR
git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT
git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
mkdir -p $BDSMAIL_DIR/Maildir/i2p
chmod -R 700 $BDSMAIL_DIR/Maildir
make GOROOT=/home/go/go${GO_VERSION}
make GOROOT="/home/go/go${GO_VERSION}"
if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then
echo $'Unable to make bdsmail'
exit 87923567842
@ -347,72 +347,72 @@ function install_bdsmail {
i2p_enable_sam
# create configuration file
$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
echo '[maild]' > $BDSMAIL_DIR/config.ini
echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini
echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini
echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini
echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini
echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini
echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini
echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini
echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini
echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini
#$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
{ echo '[maild]':
echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT";
echo 'i2pkeyfile = bdsmail-privkey.dat';
echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT";
echo "bindweb = 127.0.0.1:$I2P_WEB_PORT";
echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT";
echo 'domain = localhost';
echo 'maildir = Maildir/i2p';
echo 'database = localhost.sqlite';
echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini
echo '[Unit]' > /etc/systemd/system/bdsmail.service
echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service
echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service
echo 'After=network.target' >> /etc/systemd/system/bdsmail.service
echo '' >> /etc/systemd/system/bdsmail.service
echo '[Service]' >> /etc/systemd/system/bdsmail.service
echo 'Type=simple' >> /etc/systemd/system/bdsmail.service
echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service
echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service
echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service
echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service
echo 'Restart=always' >> /etc/systemd/system/bdsmail.service
echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service
echo '' >> /etc/systemd/system/bdsmail.service
echo '[Install]' >> /etc/systemd/system/bdsmail.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service
{ echo '[Unit]';
echo 'Description=bdsmail';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=i2psvc';
echo 'Group=i2psvc';
echo "WorkingDirectory=$BDSMAIL_DIR";
echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini";
echo 'Restart=always';
echo 'Environment="USER=i2psvc"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service
echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address
echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address
echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address
echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address
{ echo '#!/usr/bin/env python2';
echo 'import base64, hashlib, sys';
echo 'with open(sys.argv[1]) as f:';
echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address
chmod +x $BDSMAIL_DIR/get_address
chown -R i2psvc:i2psvc $BDSMAIL_DIR
systemctl enable bdsmail
systemctl start bdsmail
echo '#!/bin/bash' > /usr/bin/bdsmail_distribute
echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute
echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute
echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute
echo ' exit 0' >> /usr/bin/bdsmail_distribute
echo 'fi' >> /usr/bin/bdsmail_distribute
echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute
echo ' to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute
echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute
echo ' if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute
echo ' chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute
echo ' chmod 600 $filename' >> /usr/bin/bdsmail_distribute
echo ' mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute
echo ' fi' >> /usr/bin/bdsmail_distribute
echo 'done' >> /usr/bin/bdsmail_distribute
{ echo '#!/bin/bash';
echo "BDSMAIL_DIR=$BDSMAIL_DIR";
echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')";
echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then";
echo ' exit 0';
echo 'fi';
echo "for filename in \$MAIL_DIR/postmaster/new/*; do";
echo " to_line=\$(cat \$filename | grep \"To: \" | head -n 1)";
echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')";
echo " if [ -d /home/\$to_username/Maildir/i2p/new ]; then";
echo " chown \$to_username:\$to_username \$filename";
echo " chmod 600 \$filename";
echo " mv \$filename /home/\$to_username/Maildir/i2p/new";
echo ' fi';
echo 'done'; } > /usr/bin/bdsmail_distribute
chmod +x /usr/bin/bdsmail_distribute
if ! grep -q 'bdsmail_distribute' /etc/crontab; then
cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null'
fi
echo '#!/bin/bash' > /usr/bin/bdsmail_domain
echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain
echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain
echo ' exit 1' >> /usr/bin/bdsmail_domain
echo 'fi' >> /usr/bin/bdsmail_domain
echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain
{ echo '#!/bin/bash';
echo "cd $BDSMAIL_DIR";
echo 'if [ ! -f bdsmail-privkey.dat ]; then';
echo ' exit 1';
echo 'fi';
echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain
chmod +x /usr/bin/bdsmail_domain
echo ''
@ -422,7 +422,7 @@ function install_bdsmail {
bdsmail_wait_for_key_generation
if [ ! $bds_domain ]; then
if [ ! "$bds_domain" ]; then
systemctl stop bdsmail
systemctl disable bdsmail
remove_i2p
@ -430,38 +430,38 @@ function install_bdsmail {
exit 8934638
fi
BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD"
cd $BDSMAIL_DIR
BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD"
cd $BDSMAIL_DIR || exit 2346872427
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD"
# Create mutt configuration
if [ ! -d /etc/skel/.mutt ]; then
mkdir /etc/skel/.mutt
fi
echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail
echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail
echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail
echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail
echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail
echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail
echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail
echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail
echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail
{ echo 'set mbox_type=Maildir';
echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/";
echo 'set use_from=yes';
echo "set from=username@${bds_domain}";
echo "set spoolfile=~/Maildir/i2p";
echo 'set pgp_autoencrypt=no';
echo 'set pgp_replyencrypt=no';
echo 'set pgp_autosign=no';
echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail
# mutt configuration for the admin user
if [ ! -d /home/$MY_USERNAME/.mutt ]; then
mkdir /home/$MY_USERNAME/.mutt
if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
mkdir "/home/$MY_USERNAME/.mutt"
fi
cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt
sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail
sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt"
sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail"
sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail"
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
bdsmail_configure_users
cd $BDSMAIL_DIR
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD"
cd $BDSMAIL_DIR || exit 2457245
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD"
APP_INSTALLED=1
}

594
src/freedombone-app-cryptpad
View File

@ -101,7 +101,7 @@ function upgrade_cryptpad {
function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
cd $CRYPTPAD_DIR
cd $CRYPTPAD_DIR || exit 254724
cryptpad_create_config
npm upgrade
npm install
@ -156,7 +156,7 @@ function restore_local_cryptpad {
}
function backup_remote_cryptpad {
if grep -q "cryptpad domain" $COMPLETION_FILE; then
if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad
@ -226,7 +226,7 @@ function remove_cryptpad {
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad
remove_completion_param install_cryptpad
sed -i '/cryptpad/d' $COMPLETION_FILE
sed -i '/cryptpad/d' "$COMPLETION_FILE"
userdel -r cryptpad
}
@ -236,123 +236,123 @@ function cryptpad_create_config {
cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then
cryptpad_prefix=$rootdir
# shellcheck disable=SC2154
cryptpad_prefix="$rootdir"
fi
echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " 'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
{ echo '/*@flow*/';
echo '/*';
echo ' globals module';
echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {';
echo " httpAddress: '::',";
echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"';
echo ' },';
echo '';
echo ' contentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain,";
echo '';
echo ' "child-src blob: *",';
echo ' "frame-src blob: *",';
echo ' "media-src * blob:",';
echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '';
echo " \"img-src 'self' data: blob:\" + domain,";
echo '';
echo ' "frame-ancestors *",';
echo " ].join('; '),";
echo '';
echo ' padContentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain,";
echo '';
echo ' "child-src *",';
echo ' "frame-src *",';
echo '';
echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '';
echo ' "img-src * blob:",';
echo " ].join('; '),";
echo '';
echo " httpPort: ${CRYPTPAD_PORT},";
echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '';
echo " websocketPath: '/cryptpad_websocket',";
echo '';
echo ' logToStdout: false,';
echo '';
echo ' verbose: false,';
echo '';
echo ' mainPages: [';
echo " 'index'";
echo ' ],';
echo '';
echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
fi
echo ' defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
{ echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo ' customLimits: {';
echo ' },';
echo '';
echo ' adminEmail: false,';
echo '';
echo " storage: './storage/file',";
echo '';
echo " filePath: './datastore/',";
echo " pinPath: './pins',";
echo " blobPath: './blob',";
echo " blobStagingPath: './blobstage',";
echo ' channelExpirationMs: 30000,';
echo ' openFileLimit: 1024,';
echo " rpc: './rpc.js',";
echo ' suppressRPCErrors: false,';
echo ' enableUploads: true,';
echo ' //restrictUploads: false,';
echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' //logFeedback: true,';
echo ' //logRPC: true,';
echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" != "mesh" ]]; then
chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js
chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi
}
function mesh_install_cryptpad {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
return
fi
if [ ! -d $rootdir/var/www/cryptpad ]; then
mkdir $rootdir/var/www/cryptpad
if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir "$rootdir/var/www/cryptpad"
fi
if [ -d $rootdir$CRYPTPAD_DIR ]; then
rm -rf $rootdir$CRYPTPAD_DIR
if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf "$rootdir$CRYPTPAD_DIR"
fi
git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR
git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
if [ ! -d $rootdir$CRYPTPAD_DIR ]; then
if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
@ -360,94 +360,94 @@ function mesh_install_cryptpad {
# an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd $rootdir$CRYPTPAD_DIR
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site
echo " listen 80 default_server;" >> $cryptpad_nginx_site
echo " server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Logs' >> $cryptpad_nginx_site
echo ' access_log /dev/null;' >> $cryptpad_nginx_site
echo ' error_log /dev/null;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Root' >> $cryptpad_nginx_site
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' index index.html;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
{ echo 'server {';
echo " listen 80 default_server;";
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }';
echo '';
echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location = /api/config {' >> $cryptpad_nginx_site
echo ' default_type text/javascript;' >> $cryptpad_nginx_site
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
echo '}' >> $cryptpad_nginx_site
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }';
echo '';
echo ' location ^~ /blob/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > "$cryptpad_nginx_site"
cd $rootdir$CRYPTPAD_DIR
cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_cryptpad
cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
#!/bin/bash
cd $CRYPTPAD_DIR
npm install --arch=$NPM_ARCH --build-from-source
@ -456,37 +456,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad
cp config.example.js config.js
EOF
chmod +x $rootdir/usr/bin/install_cryptpad
chmod +x "$rootdir/usr/bin/install_cryptpad"
chroot "$rootdir" /usr/bin/install_cryptpad
if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then
if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
rm $rootdir/usr/bin/install_cryptpad
rm "$rootdir/usr/bin/install_cryptpad"
cryptpad_create_config mesh
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service
echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service
echo '' >> $rootdir/etc/systemd/system/cryptpad.service
echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service
echo '' >> $rootdir/etc/systemd/system/cryptpad.service
echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service
}
@ -505,7 +505,7 @@ function install_cryptpad_main {
if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR
cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
cd $CRYPTPAD_DIR
cd $CRYPTPAD_DIR || exit 3468356385
git pull
else
function_check git_clone
@ -520,7 +520,7 @@ function install_cryptpad_main {
# an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad
cd $CRYPTPAD_DIR
cd $CRYPTPAD_DIR || exit 34683655
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
@ -529,87 +529,87 @@ function install_cryptpad_main {
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site
echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Logs' >> $cryptpad_nginx_site
echo ' access_log /dev/null;' >> $cryptpad_nginx_site
echo ' error_log /dev/null;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Root' >> $cryptpad_nginx_site
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' index index.html;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' if ($args ~ ver=) {' >> $cryptpad_nginx_site
echo ' set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo " if (\$args ~ ver=) {";
echo " set \$cacheControl max-age=31536000;";
echo ' }';
echo " add_header Cache-Control \$cacheControl;";
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }';
echo '';
echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location = /api/config {' >> $cryptpad_nginx_site
echo ' default_type text/javascript;' >> $cryptpad_nginx_site
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
echo '}' >> $cryptpad_nginx_site
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }';
echo '';
echo ' location ^~ /blob/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > $cryptpad_nginx_site
function_check nginx_ensite
nginx_ensite cryptpad
@ -623,7 +623,7 @@ function install_cryptpad {
install_cryptpad_main
cd $CRYPTPAD_DIR
cd $CRYPTPAD_DIR || exit 35483548
npm install
npm install -g bower@1.8.0
@ -639,22 +639,22 @@ function install_cryptpad {
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
echo '[Unit]' > /etc/systemd/system/cryptpad.service
echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service
echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service
echo 'After=network.target' >> /etc/systemd/system/cryptpad.service
echo '' >> /etc/systemd/system/cryptpad.service
echo '[Service]' >> /etc/systemd/system/cryptpad.service
echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service
echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service
echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service
echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service
echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service
echo '' >> /etc/systemd/system/cryptpad.service
echo '[Install]' >> /etc/systemd/system/cryptpad.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service
systemctl daemon-reload
systemctl start cryptpad.service
@ -664,7 +664,7 @@ function install_cryptpad {
cryptpad_generate_api_config
# install again
cd $CRYPTPAD_DIR
cd $CRYPTPAD_DIR || exit 73537453
su -c 'bower install' - cryptpad
systemctl restart nginx

109
src/freedombone-app-dlna
View File

@ -49,24 +49,27 @@ function logging_off_dlna {
function configure_interactive_dlna {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Media Menu" \
--radiolist $"Choose an operation:" 13 70 3 \
1 $"Attach a drive containing playable media" off \
2 $"Remove a drive containing playable media" off \
3 $"Exit" on 2> $data
3 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
1) rm -f "$data"
break;;
255) rm -f "$data"
break;;
esac
case $(cat $data) in
1) attach-music;;
2) remove-music;;
3) break;;
3) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
@ -95,19 +98,19 @@ function configure_firewall_for_dlna {
firewall_add DLNA 1900 udp
firewall_add DLNA 8200 tcp
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/dlna.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/dlna.service
echo '<service-group>' >> /etc/avahi/services/dlna.service
echo ' <name replace-wildcards="yes">%h DLNA</name>' >> /etc/avahi/services/dlna.service
echo ' <service>' >> /etc/avahi/services/dlna.service
echo ' <type>_dlna._tcp</type>' >> /etc/avahi/services/dlna.service
echo " <port>8200</port>" >> /etc/avahi/services/dlna.service
echo ' </service>' >> /etc/avahi/services/dlna.service
echo ' <service>' >> /etc/avahi/services/dlna.service
echo ' <type>_dlna._udp</type>' >> /etc/avahi/services/dlna.service
echo " <port>1900</port>" >> /etc/avahi/services/dlna.service
echo ' </service>' >> /etc/avahi/services/dlna.service
echo '</service-group>' >> /etc/avahi/services/dlna.service
{ echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>';
echo ' <name replace-wildcards="yes">%h DLNA</name>';
echo ' <service>';
echo ' <type>_dlna._tcp</type>';
echo " <port>8200</port>";
echo ' </service>';
echo ' <service>';
echo ' <type>_dlna._udp</type>';
echo " <port>1900</port>";
echo ' </service>';
echo '</service-group>'; } > /etc/avahi/services/dlna.service
systemctl restart avahi-daemon
@ -125,7 +128,7 @@ function backup_local_dlna {
function restore_local_dlna {
if [ -d /var/cache/minidlna ]; then
if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then
if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then
echo $"Restoring DLNA cache"
temp_restore_dir=/root/tempdlna
function_check restore_directory_from_usb
@ -135,6 +138,7 @@ function restore_local_dlna {
else
cp -r $temp_restore_dir/* /var/cache/minidlna/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
@ -156,7 +160,7 @@ function backup_remote_dlna {
function restore_remote_dlna {
if [ -d /var/cache/minidlna ]; then
if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then
temp_restore_dir=/root/tempdlna
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir dlna
@ -165,6 +169,7 @@ function restore_remote_dlna {
else
cp -r $temp_restore_dir/* /var/cache/minidlna/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 982
fi
@ -201,7 +206,7 @@ function install_dlna_main {
exit 55
fi
if [ ! $USB_MOUNT_DLNA ]; then
if [ ! "$USB_MOUNT_DLNA" ]; then
USB_MOUNT_DLNA=/mnt/dlna
fi
if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then
@ -242,7 +247,7 @@ function install_dlna_main {
systemctl reload minidlna
sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
if ! grep -q "max_user_watches" $COMPLETION_FILE; then
if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then
echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
fi
/sbin/sysctl -p -q
@ -256,37 +261,37 @@ function script_for_attaching_usb_drive {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
echo '#!/bin/bash' > /usr/bin/attach-music
echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music
echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music
echo '' >> /usr/bin/attach-music
echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music
echo 'do' >> /usr/bin/attach-music
echo ' source $f' >> /usr/bin/attach-music
echo 'done' >> /usr/bin/attach-music
echo '' >> /usr/bin/attach-music
echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music
echo 'detect_usb_drive' >> /usr/bin/attach-music
echo '' >> /usr/bin/attach-music
echo 'remove-music' >> /usr/bin/attach-music
echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music
echo " mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music
echo 'fi' >> /usr/bin/attach-music
echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music
echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music
echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music
echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music
echo 'systemctl restart minidlna' >> /usr/bin/attach-music
echo 'minidlnad -R' >> /usr/bin/attach-music
echo 'exit 0' >> /usr/bin/attach-music
{ echo '#!/bin/bash';
echo "source /usr/local/bin/${PROJECT_NAME}-vars";
echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*";
echo '';
echo "for f in \$UTILS_FILES";
echo 'do';
echo " source \$f";
echo 'done';
echo '';
echo 'USB_DRIVE=/dev/sda1';
echo 'detect_usb_drive';
echo '';
echo 'remove-music';
echo "if [ ! -d $USB_MOUNT_DLNA ]; then";
echo " mkdir $USB_MOUNT_DLNA";
echo 'fi';
echo -n "mount \$USB_DRIVE ";
echo "$USB_MOUNT_DLNA";
echo "chown root:root $USB_MOUNT_DLNA";
echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*";
echo 'systemctl restart minidlna';
echo 'minidlnad -R';
echo 'exit 0'; } > /usr/bin/attach-music
chmod +x /usr/bin/attach-music
echo '#!/bin/bash' > /usr/bin/remove-music
echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music
echo " umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music
echo " rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music
echo 'fi' >> /usr/bin/remove-music
echo 'exit 0' >> /usr/bin/remove-music
{ echo '#!/bin/bash';
echo "if [ -d $USB_MOUNT_DLNA ]; then";
echo " umount $USB_MOUNT_DLNA";
echo " rm -rf $USB_MOUNT_DLNA";
echo 'fi';
echo 'exit 0'; } > /usr/bin/remove-music
chmod +x /usr/bin/remove-music
mark_completed "${FUNCNAME[0]}"

500
src/freedombone-app-dokuwiki
View File

@ -75,18 +75,18 @@ function change_password_dokuwiki {
new_user_password="$2"
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
if [[ "$existing_user" == *":admin,"* ]]; then
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
else
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
fi
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
"${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password"
fi
}
@ -96,21 +96,21 @@ function add_user_dokuwiki {
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
"${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password"
}
function remove_user_dokuwiki {
remove_username="$1"
read_config_param "DOKUWIKI_DOMAIN_NAME"
if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki
fi
}
@ -120,7 +120,7 @@ function reconfigure_dokuwiki {
function upgrade_dokuwiki {
function_check set_repo_commit
set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
}
function backup_local_dokuwiki {
@ -129,18 +129,18 @@ function backup_local_dokuwiki {
function_check backup_directory_to_usb
# backup the data
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
if [ -d $source_directory ]; then
source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
if [ -d "$source_directory" ]; then
dest_directory=dokuwikidat
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
fi
# backup the users
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
if [ -d $source_directory ]; then
source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl"
if [ -d "$source_directory" ]; then
dest_directory=dokuwikiacl
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
backup_directory_to_usb $source_directory $dest_directory
cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
backup_directory_to_usb "$source_directory" "$dest_directory"
fi
}
@ -153,11 +153,12 @@ function restore_local_dokuwiki {
temp_restore_dir=/root/tempdokuwikidat
function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikidat
if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then
cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then
cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
else
cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb
set_user_permissions
@ -172,13 +173,14 @@ function restore_local_dokuwiki {
temp_restore_dir=/root/tempdokuwikiacl
function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then
cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
else
cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb
set_user_permissions
@ -189,21 +191,21 @@ function restore_local_dokuwiki {
fi
rm -rf ${temp_restore_dir}
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
echo $"Restore of Dokuwiki complete"
}
function backup_remote_dokuwiki {
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then
echo $"Backing up dokuwiki"
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat
cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl
fi
}
@ -212,15 +214,16 @@ function restore_remote_dokuwiki {
function_check get_completion_param
function_check restore_directory_from_friend
if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then
echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
temp_restore_dir=/root/tempdokuwikidat
restore_directory_from_friend $temp_restore_dir dokuwikidat
if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then
cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then
cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
else
cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 92634
fi
@ -229,15 +232,16 @@ function restore_remote_dokuwiki {
echo $"Restore of Dokuwiki data complete"
fi
if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then
echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
temp_restore_dir=/root/tempdokuwikiacl
restore_directory_from_friend $temp_restore_dir dokuwikiacl
if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then
cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then
cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
else
cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 735287
fi
@ -246,11 +250,11 @@ function restore_remote_dokuwiki {
echo $"Restore of Dokuwiki users complete"
fi
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data"
chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib"
chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
}
function remove_dokuwiki {
@ -259,13 +263,13 @@ function remove_dokuwiki {
fi
function_check remove_onion_service
remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}
nginx_dissite $DOKUWIKI_DOMAIN_NAME
remove_certs $DOKUWIKI_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_dissite "$DOKUWIKI_DOMAIN_NAME"
remove_certs "$DOKUWIKI_DOMAIN_NAME"
if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
fi
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME"
fi
if [ -d /var/lib/dokuwiki ]; then
rm -rf /var/lib/dokuwiki
@ -278,14 +282,14 @@ function remove_dokuwiki {
fi
remove_completion_param "install_dokuwiki"
remove_completion_param "dokuwiki domain"
sed -i '/dokuwiki/d' $COMPLETION_FILE
sed -i '/dokuwiki/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain $DOKUWIKI_DOMAIN_NAME
remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
}
function install_dokuwiki {
if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then
return
fi
@ -293,25 +297,25 @@ function install_dokuwiki {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME"
fi
if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
cd /var/www/$DOKUWIKI_DOMAIN_NAME
if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then
cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824
if [ -d /repos/dokuwiki ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462
git pull
else
function_check git_clone
git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
fi
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832
git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT"
set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
fi
@ -322,40 +326,40 @@ function install_dokuwiki {
echo $'Removed Apache installation after Dokuwiki install'
fi
echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
{ echo '<?php';
echo "\$conf['title'] = '${DOKUWIKI_TITLE}';";
echo "\$conf['lang'] = 'en';";
echo "\$conf['license'] = 'cc-by-sa';";
echo "\$conf['useacl'] = 1;";
echo "\$conf['superuser'] = '@admin';";
echo "\$conf['disableactions'] = 'register';"; } > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php"
chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
if [ -f $IMAGE_PASSWORD_FILE ]; then
DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then
DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then
DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
echo 'ogv video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'ogv video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi
if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
echo 'mp4 video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'mp4 video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi
if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
echo 'webm video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'webm video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi
DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@ -363,178 +367,178 @@ function install_dokuwiki {
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $DOKUWIKI_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
echo " server_name $DOKUWIKI_DOMAIN_NAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl $DOKUWIKI_DOMAIN_NAME
nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_limits "$DOKUWIKI_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_limits "$DOKUWIKI_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
else
echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
fi
echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
{ echo 'server {';
echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;";
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
echo " server_name $DOKUWIKI_ONION_HOSTNAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_limits "$DOKUWIKI_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_limits "$DOKUWIKI_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check create_site_certificate
create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes'
create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes'
function_check configure_php
configure_php
nginx_ensite $DOKUWIKI_DOMAIN_NAME
nginx_ensite "$DOKUWIKI_DOMAIN_NAME"
systemctl restart php7.0-fpm
systemctl restart nginx
function_check add_ddns_domain
add_ddns_domain $DOKUWIKI_DOMAIN_NAME
add_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
APP_INSTALLED=1
}

267
src/freedombone-app-edith
View File

@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME
function remove_bad_links_edith {
read_config_param EDITH_DOMAIN_NAME
edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs
edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs"
# copy jquery locally
jquery_version='1.12.4'
if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then
cd $edith_dir
cd $edith_dir || exit 246824628
wget https://code.jquery.com/jquery-${jquery_version}.js
if [ -f $edith_dir/jquery-${jquery_version}.js ]; then
jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
@ -79,9 +79,9 @@ function change_password_edith {
new_user_password="$2"
sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd
echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username}
echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}"
${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password"
}
function logging_on_edith {
@ -102,21 +102,20 @@ function edith_enable_login {
dialog --title $"Enable Edith login" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60
--yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60
sel=$?
case $sel in
0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
systemctl restart nginx
fi
read_config_param $MY_USERNAME
EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith)
read_config_param "$MY_USERNAME"
EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith)
dialog --title $"Enable Edith login" \
--msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65
EDITH__PASSWORD=
;;
1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
systemctl restart nginx
fi
dialog --title $"Disable Edith login" \
@ -127,31 +126,34 @@ function edith_enable_login {
function edith_browse {
read_config_param EDITH_DOMAIN_NAME
cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data
editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data
cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642
editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
}
function configure_interactive_edith {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Edith" \
--radiolist $"Choose an operation:" 10 50 3 \
1 $"Enable login" off \
2 $"Browse notes" off \
3 $"Exit" on 2> $data
3 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
1) rm -f "$data"
break;;
255) rm -f "$data"
break;;
esac
case $(cat $data) in
case $(cat "$data") in
1) edith_enable_login;;
2) edith_browse;;
3) break;;
3) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
@ -165,24 +167,24 @@ function upgrade_edith {
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO
set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO"
remove_bad_links_edith
chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
}
function backup_local_edith {
read_config_param EDITH_DOMAIN_NAME
function_check suspend_site
suspend_site ${EDITH_DOMAIN_NAME}
suspend_site "${EDITH_DOMAIN_NAME}"
source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check backup_directory_to_usb
dest_directory=edith
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
function_check restart_site
restart_site
@ -192,12 +194,12 @@ function restore_local_edith {
read_config_param EDITH_DOMAIN_NAME
temp_restore_dir=/root/tempedith
edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir edith
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$edith_dir ]; then
if [ -d $temp_restore_dir$edith_dir ]; then
cp -rp $temp_restore_dir$edith_dir $edith_dir/
else
if [ ! -d $edith_dir ]; then
@ -215,13 +217,13 @@ function backup_remote_edith {
read_config_param EDITH_DOMAIN_NAME
function_check suspend_site
suspend_site ${EDITH_DOMAIN_NAME}
suspend_site "${EDITH_DOMAIN_NAME}"
source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check backup_directory_to_friend
dest_directory=edith
backup_directory_to_friend $source_directory $dest_directory
backup_directory_to_friend "$source_directory" "$dest_directory"
function_check restart_site
restart_site
@ -231,12 +233,12 @@ function restore_remote_edith {
read_config_param EDITH_DOMAIN_NAME
temp_restore_dir=/root/tempedith
edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir edith
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$edith_dir ]; then
if [ -d $temp_restore_dir$edith_dir ]; then
cp -rp $temp_restore_dir$edith_dir $edith_dir/
else
if [ ! -d $edith_dir ]; then
@ -253,17 +255,17 @@ function restore_remote_edith {
function remove_edith {
nginx_dissite $EDITH_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
fi
if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then
rm -rf /var/www/$EDITH_DOMAIN_NAME
if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then
rm -rf "/var/www/$EDITH_DOMAIN_NAME"
fi
function_check remove_onion_service
remove_onion_service edith ${EDITH_ONION_PORT}
sed -i '/edith/d' $COMPLETION_FILE
sed -i '/edith/d' "$COMPLETION_FILE"
if [ -f /etc/nginx/.edithpasswd ]; then
rm /etc/nginx/.edithpasswd
@ -286,26 +288,26 @@ function install_edith {
function_check install_nodejs
install_nodejs edith
if [ ! ${EDITH_PASSWORD} ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ ! "${EDITH_PASSWORD}" ]; then
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs
if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then
rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs"
fi
if [ -d /repos/edith ]; then
mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs
cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs
cd /var/www/$EDITH_DOMAIN_NAME/htdocs
mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs"
cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs"
cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462
git pull
else
function_check git_clone
git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs
git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs"
fi
if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
@ -313,102 +315,102 @@ function install_edith {
exit 537593569
fi
cd /var/www/$EDITH_DOMAIN_NAME/htdocs
git checkout $EDITH_COMMIT -b $EDITH_COMMIT
cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248
git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT"
set_completion_param "edith commit" "$EDITH_COMMIT"
if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then
mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data
if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then
mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
fi
EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT})
edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php"
echo 'server {' >> $edith_nginx_site
echo ' listen 443 ssl;' >> $edith_nginx_site
echo ' #listen [::]:443 ssl;' >> $edith_nginx_site
echo " server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site
echo '' >> $edith_nginx_site
nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $EDITH_DOMAIN_NAME;";
echo ''; } >> "$edith_nginx_site"
function_check nginx_compress
nginx_compress $EDITH_DOMAIN_NAME
echo '' >> $edith_nginx_site
echo ' # Security' >> $edith_nginx_site
nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> "$edith_nginx_site"
echo ' # Security' >> "$edith_nginx_site"
function_check nginx_ssl
nginx_ssl $EDITH_DOMAIN_NAME
nginx_ssl "$EDITH_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $EDITH_DOMAIN_NAME
nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' access_log /dev/null;' >> $edith_nginx_site
echo ' error_log /dev/null;' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' index index.php;' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' # PHP' >> $edith_nginx_site
echo ' location ~ \.php {' >> $edith_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site
echo ' }' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' # Location' >> $edith_nginx_site
echo ' location / {' >> $edith_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.php;';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$edith_nginx_site"
function_check nginx_limits
nginx_limits $EDITH_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
echo ' }' >> $edith_nginx_site
echo '}' >> $edith_nginx_site
nginx_limits "$EDITH_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ /index.php?\$args;";
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;';
echo ' }';
echo '}'; } >> "$edith_nginx_site"
else
echo -n '' > $edith_nginx_site
echo -n '' > "$edith_nginx_site"
fi
echo 'server {' >> $edith_nginx_site
echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site
echo " server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site
echo '' >> $edith_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;";
echo " server_name $EDITH_ONION_HOSTNAME;";
echo ''; } >> "$edith_nginx_site"
function_check nginx_compress
nginx_compress $EDITH_DOMAIN_NAME
echo '' >> $edith_nginx_site
nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> "$edith_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing $EDITH_DOMAIN_NAME
echo '' >> $edith_nginx_site
echo ' access_log /dev/null;' >> $edith_nginx_site
echo ' error_log /dev/null;' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' index index.php;' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' # PHP' >> $edith_nginx_site
echo ' location ~ \.php {' >> $edith_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site
echo ' }' >> $edith_nginx_site
echo '' >> $edith_nginx_site
echo ' # Location' >> $edith_nginx_site
echo ' location / {' >> $edith_nginx_site
nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
{ echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.php;';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$edith_nginx_site"
function_check nginx_limits
nginx_limits $EDITH_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
echo ' }' >> $edith_nginx_site
echo '}' >> $edith_nginx_site
{ echo " try_files \$uri \$uri/ /index.php?\$args;";
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;';
echo ' }';
echo '}'; } >> "$edith_nginx_site"
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $EDITH_DOMAIN_NAME 'yes'
create_site_certificate "$EDITH_DOMAIN_NAME" 'yes'
# create a password for users
if [ ! -f /etc/nginx/.edithpasswd ]; then
@ -417,24 +419,23 @@ function install_edith {
if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then
sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd
fi
echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME
echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME"
if [ ! -f /etc/nginx/.edithpasswd ]; then
echo $'/etc/nginx/.edithpasswd not found'
exit 6537683563
fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD"
cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess
cd /var/www/$EDITH_DOMAIN_NAME/htdocs
cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess"
cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468
npm install -g coffeescript uglify-js
cake build
if [ ! "$?" = "0" ]; then
if ! cake build; then
echo $'Unable to build Edith'
exit 7396483635
fi
cp config.example.php config.php
if [[ $ONION_ONLY == "no" ]]; then
if [[ "$ONION_ONLY" == "no" ]]; then
sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php
else
sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php
@ -445,20 +446,20 @@ function install_edith {
remove_bad_links_edith
chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
nginx_ensite $EDITH_DAEMON_NAME
chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
nginx_ensite "$EDITH_DAEMON_NAME"
systemctl restart nginx
APP_INSTALLED=1
}
function install_interactive_edith {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
if [[ "$ONION_ONLY" != "no" ]]; then
GHOST_DOMAIN_NAME='edith.local'
write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
else

292
src/freedombone-app-emacs
View File

@ -57,13 +57,13 @@ function backup_local_emacs {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/.emacs.d ]; then
if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
if [ -f "/home/$USERNAME/.emacs" ]; then
cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi
function_check backup_directory_to_usb
backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME
backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
fi
fi
done
@ -71,24 +71,25 @@ function backup_local_emacs {
function restore_local_emacs {
temp_restore_dir=/root/tempemacs
if [ -d $USB_MOUNT/backup/emacs ]; then
if [ -d "$USB_MOUNT/backup/emacs" ]; then
for d in $USB_MOUNT/backup/emacs/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
if [ ! -d "/home/$USERNAME" ]; then
"${PROJECT_NAME}-adduser" "$USERNAME"
fi
echo $"Restoring Emacs config for $USERNAME"
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
else
if [ ! -d /home/$USERNAME/.emacs.d ]; then
mkdir /home/$USERNAME/.emacs.d
if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
mkdir "/home/$USERNAME/.emacs.d"
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d
cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
@ -97,10 +98,10 @@ function restore_local_emacs {
backup_unmount_drive
exit 664
fi
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
else
cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
fi
rm -rf $temp_restore_dir
fi
@ -112,13 +113,13 @@ function backup_remote_emacs {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/.emacs.d ]; then
if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
if [ -f "/home/$USERNAME/.emacs" ]; then
cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi
function_check backup_directory_to_friend
backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME
backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
fi
fi
done
@ -126,24 +127,25 @@ function backup_remote_emacs {
function restore_remote_emacs {
temp_restore_dir=/root/tempemacs
if [ -d $USB_MOUNT/backup/emacs ]; then
if [ -d "$USB_MOUNT/backup/emacs" ]; then
for d in $USB_MOUNT/backup/emacs/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
if [ ! -d "/home/$USERNAME" ]; then
"${PROJECT_NAME}-adduser" "$USERNAME"
fi
echo $"Restoring Emacs config for $USERNAME"
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir emacs/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
else
if [ ! -d /home/$USERNAME/.emacs.d ]; then
mkdir /home/$USERNAME/.emacs.d
if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
mkdir "/home/$USERNAME/.emacs.d"
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/*
cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
@ -152,10 +154,10 @@ function restore_remote_emacs {
backup_unmount_drive
exit 664
fi
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
else
cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
fi
rm -rf $temp_restore_dir
fi
@ -166,7 +168,7 @@ function restore_remote_emacs {
function remove_emacs {
apt-get -yq remove --purge emacs
update-alternatives --set editor /usr/bin/nano
sed -i '/install_emacs/d' $COMPLETION_FILE
sed -i '/install_emacs/d' "$COMPLETION_FILE"
# remove emacs as the mutt email editor
if [ -f /etc/Muttrc ]; then
@ -176,9 +178,9 @@ function remove_emacs {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then
if grep -q "set editor=" /home/$USERNAME/.muttrc; then
sed -i '/set editor=/d' /home/$USERNAME/.muttrc
if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
fi
fi
fi
@ -194,74 +196,74 @@ function install_emacs {
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
#echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
cp /home/$MY_USERNAME/.emacs /root/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
{ echo $';; ===== Remove trailing whitepace ======================================';
echo '';
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '';
echo ';; Goto a line number with CTRL-l';
echo -n '(global-set-key "\C-l" ';
echo "'goto-line)";
echo '';
echo $';; ===== Show line numbers ==============================================';
echo '';
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))";
echo '';
echo $';; ===== Enable line wrapping in org-mode ===============================';
echo '';
echo " (add-hook 'org-mode-hook";
echo " '(lambda ()";
echo " (visual-line-mode 1)))";
echo '';
echo $';; ===== Enable shift select in org mode ================================';
echo '';
echo '(setq org-support-shift-select t)';
echo '';
echo $';; ===== Set standard indent to 4 rather that 4 =========================';
echo '';
echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)';
echo '';
echo $';; ===== Support Wheel Mouse Scrolling ==================================';
echo '';
echo '(mouse-wheel-mode t)';
echo '';
echo $';; ===== Place Backup Files in Specific Directory =======================';
echo '';
echo '(setq make-backup-files t)';
echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo '';
echo $';; ===== Make Text mode the default mode for new buffers ================';
echo '';
echo "(setq default-major-mode 'text-mode)";
echo '';
echo $';; ===== Line length ====================================================';
echo '';
echo '(setq-default fill-column 72)';
echo '';
echo $';; ===== Enable Line and Column Numbering ===============================';
echo '';
echo '(line-number-mode 1)';
echo '(column-number-mode 1)';
echo '';
echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============';
echo '';
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of';
echo ';; newlines when the cursor goes over the column limit.';
echo '';
echo ';; This should actually turn on auto-fill-mode by default in all major';
echo ';; modes. The other way to do this is to turn on the fill for specific modes';
echo ';; via hooks.';
echo '';
echo '(setq auto-fill-mode 1)';
echo '';
echo $';; ===== Enable GPG encryption =========================================';
echo '';
echo "(require 'epa)";
echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs"
cp "/home/$MY_USERNAME/.emacs" /root/.emacs
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs"
# add a mutt entry to use emacs to compose emails
if [ -f /etc/Muttrc ]; then
@ -273,92 +275,92 @@ function install_emacs {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then
if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc
if [ -f "/home/$USERNAME/.muttrc" ]; then
if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc"
else
sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc
sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc"
fi
fi
# create an Emacs configuration specifically for use with Mutt, which
# has word wrap and spell checking on by default
if [ ! -f /home/$USERNAME/.emacs-mutt ]; then
echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt
echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt
echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt
echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt
echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt
echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt
echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt
echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt
echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt
echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt
echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt
echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt
if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then
{ echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '(setq org-support-shift-select t)';
echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)';
echo '(mouse-wheel-mode t)';
echo '(setq make-backup-files t)';
echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo "(setq default-major-mode 'text-mode)";
echo "(dolist (hook '(text-mode-hook))";
echo ' (add-hook hook (lambda () (flyspell-mode 1))))';
echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt"
if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then
echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then
echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then
echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then
echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then
echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then
echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then
echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then
echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then
echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then
echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then
echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then
echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then
echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then
echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then
echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then
echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then
echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt"
fi
if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then
echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt
echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt"
fi
echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt
echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt
echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt
chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt
{ echo '(setq auto-fill-mode 0)';
echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt"
chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt"
# add the emacs mutt configuration to the user profile skeleton
if [ ! -f /etc/skel/.emacs-mutt ]; then
cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt
chown root:root /etc/skel/.emacs-mutt
fi
fi

76
src/freedombone-utils-go
View File

@ -51,7 +51,7 @@ function select_go_version {
else
sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
fi
cd $GVM_ROOT/bin
cd "$GVM_ROOT/bin" || exit 3873658
[[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
gvm use go${GO_VERSION} --default
@ -60,21 +60,21 @@ function select_go_version {
exit 629825
fi
systemctl set-environment GOPATH=$GOPATH
systemctl set-environment GOPATH="$GOPATH"
}
function mesh_upgrade_golang_from_source {
chroot "$rootdir" adduser --disabled-login --gecos 'go' ipfs
git clone $GO_REPO $rootdir/home/go/go${GO_VERSION}
cd $rootdir/home/go/go${GO_VERSION}
git checkout go${GO_VERSION} -b go${GO_VERSION}
git clone "$GO_REPO" "$rootdir/home/go/go${GO_VERSION}"
cd "$rootdir/home/go/go${GO_VERSION}" || exit 3463635
git checkout "go${GO_VERSION}" -b "go${GO_VERSION}"
git clone $GO_REPO $rootdir/home/go/go${GO_INTERMEDIATE_VERSION}
cd $rootdir/home/go/go${GO_INTERMEDIATE_VERSION}
git clone "$GO_REPO" "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}"
cd "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}" || exit 672845624
git checkout go${GO_INTERMEDIATE_VERSION} -b go${GO_INTERMEDIATE_VERSION}
cat <<EOF > ${rootdir}/root/upgrade_golang.sh
cat <<EOF > "${rootdir}/root/upgrade_golang.sh"
#!/bin/bash
apt-get -yq install build-essential libc6-dev
@ -119,20 +119,20 @@ systemctl set-environment GOROOT=\$GOROOT
exit 0
EOF
chroot ${rootdir} chmod +x /root/upgrade_golang.sh
chroot ${rootdir} /root/upgrade_golang.sh
if [ ! -f ${rootdir}/home/go/go${GO_VERSION}/bin/go ]; then
chroot "${rootdir}" chmod +x /root/upgrade_golang.sh
chroot "${rootdir}" /root/upgrade_golang.sh
if [ ! -f "${rootdir}/home/go/go${GO_VERSION}/bin/go" ]; then
echo $'Failed to upgrade golang'
cat ${rootdir}/root/upgrade_golang.sh
rm -f ${rootdir}/root/upgrade_golang.sh
cat "${rootdir}/root/upgrade_golang.sh"
rm -f "${rootdir}/root/upgrade_golang.sh"
exit 836535
fi
rm -f ${rootdir}/root/upgrade_golang.sh
rm -f "${rootdir}/root/upgrade_golang.sh"
}
function mesh_upgrade_golang {
prefix=
if [ $rootdir ]; then
if [ "$rootdir" ]; then
prefix="chroot $rootdir"
fi
$prefix adduser --disabled-login --gecos 'go' go
@ -177,43 +177,43 @@ function mesh_upgrade_golang {
fi
GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz
if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
chroot "$rootdir" mkdir -p ${INSTALL_DIR}
if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
chroot "$rootdir" mkdir -p "${INSTALL_DIR}"
fi
cd ${rootdir}${INSTALL_DIR}
if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
cd "${rootdir}${INSTALL_DIR}" || exit 236487365
if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
wget ${GO_SOURCE}
fi
if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
exit 26524
fi
$prefix tar -C /home/go -xzf ${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz
if [ ! -d ${rootdir}/home/go/go/bin ]; then
$prefix tar -C /home/go -xzf "${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz"
if [ ! -d "${rootdir}/home/go/go/bin" ]; then
echo 'Go binary not installed'
exit 763562
fi
mv ${rootdir}/home/go/go ${rootdir}/home/go/go${GO_VERSION}
echo "export GOROOT=/home/go" >> ${rootdir}/root/.bashrc
echo "export GOROOT=/home/go" >> ${rootdir}/etc/skel/.bashrc
echo "export GOROOT=/home/go" >> ${rootdir}/home/$MY_USERNAME/.bashrc
echo "export GOROOT=/home/go" >> ${rootdir}/home/go/.bashrc
mv "${rootdir}/home/go/go" "${rootdir}/home/go/go${GO_VERSION}"
echo "export GOROOT=/home/go" >> "${rootdir}/root/.bashrc"
echo "export GOROOT=/home/go" >> "${rootdir}/etc/skel/.bashrc"
echo "export GOROOT=/home/go" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
echo "export GOROOT=/home/go" >> "${rootdir}/home/go/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/root/.bashrc
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/etc/skel/.bashrc
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/$MY_USERNAME/.bashrc
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/go/.bashrc
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/root/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/etc/skel/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/go/.bashrc"
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/root/.bashrc
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/etc/skel/.bashrc
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/$MY_USERNAME/.bashrc
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/go/.bashrc
$prefix chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME
echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/root/.bashrc"
echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/etc/skel/.bashrc"
echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/go/.bashrc"
$prefix chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME"
$prefix chown -R go:go /home/go
cp ${rootdir}/home/go/go${GO_VERSION}/bin/* ${rootdir}/usr/bin
cp "${rootdir}/home/go/go${GO_VERSION}/bin/*" "${rootdir}/usr/bin"
}
function upgrade_golang {
if grep -Fxq "upgrade_golang:$GO_VERSION" $COMPLETION_FILE; then
if grep -Fxq "upgrade_golang:$GO_VERSION" "$COMPLETION_FILE"; then
return
fi

245
src/freedombone-utils-gpg
View File

@ -29,57 +29,57 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function gpg_update_mutt {
key_username=$1
key_username="$1"
if [ ! -f /home/$key_username/.muttrc ]; then
if [ ! -f "/home/$key_username/.muttrc" ]; then
return
fi
CURR_EMAIL_ADDRESS=$key_username@$HOSTNAME
CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf
if [ -f /home/$key_username/gpg.conf ]; then
if grep -q "default-key" /home/$key_username/gpg.conf; then
default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key")
if [ -f "/home/$key_username/gpg.conf" ]; then
if grep -q "default-key" "/home/$key_username/gpg.conf"; then
default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf")
if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf" | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then
CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi
fi
fi
fi
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
chown $key_username:$key_username /home/$key_username/.muttrc
chown "$key_username":"$key_username" "/home/$key_username/.muttrc"
}
function gpg_import_public_key {
key_username=$1
key_filename=$2
key_username="$1"
key_filename="$2"
gpg --homedir=/home/$key_username/.gnupg --import $key_filename
gpg_set_permissions $key_username
gpg --homedir="/home/$key_username/.gnupg" --import "$key_filename"
gpg_set_permissions "$key_username"
}
function gpg_import_private_key {
key_username=$1
key_filename=$2
key_username="$1"
key_filename="$2"
gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename
gpg_set_permissions $key_username
gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$key_filename"
gpg_set_permissions "$key_username"
}
function gpg_export_public_key {
key_username=$1
key_id=$2
key_filename=$3
key_username="$1"
key_id="$2"
key_filename="$3"
chown -R $key_username:$key_username /home/$key_username/.gnupg
su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username
chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - "$key_username"
}
function gpg_export_private_key {
@ -87,68 +87,68 @@ function gpg_export_private_key {
key_id=$2
key_filename=$3
chown -R $key_username:$key_username /home/$key_username/.gnupg
su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username
chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - "$key_username"
}
function gpg_create_key {
key_username=$1
key_passphrase=$2
key_username="$1"
key_passphrase="$2"
gpg_dir=/home/$key_username/.gnupg
gpg_dir="/home/$key_username/.gnupg"
echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf
echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf
echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$key_username/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf
cat /home/$key_username/gpg-genkey.conf
if [ $key_passphrase ]; then
echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf
{ echo 'Key-Type: eddsa';
echo 'Key-Curve: Ed25519';
echo 'Subkey-Type: eddsa';
echo 'Subkey-Curve: Ed25519';
echo "Name-Real: $MY_NAME";
echo "Name-Email: $MY_EMAIL_ADDRESS";
echo 'Expire-Date: 0'; } > "/home/$key_username/gpg-genkey.conf"
cat "/home/$key_username/gpg-genkey.conf"
if [ "$key_passphrase" ]; then
echo "Passphrase: $key_passphrase" >> "/home/$key_username/gpg-genkey.conf"
else
echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf
echo "Passphrase: $PROJECT_NAME" >> "/home/$key_username/gpg-genkey.conf"
fi
chown $key_username:$key_username /home/$key_username/gpg-genkey.conf
chown "$key_username":"$key_username" "/home/$key_username/gpg-genkey.conf"
echo $'Generating a new GPG key'
su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username
chown -R $key_username:$key_username /home/$key_username/.gnupg
su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - "$key_username"
chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
KEY_EXISTS=$(gpg_key_exists "$key_username" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
exit 63621
fi
shred -zu /home/$key_username/gpg-genkey.conf
shred -zu "/home/$key_username/gpg-genkey.conf"
CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
exit 825292
fi
gpg_set_permissions $key_username
gpg_set_permissions "$key_username"
}
function gpg_delete_key {
key_username=$1
key_id=$2
key_username="$1"
key_id="$2"
chown -R $key_username:$key_username /home/$key_username/.gnupg
su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - $key_username
su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - $key_username
chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - "$key_username"
su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - "$key_username"
}
function gpg_set_permissions {
key_username=$1
if [[ "$key_username" != 'root' ]]; then
chmod 700 /home/$key_username/.gnupg
chmod -R 600 /home/$key_username/.gnupg/*
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr
if [ -d /home/$key_username/.gnupg/crls.d ]; then
chmod +x /home/$key_username/.gnupg/crls.d
chmod 700 "/home/$key_username/.gnupg"
chmod -R 600 "/home/$key_username/.gnupg/*"
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$key_username/.gnupg/S.dirmngr"
if [ -d "/home/$key_username/.gnupg/crls.d" ]; then
chmod +x "/home/$key_username/.gnupg/crls.d"
fi
chown -R $key_username:$key_username /home/$key_username/.gnupg
chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
else
chmod 700 /root/.gnupg
chmod -R 600 /root/.gnupg/*
@ -156,7 +156,7 @@ function gpg_set_permissions {
if [ -d /root/.gnupg/crls.d ]; then
chmod +x /root/.gnupg/crls.d
fi
chown -R $key_username:$key_username /root/.gnupg
chown -R "$key_username":"$key_username" /root/.gnupg
fi
}
@ -164,22 +164,22 @@ function gpg_reconstruct_key {
key_username=$1
key_interactive=$2
if [ ! -d /home/$key_username/.gnupg_fragments ]; then
if [ ! -d "/home/$key_username/.gnupg_fragments" ]; then
return
fi
cd /home/$key_username/.gnupg_fragments
cd "/home/$key_username/.gnupg_fragments" || exit 3468346
# shellcheck disable=SC2012
no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
if (( no_of_shares < 4 )); then
if [ $key_interactive ]; then
if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
else
echo $'Not enough fragments to reconstruct the key'
fi
exit 7348
fi
gfcombine /home/$key_username/.gnupg_fragments/keyshare*
if [ ! "$?" = "0" ]; then
if [ $key_interactive ]; then
if ! gfcombine "/home/$key_username/.gnupg_fragments/keyshare*"; then
if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
else
echo $'Unable to reconstruct the key'
@ -188,8 +188,8 @@ function gpg_reconstruct_key {
fi
KEYS_FILE=/home/$key_username/.gnupg_fragments/keyshare.asc
if [ ! -f $KEYS_FILE ]; then
if [ $key_interactive ]; then
if [ ! -f "$KEYS_FILE" ]; then
if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
else
echo $'Unable to reconstruct the key'
@ -197,22 +197,21 @@ function gpg_reconstruct_key {
exit 52852
fi
gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $KEYS_FILE
if [ ! "$?" = "0" ]; then
shred -zu $KEYS_FILE
rm -rf /home/$key_username/.tempgnupg
if [ $key_interactive ]; then
if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
shred -zu "$KEYS_FILE"
rm -rf "/home/$key_username/.tempgnupg"
if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
else
echo $'Unable to import gpg key'
fi
exit 96547
fi
shred -zu $KEYS_FILE
shred -zu "$KEYS_FILE"
gpg_set_permissions $key_username
gpg_set_permissions "$key_username"
if [ $key_interactive ]; then
if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70
else
echo $'Key has been reconstructed'
@ -224,9 +223,9 @@ function gpg_agent_setup {
if [[ $gpg_username == 'root' ]]; then
if ! grep -q 'GPG_TTY' /root/.bashrc; then
echo '' >> /root/.bashrc
echo 'GPG_TTY=$(tty)' >> /root/.bashrc
echo 'export GPG_TTY' >> /root/.bashrc
{ echo '';
echo "GPG_TTY=\$(tty)";
echo 'export GPG_TTY'; } >> /root/.bashrc
fi
if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
@ -234,37 +233,37 @@ function gpg_agent_setup {
if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
echo 'use-agent' >> /root/.gnupg/gpg.conf
fi
echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
{ echo 'default-cache-ttl 300';
echo 'max-cache-ttl 999999';
echo 'allow-loopback-pinentry'; } > /root/.gnupg/gpg-agent.conf
if [ -f /root/.gnupg/S.dirmngr ]; then
rm /root/.gnupg/S.dirmngr
fi
echo RELOADAGENT | gpg-connect-agent
else
if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
echo '' >> /home/$gpg_username/.bashrc
echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc
echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
if ! grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
{ echo '';
echo "GPG_TTY=\$(tty)";
echo 'export GPG_TTY'; } >> "/home/$gpg_username/.bashrc"
chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
fi
if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
if grep -q '# use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
sed -i 's|# use-agent|use-agent|g' "/home/$gpg_username/.gnupg/gpg.conf"
fi
if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
if ! grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
echo 'use-agent' >> "/home/$gpg_username/.gnupg/gpg.conf"
fi
if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
if ! grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
echo 'pinentry-mode loopback' >> "/home/$gpg_username/.gnupg/gpg.conf"
fi
echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
rm /home/$gpg_username/.gnupg/S.dirmngr
echo 'default-cache-ttl 300' > "/home/$gpg_username/.gnupg/gpg-agent.conf"
echo 'max-cache-ttl 999999' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
echo 'allow-loopback-pinentry' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
if [ -f "/home/$gpg_username/.gnupg/S.dirmngr" ]; then
rm "/home/$gpg_username/.gnupg/S.dirmngr"
fi
if [[ "$gpg_username" != "$USER" ]]; then
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
else
echo RELOADAGENT | gpg-connect-agent
fi
@ -277,21 +276,21 @@ function gpg_agent_enable {
if [[ $gpg_username == 'root' ]]; then
return
else
if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
if grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
sed -i '/GPG_TTY/d' "/home/$gpg_username/.bashrc"
chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
fi
if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf
if grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
sed -i '/use-agent/d' "/home/$gpg_username/.gnupg/gpg.conf"
fi
if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf
if grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
sed -i '/pinentry-mode loopback/d' "/home/$gpg_username/.gnupg/gpg.conf"
fi
if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
rm /home/$gpg_username/.gnupg/gpg-agent.conf
if [ -f "/home/$gpg_username/.gnupg/gpg-agent.conf" ]; then
rm "/home/$gpg_username/.gnupg/gpg-agent.conf"
fi
if [[ "$gpg_username" != "$USER" ]]; then
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
else
echo RELOADAGENT | gpg-connect-agent
fi
@ -303,46 +302,46 @@ function gpg_pubkey_from_email {
key_email_address=$2
key_id=
if [[ $key_owner_username != "root" ]]; then
key_id=$(su -c "gpg --list-keys $key_email_address" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')
key_id=$(su -c "gpg --list-keys $key_email_address" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf
if [ -f /home/$key_owner_username/gpg.conf ]; then
if grep -q "default-key" /home/$key_owner_username/gpg.conf; then
default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key")
if [ -f "/home/$key_owner_username/gpg.conf" ]; then
if grep -q "default-key" "/home/$key_owner_username/gpg.conf"; then
default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf")
if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf" | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then
key_id=$(su -c "gpg --list-keys $default_gpg_key" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')
key_id=$(su -c "gpg --list-keys $default_gpg_key" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
fi
fi
fi
fi
else
key_id=$(gpg --list-keys $key_email_address | sed -n '2p' | sed 's/^[ \t]*//')
key_id=$(gpg --list-keys "$key_email_address" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf
if [ -f /root/gpg.conf ]; then
if grep -q "default-key" /root/gpg.conf; then
default_gpg_key=$(cat /root/gpg.conf | grep "default-key")
default_gpg_key=$(grep "default-key" /root/gpg.conf)
if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat /root/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
default_gpg_key=$(grep "default-key" /root/gpg.conf | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then
key_id=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
key_id=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi
fi
fi
fi
fi
echo $key_id
echo "$key_id"
}
function enable_email_encryption_at_rest {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then
sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc
sed -i 's|#:0 f|:0 f|g' /home/$USERNAME/.procmailrc
if grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
sed -i 's|#:0 f|:0 f|g' "/home/$USERNAME/.procmailrc"
fi
fi
done
@ -357,9 +356,9 @@ function disable_email_encryption_at_rest {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if ! grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then
sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc
sed -i 's|:0 f|#:0 f|g' /home/$USERNAME/.procmailrc
if ! grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
sed -i 's|:0 f|#:0 f|g' "/home/$USERNAME/.procmailrc"
fi
fi
done

34
src/freedombone-utils-guile
View File

@ -37,14 +37,14 @@ EIGHTSYNC_COMMIT='8cbb7f22227c0afdd3b0bd758ebec0efba2fa1e1'
function install_8sync {
apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir "$INSTALL_DIR"
fi
cd $INSTALL_DIR
cd "$INSTALL_DIR" || exit 67832456
git_clone $EIGHTSYNC_REPO $INSTALL_DIR/eightsync
cd $INSTALL_DIR/eightsync
git checkout ${EIGHTSYNC_COMMIT} -b ${EIGHTSYNC_COMMIT}
git_clone "$EIGHTSYNC_REPO" "$INSTALL_DIR/eightsync"
cd "$INSTALL_DIR/eightsync" || exit 23468346
git checkout "${EIGHTSYNC_COMMIT}" -b "${EIGHTSYNC_COMMIT}"
export GUILE_BASE_PATH=/opt/guile-${GUILE_VERSION}
export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include"
@ -67,31 +67,31 @@ function install_guile {
apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo lzip wget
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir "$INSTALL_DIR"
fi
cd $INSTALL_DIR
cd "$INSTALL_DIR" || exit 4298497
if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then
wget https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz
if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
wget "https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
fi
if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then
if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
echo 'Unable to download guile pack'
exit 6735238
fi
CURR_GUILE_HASH=$(sha256sum guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz | awk -F ' ' '{print $1}')
CURR_GUILE_HASH=$(sha256sum "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" | awk -F ' ' '{print $1}')
if [[ "$CURR_GUILE_HASH" != "$GUILE_HASH" ]]; then
echo 'Guile hash does not match'
exit 7237625
fi
cd /
tar xvf $INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz
if [ ! -d /opt/guile-${GUILE_VERSION}/bin ]; then
cd / || exit 73563635
tar xvf "$INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
if [ ! -d "/opt/guile-${GUILE_VERSION}/bin" ]; then
echo 'Guile was not installed'
exit 825269
fi
echo "export GUILE_PATH=/opt/guile-${GUILE_VERSION}/bin" >> ~/.bashrc
echo 'export PATH=$PATH:$GUILE_PATH' >> ~/.bashrc
echo "export PATH=\$PATH:\$GUILE_PATH" >> ~/.bashrc
}
# NOTE: deliberately no exit 0

8
src/freedombone-utils-i2p
View File

@ -34,12 +34,12 @@
I2P_DOMAIN='deb.i2p2.de'
function install_i2p {
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p "$INSTALL_DIR"
fi
# install the gpg key
cd $INSTALL_DIR
cd "$INSTALL_DIR" || exit 346735
if [ -f i2p-debian-repo.key.asc ]; then
rm i2p-debian-repo.key.asc
fi
@ -121,3 +121,5 @@ function i2p_enable_sam {
sed -i 's|clientApp.1.startOnLoad=.*|clientApp.1.startOnLoad=true|g' /var/lib/i2p/i2p-config/clients.config
systemctl restart i2p
}
# NOTE: deliberately no exit 0

119
src/freedombone-utils-interactive
View File

@ -32,14 +32,13 @@ function interactive_configuration_remote_backups {
if [[ $SYSTEM_TYPE == "mesh"* ]]; then
return
fi
if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
if [ ! -f "/usr/local/bin/${PROJECT_NAME}-remote" ]; then
if [ ! -f "/usr/bin/${PROJECT_NAME}-remote" ]; then
echo $"The command ${PROJECT_NAME}-remote was not found"
exit 87354
fi
fi
${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$FRIENDS_SERVERS_LIST" -m "$MINIMUM_PASSWORD_LENGTH" -r yes; then
echo $'Command failed:'
echo ''
echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
@ -49,8 +48,8 @@ function interactive_configuration_remote_backups {
}
function interactive_configuration {
if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
if [ ! -f "/usr/local/bin/${PROJECT_NAME}-config" ]; then
if [ ! -f "/usr/bin/${PROJECT_NAME}-config" ]; then
echo $"The command ${PROJECT_NAME}-config was not found"
exit 63935
fi
@ -59,32 +58,32 @@ function interactive_configuration {
rm -f /tmp/meshuserdevice
fi
if [ $SOCIALINSTANCE ]; then
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
-w $PROJECT_WEBSITE \
-m $MINIMUM_PASSWORD_LENGTH \
if [ "$SOCIALINSTANCE" ]; then
"${PROJECT_NAME}-config" \
-f "$CONFIGURATION_FILE" \
-w "$PROJECT_WEBSITE" \
-m "$MINIMUM_PASSWORD_LENGTH" \
--minimal "yes" \
--social $SOCIALINSTANCE
--social "$SOCIALINSTANCE"
else
if [[ $ONION_ONLY == "no" ]]; then
if [[ $MINIMAL_INSTALL == "no" ]]; then
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
-w $PROJECT_WEBSITE \
-m $MINIMUM_PASSWORD_LENGTH
"${PROJECT_NAME}-config" \
-f "$CONFIGURATION_FILE" \
-w "$PROJECT_WEBSITE" \
-m "$MINIMUM_PASSWORD_LENGTH"
else
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
-w $PROJECT_WEBSITE \
-m $MINIMUM_PASSWORD_LENGTH \
"${PROJECT_NAME}-config" \
-f "$CONFIGURATION_FILE" \
-w "$PROJECT_WEBSITE" \
-m "$MINIMUM_PASSWORD_LENGTH" \
--minimal "yes"
fi
else
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
-w $PROJECT_WEBSITE \
-m $MINIMUM_PASSWORD_LENGTH \
"${PROJECT_NAME}-config" \
-f "$CONFIGURATION_FILE" \
-w "$PROJECT_WEBSITE" \
-m "$MINIMUM_PASSWORD_LENGTH" \
--onion "yes"
fi
fi
@ -93,6 +92,7 @@ function interactive_configuration {
rm -f /tmp/meshuserdevice
exit 0
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
echo $'Command failed:'
echo ''
@ -107,7 +107,7 @@ function interactive_configuration {
dialog --title $"Encrypted backup to other servers" \
--backtitle $"${PROJECT_NAME} Configuration" \
--defaultno \
--yesno $"\nDo you wish to configure some remote backup locations?" 7 60
--yesno $"\\nDo you wish to configure some remote backup locations?" 7 60
sel=$?
case $sel in
0) interactive_configuration_remote_backups;;
@ -121,53 +121,55 @@ function interactive_site_details {
SITE_BACKTITLE=$"Freedombone Configuration"
SITE_CONFIG_TITLE=$"${site_name^} Configuration"
SITE_FORM_TEXT=$"\nPlease enter your ${site_name^} details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
SITE_FORM_TEXT=$"\\nPlease enter your ${site_name^} details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
SITE_DOMAIN_NAME=
SITE_CODE=
SITE_DETAILS_COMPLETE=
while [ ! $SITE_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle "$SITE_BACKTITLE" \
--title "$SITE_CONFIG_TITLE" \
--form "$SITE_FORM_TEXT" 14 55 3 \
$"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Code:" 2 1 "$(grep '${site_name_upper}_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
2> $data
$"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Code:" 2 1 "$(grep "${site_name_upper}_CODE" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
2> "$data"
else
dialog --backtitle "$SITE_BACKTITLE" \
--title "$SITE_CONFIG_TITLE" \
--form "$SITE_FORM_TEXT" 11 55 3 \
$"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
2> $data
$"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
2> "$data"
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 1;;
esac
SITE_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $SITE_DOMAIN_NAME ]; then
SITE_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$SITE_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$SITE_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $SITE_DOMAIN_NAME ]]; then
if [[ "$TEST_DOMAIN_NAME" != "$SITE_DOMAIN_NAME" ]]; then
SITE_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
SITE_CODE=$(cat $data | sed -n 2p)
if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
SITE_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$SITE_CODE"
if [ ! $VALID_CODE ]; then
if [ ! "$VALID_CODE" ]; then
SITE_DOMAIN_NAME=
fi
fi
fi
fi
if [ $SITE_DOMAIN_NAME ]; then
if [ "$SITE_DOMAIN_NAME" ]; then
SITE_DETAILS_COMPLETE="yes"
fi
rm -f "$data"
done
# save the results in the config file
@ -192,31 +194,31 @@ function interactive_site_details_with_title {
SITE_DETAILS_COMPLETE=
while [ ! $SITE_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title "$SITE_BACKTITLE" \
--form "$SITE_FORM_TEXT" 14 55 4 \
$"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
$"Code:" 3 1 "$(grep '$SITE_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
2> $data
$"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
$"Code:" 3 1 "$(grep "$SITE_CODE" temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
2> "$data"
else
dialog --backtitle "$SITE_BACKTITLE" \
--title "$SITE_CONFIG_TITLE" \
--form "$SITE_FORM_TEXT" 11 55 3 \
$"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
2> $data
$"Title:" 1 1 "$(grep "$SITE_TITLE" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
2> "$data"
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 1;;
esac
SITE_TITLE=$(cat $data | sed -n 1p)
SITE_DOMAIN_NAME=$(cat $data | sed -n 2p)
SITE_TITLE=$(sed -n 1p < "$data")
SITE_DOMAIN_NAME=$(sed -n 2p < "$data")
site_domain_name_str="$SITE_DOMAIN_NAME"
if [ ${#site_domain_name_str} -gt 1 ]; then
TEST_DOMAIN_NAME="$SITE_DOMAIN_NAME"
@ -225,10 +227,10 @@ function interactive_site_details_with_title {
SITE_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
SITE_CODE=$(cat $data | sed -n 3p)
if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
SITE_CODE=$(sed -n 3p < "$data")
validate_freedns_code "${SITE_CODE}"
if [ ! $VALID_CODE ]; then
if [ ! "$VALID_CODE" ]; then
SITE_DOMAIN_NAME=
fi
fi
@ -240,6 +242,7 @@ function interactive_site_details_with_title {
SITE_DETAILS_COMPLETE="yes"
fi
fi
rm -f "$data"
done
# save the results in the config file

154
src/freedombone-utils-keys
View File

@ -41,137 +41,137 @@ function interactive_gpg_from_usb {
do
detect_usb_drive
if [ ! -b $USB_DRIVE ]; then
if [ ! -b "$USB_DRIVE" ]; then
if (( GPG_CTR > 0 )); then
gpg_reconstruct_key $MY_USERNAME interactive
gpg_update_mutt $MY_USERNAME
gpg_reconstruct_key "$MY_USERNAME" interactive
gpg_update_mutt "$MY_USERNAME"
return 0
fi
dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30
exit 739836
fi
backup_mount_drive ${USB_DRIVE} ${MY_USERNAME}
backup_mount_drive "${USB_DRIVE}" "${MY_USERNAME}"
if [ ! -d $USB_MOUNT ]; then
if [ ! -d "$USB_MOUNT" ]; then
if (( GPG_CTR > 0 )); then
backup_unmount_drive ${USB_DRIVE}
gpg_reconstruct_key $MY_USERNAME interactive
backup_unmount_drive "${USB_DRIVE}"
gpg_reconstruct_key "$MY_USERNAME" interactive
return 0
fi
dialog --title $"Recover Encryption Keys" \
--msgbox $"There was a problem mounting the USB drive $USB_DRIVE to $USB_MOUNT" 6 70
backup_unmount_drive ${USB_DRIVE}
backup_unmount_drive "${USB_DRIVE}"
exit 74393
fi
if [ ! -d $USB_MOUNT/.gnupg ]; then
if [ ! -d $USB_MOUNT/.gnupg_fragments ]; then
if [ ! -d "$USB_MOUNT/.gnupg" ]; then
if [ ! -d "$USB_MOUNT/.gnupg_fragments" ]; then
if (( GPG_CTR > 0 )); then
backup_unmount_drive ${USB_DRIVE}
gpg_reconstruct_key $MY_USERNAME interactive
gpg_update_mutt $MY_USERNAME
backup_unmount_drive "${USB_DRIVE}"
gpg_reconstruct_key "$MY_USERNAME" interactive
gpg_update_mutt "$MY_USERNAME"
return 0
fi
dialog --title $"Recover Encryption Keys" \
--msgbox $"The directory $USB_MOUNT/.gnupg or $USB_MOUNT/.gnupg_fragments was not found" 6 70
backup_unmount_drive ${USB_DRIVE}
backup_unmount_drive "${USB_DRIVE}"
exit 723814
fi
fi
if [ -d $USB_MOUNT/letsencrypt ]; then
if [ -d "$USB_MOUNT/letsencrypt" ]; then
if [ ! -d /etc/letsencrypt ]; then
mkdir /etc/letsencrypt
fi
echo $'Recovering LetsEncrypt keys'
cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
cp -r "$USB_MOUNT/letsencrypt/*" /etc/letsencrypt
addgroup ssl-cert
chown -R root:ssl-cert /etc/letsencrypt
fi
if [ -f $USB_MOUNT/.mastergpgkey ]; then
if [ -f "$USB_MOUNT/.mastergpgkey" ]; then
# Recovering keys from file rather than just copying the gnupg
# directory may help to avoid problems during upgrades/reinstalls
if [ ! -f $USB_MOUNT/.backupgpgkey ]; then
if [ ! -f "$USB_MOUNT/.backupgpgkey" ]; then
echo $'No backup key file found on USB drive'
exit 725729
fi
CURR_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_BACKUP_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_BACKUP_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf
if [ -f $HOME_DIR/gpg.conf ]; then
if grep -q "default-key" $HOME_DIR/gpg.conf; then
default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key")
if [ -f "$HOME_DIR/gpg.conf" ]; then
if grep -q "default-key" "$HOME_DIR/gpg.conf"; then
default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf")
if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf" | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then
CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi
fi
fi
fi
echo $'Making backup copy of existing gpg keys'
if [ -d $HOME_DIR/.gnupg ]; then
if [ -d $HOME_DIR/.gnupg_old ]; then
rm -rf $HOME_DIR/.gnupg_old
if [ -d "$HOME_DIR/.gnupg" ]; then
if [ -d "$HOME_DIR/.gnupg_old" ]; then
rm -rf "$HOME_DIR/.gnupg_old"
fi
cp -r $HOME_DIR/.gnupg $HOME_DIR/.gnupg_old
chmod 700 $HOME_DIR/.gnupg_old
chmod -R 600 $HOME_DIR/.gnupg_old/*
chown -R $MY_USERNAME:$MY_USERNAME $HOME_DIR/.gnupg_old
cp -r "$HOME_DIR/.gnupg $HOME_DIR/.gnupg_old"
chmod 700 "$HOME_DIR/.gnupg_old"
chmod -R 600 "$HOME_DIR/.gnupg_old/*"
chown -R "$MY_USERNAME":"$MY_USERNAME" "$HOME_DIR/.gnupg_old"
fi
echo $'Removing old gpg keys'
gpg_delete_key $MY_USERNAME $CURR_GPG_BACKUP_ID
gpg_delete_key $MY_USERNAME $CURR_GPG_ID
gpg_delete_key "$MY_USERNAME" "$CURR_GPG_BACKUP_ID"
gpg_delete_key "$MY_USERNAME" "$CURR_GPG_ID"
echo $'Importing master keys'
gpg --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey
echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey
if [ -d $HOME_DIR/.gnupg ]; then
gpg --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.mastergpgkey"
echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.backupgpgkey"
if [ -d "$HOME_DIR/.gnupg" ]; then
echo $'Setting permissions'
gpg_set_permissions $MY_USERNAME
gpg_set_permissions "$MY_USERNAME"
echo $"Updating muttrc for $MY_USERNAME"
gpg_update_mutt $MY_USERNAME
gpg_update_mutt "$MY_USERNAME"
fi
GPG_LOADING="no"
dialog --title $"Recover Encryption Keys" \
--msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
else
if [ -d $USB_MOUNT/.gnupg ]; then
if [ ! -d $HOME_DIR/.gnupg ]; then
mkdir $HOME_DIR/.gnupg
if [ -d "$USB_MOUNT/.gnupg" ]; then
if [ ! -d "$HOME_DIR/.gnupg" ]; then
mkdir "$HOME_DIR/.gnupg"
fi
echo $'Recovering GPG keys'
cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
cp -r "$USB_MOUNT/.gnupg/*" "$HOME_DIR/.gnupg"
GPG_LOADING="no"
dialog --title $"Recover Encryption Keys" \
--msgbox $"GPG Keyring directory loaded to $HOME_DIR" 6 70
else
# Collect fragments from the USB drive
if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
mkdir $HOME_DIR/.gnupg_fragments
if [ ! -d "$HOME_DIR/.gnupg_fragments" ]; then
mkdir "$HOME_DIR/.gnupg_fragments"
fi
cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
cp -r "$USB_MOUNT/.gnupg_fragments/*" "$HOME_DIR/.gnupg_fragments"
fi
fi
if [[ $SSH_IMPORTED == "no" ]]; then
if [ -d $USB_MOUNT/.ssh ]; then
if [ ! -d $HOME_DIR/.ssh ]; then
mkdir $HOME_DIR/.ssh
if [[ "$SSH_IMPORTED" == "no" ]]; then
if [ -d "$USB_MOUNT/.ssh" ]; then
if [ ! -d "$HOME_DIR/.ssh" ]; then
mkdir "$HOME_DIR/.ssh"
fi
cp $USB_MOUNT/.ssh/* $HOME_DIR/.ssh
cp "$USB_MOUNT/.ssh/*" "$HOME_DIR/.ssh"
dialog --title $"Recover Encryption Keys" \
--msgbox $"ssh keys imported" 6 70
SSH_IMPORTED="yes"
fi
fi
if [ -d $USB_MOUNT ]; then
backup_unmount_drive ${USB_DRIVE}
if [ -d "$USB_MOUNT" ]; then
backup_unmount_drive "${USB_DRIVE}"
fi
if [[ $GPG_LOADING == "yes" ]]; then
dialog --title $"Recover Encryption Keys" \
@ -185,15 +185,15 @@ function interactive_gpg_from_remote {
REMOTE_SERVERS_LIST=/home/$MY_USERNAME/keyshareservers.txt
# get a list of remote servers
${PROJECT_NAME}-remote -u $MY_USERNAME -l $REMOTE_SERVERS_LIST -t "Remote server"
"${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST" -t "Remote server"
if [ ! -f $REMOTE_SERVERS_LIST ]; then
if [ ! -f "$REMOTE_SERVERS_LIST" ]; then
dialog --title $"Encryption Keys Recovery" --msgbox $'Error obtaining server list' 6 70
return 1
fi
# check the number of entries in the file
no_of_servers=$(cat $REMOTE_SERVERS_LIST | wc -l)
no_of_servers=$(wc -l < "$REMOTE_SERVERS_LIST")
if (( no_of_servers < 3 )); then
dialog --title $"Encryption Keys Recovery" \
--msgbox $'There must be at least three servers to recover the key' 6 70
@ -201,8 +201,7 @@ function interactive_gpg_from_remote {
fi
# try to recover the key from the servers
${PROJECT_NAME}-recoverkey -u $MY_USERNAME -l $REMOTE_SERVERS_LIST
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST"; then
dialog --title $"Encryption Keys Recovery" --msgbox $'Your key could not be recovered' 6 70
return 3
fi
@ -217,36 +216,36 @@ function interactive_gpg {
while [[ $GPG_CONFIGURED != "yes" ]]
do
GPG_CONFIGURED="yes"
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Configuration" \
--radiolist $"GPG/PGP keys for your system:" 13 70 3 \
1 $"Generate new keys (new user)" on \
2 $"Import keys from USB drive/s" off \
3 $"Retrieve keys from friends servers" off 2> $data
3 $"Retrieve keys from friends servers" off 2> "$data"
sel=$?
case $sel in
1) exit 1;;
255) exit 2;;
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 2;;
esac
case $(cat $data) in
1) if [ -d /home/${MY_USERNAME}/.gnupg ]; then
rm -rf /home/${MY_USERNAME}/.gnupg
case $(cat "$data") in
1) if [ -d "/home/${MY_USERNAME}/.gnupg" ]; then
rm -rf "/home/${MY_USERNAME}/.gnupg"
fi
break;;
2) interactive_gpg_from_usb
break;;
3) interactive_gpg_from_remote
if [ ! "$?" = "0" ]; then
3) if ! interactive_gpg_from_remote; then
GPG_CONFIGURED="no"
fi;;
esac
rm -f "$data"
done
}
function interactive_key_recovery {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Encryption Keys Recovery" \
--backtitle $"Freedombone Configuration" \
@ -254,14 +253,16 @@ function interactive_key_recovery {
--yesno $"Do you wish to recover your previous encryption keys from a USB master keydrive?" 7 60
sel=$?
case $sel in
1) return;;
255) return;;
1) rm -f "$data"
return;;
255) rm -f "$data"
return;;
esac
clear
apt-get -yq install cryptsetup
${PROJECT_NAME}-recoverkey -u $MY_USERNAME
if [ -d /home/$MY_USERNAME/.gnupg ]; then
cp -rf /home/$MY_USERNAME/.gnupg /root
"${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME"
if [ -d "/home/$MY_USERNAME/.gnupg" ]; then
cp -rf "/home/$MY_USERNAME/.gnupg" /root
chmod 700 /root/.gnupg
chmod 600 /root/.gnupg/*
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
@ -269,6 +270,7 @@ function interactive_key_recovery {
chmod +x /root/.gnupg/crls.d
fi
fi
rm -f "$data"
}
function set_password_for_all_users {
@ -278,7 +280,7 @@ function set_password_for_all_users {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
${PROJECT_NAME}-pass -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
"${PROJECT_NAME}-pass" -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
fi
done
}

15
src/freedombone-utils-login
View File

@ -38,14 +38,13 @@ function change_login_message {
rm -f /etc/init.d/motd
fi
echo '' > /etc/motd
echo ".---. . . " >> /etc/motd
echo "| | | " >> /etc/motd
echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
echo $' Freedom in the Cloud' >> /etc/motd
echo '' >> /etc/motd
{ echo ".---. . . ";
echo "| | | ";
echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. ";
echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' ";
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'";
echo $' Freedom in the Cloud';
echo ''; } > /etc/motd
mark_completed "${FUNCNAME[0]}"
}

192
src/freedombone-utils-mesh
View File

@ -35,11 +35,11 @@ MESH_DEFAULT_PROTOCOL=/root/.mesh_protocol_default
function mesh_generate_ipv6_address {
network=fd66:66:66
if [ $1 ]; then
search_ipv6=$(ifconfig $1 | grep $network)
if [ $search_ipv6 ]; then
result=$(ifconfig $1 | grep $network | awk -F ' ' '{print $2}')
ip -6 addr add ${result}/128 dev $1
if [ "$1" ]; then
search_ipv6=$(ifconfig "$1" | grep "$network")
if [ "$search_ipv6" ]; then
result=$(ifconfig "$1" | grep "$network" | awk -F ' ' '{print $2}')
ip -6 addr add "${result}/128" dev "$1"
return
fi
fi
@ -51,7 +51,7 @@ function mesh_generate_ipv6_address {
d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
result=$network:$a:$b:$c:$d:$e
ip -6 addr add ${result}/128 dev $1
ip -6 addr add "${result}/128" dev "$1"
}
function mesh_protocol_init {
@ -67,21 +67,21 @@ function mesh_protocol_init {
# Mesh definition
WIFI_SSID='mesh'
if [ -f $COMPLETION_FILE ]; then
if grep -q "WIFI_SSID:" $COMPLETION_FILE; then
WIFI_SSID=$(cat $COMPLETION_FILE | grep "WIFI_SSID:" | awk -F ':' '{print $2}')
if [ -f "$COMPLETION_FILE" ]; then
if grep -q "WIFI_SSID:" "$COMPLETION_FILE"; then
WIFI_SSID=$(grep "WIFI_SSID:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
fi
sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" $COMPLETION_FILE
sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" "$COMPLETION_FILE"
fi
CELLID='any'
CHANNEL=2
HOTSPOT_CHANNEL=6
if [ -f $COMPLETION_FILE ]; then
if grep -q "Wifi channel:" $COMPLETION_FILE; then
CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}')
if [ -f "$COMPLETION_FILE" ]; then
if grep -q "Wifi channel:" "$COMPLETION_FILE"; then
CHANNEL=$(grep "Wifi channel:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
fi
sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" $COMPLETION_FILE
sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" "$COMPLETION_FILE"
fi
ZERONET_PORT=15441
@ -101,18 +101,18 @@ function mesh_protocol_init {
EIFACE=eth0
WLAN_ADAPTORS=$(count_wlan)
if [ $WLAN_ADAPTORS -eq 0 ]; then
if [ "$WLAN_ADAPTORS" -eq 0 ]; then
echo $'No wlan adaptors found'
exit 0
fi
}
function get_ipv6_wlan {
echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
ifconfig "${IFACE}" | grep inet6 | awk -F ' ' '{print $2}'
}
function mesh_hotspot_ip_address {
echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
ifconfig "${BRIDGE}" | grep inet6 | awk -F ' ' '{print $2}'
}
function global_rate_limit {
@ -129,7 +129,7 @@ function global_rate_limit {
function assign_peer_address {
for i in {1..6}; do
number=$RANDOM
let "number %= 255"
(( "number %= 255" ))
octet=$(echo "obase=16;$number" | bc)
if [ ${#octet} -lt 2 ]; then
octet="0${octet}"
@ -142,7 +142,7 @@ function assign_peer_address {
}
function mesh_create_app_downloads_page {
if [ ! -d /root/$PROJECT_NAME/image_build/mesh_apps ]; then
if [ ! -d "/root/$PROJECT_NAME/image_build/mesh_apps" ]; then
return
fi
if [ ! -d /var/www/html ]; then
@ -163,27 +163,27 @@ function mesh_create_app_downloads_page {
mv /home/fbone/Desktop/cryptpad.desktop /home/fbone/.cryptpad.desktop
fi
cp /root/$PROJECT_NAME/website/EN/meshindex.html /var/www/html/index.html
cp "/root/$PROJECT_NAME/website/EN/meshindex.html" /var/www/html/index.html
if [ ! -f /var/www/html/ssb.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
cp "/root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk" /var/www/html/ssb.apk
fi
if [ ! -f /var/www/html/trifa.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk
cp "/root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk" /var/www/html/trifa.apk
fi
if [ ! -d /var/www/html/images ]; then
mkdir /var/www/html/images
fi
if [ ! -f /var/www/html/images/logo.png ]; then
cp /root/$PROJECT_NAME/img/logo.png /var/www/html/images/logo.png
cp "/root/$PROJECT_NAME/img/logo.png" /var/www/html/images/logo.png
fi
if [ ! -f /var/www/html/images/ssb.png ]; then
cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
cp "/root/$PROJECT_NAME/img/icon_patchwork.png" /var/www/html/images/ssb.png
fi
if [ ! -f /var/www/html/images/trifa.png ]; then
cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png
cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png
fi
if [ ! -f /var/www/html/freedombone.css ]; then
cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css
fi
chown -R www-data:www-data /var/www/html/*
}
@ -191,8 +191,8 @@ function mesh_create_app_downloads_page {
function enable_mesh_firewall {
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport 6240 -j ACCEPT
iptables -A INPUT -p tcp --dport 6240 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
@ -203,16 +203,16 @@ function enable_mesh_firewall {
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork
iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p udp --dport 8010 -j ACCEPT
@ -227,8 +227,8 @@ function enable_mesh_firewall {
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport 6240 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 6240 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
@ -239,16 +239,16 @@ function enable_mesh_firewall {
ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 5354 -j ACCEPT
ip6tables -A INPUT -p udp --dport 5354 -j ACCEPT
ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
ip6tables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
ip6tables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork
ip6tables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport 8008 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT
ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT
@ -266,12 +266,12 @@ function enable_mesh_firewall {
# to discover local peers
iptables -A INPUT -p tcp --dport 653 -j ACCEPT
iptables -A INPUT -p udp --dport 653 -j ACCEPT
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -A FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
@ -280,8 +280,8 @@ function enable_mesh_firewall {
}
function disable_mesh_firewall {
iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport 6240 -j ACCEPT
iptables -D INPUT -p tcp --dport 6240 -j ACCEPT
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
@ -292,17 +292,17 @@ function disable_mesh_firewall {
iptables -D INPUT -p udp --dport 5353 -j ACCEPT
iptables -D INPUT -p tcp --dport 5354 -j ACCEPT
iptables -D INPUT -p udp --dport 5354 -j ACCEPT
iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork
iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport 8008 -j ACCEPT
iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@ -315,8 +315,8 @@ function disable_mesh_firewall {
ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
ip6tables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport 6240 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 6240 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 80 -j ACCEPT
@ -327,17 +327,17 @@ function disable_mesh_firewall {
ip6tables -D INPUT -p udp --dport 5353 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 5354 -j ACCEPT
ip6tables -D INPUT -p udp --dport 5354 -j ACCEPT
ip6tables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
ip6tables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
ip6tables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT
ip6tables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
ip6tables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork
ip6tables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
ip6tables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport 8008 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT
ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT
@ -352,12 +352,12 @@ function disable_mesh_firewall {
# vpn over the internet
iptables -D INPUT -p tcp --dport 653 -j ACCEPT
iptables -D INPUT -p udp --dport 653 -j ACCEPT
iptables -D INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -D INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -D INPUT -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -D FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
iptables -D OUTPUT -o tun+ -j ACCEPT
echo 0 > /proc/sys/net/ipv4/ip_forward
@ -401,25 +401,25 @@ function enable_mesh_tor {
}
function enable_mesh_seconary_wifi {
if [ $secondary_wifi_available ]; then
if [ "$secondary_wifi_available" ]; then
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
mesh_hotspot_address=$(mesh_hotspot_ip_address)
if [[ "$mesh_hotspot_address" == *'.'* ]]; then
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
{ echo "interface=${IFACE_SECONDARY}";
echo "bridge=${BRIDGE}";
echo 'driver=nl80211';
echo "country_code=UK";
echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}";
echo 'hw_mode=g';
echo "channel=${HOTSPOT_CHANNEL}";
echo 'wpa=2';
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE";
echo 'wpa_key_mgmt=WPA-PSK';
echo 'wpa_pairwise=TKIP';
echo 'rsn_pairwise=CCMP';
echo 'auth_algs=1';
echo 'macaddr_acl=0'; } > /etc/hostapd/hostapd.conf
sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
@ -437,7 +437,7 @@ function enable_mesh_seconary_wifi {
fi
fi
if [ ! $secondary_wifi_available ]; then
if [ ! "$secondary_wifi_available" ]; then
systemctl stop hostapd
systemctl disable hostapd

31
src/freedombone-utils-meteor
View File

@ -41,14 +41,14 @@ function meteor_cleanUp {
}
function install_meteor_script {
meteor_dir=$1
meteor_dir="$1"
if [ ! $meteor_dir ]; then
if [ ! "$meteor_dir" ]; then
echo $'No meteor install directory specified'
exit 692025
fi
if [ ! -d $meteor_dir ]; then
if [ ! -d "$meteor_dir" ]; then
echo $'Meteor install directory not found'
exit 845382
fi
@ -67,19 +67,19 @@ function install_meteor_script {
DIR_PREFIX="/usr/local"
TARBALL_URL="$https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
TARBALL_URL="https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
INSTALL_TMPDIR="$meteor_dir/.meteor-install-tmp"
TARBALL_FILE="$meteor_dir/.meteor-tarball-tmp"
# Remove temporary files now in case they exist.
meteor_cleanUp
if [ -d $INSTALL_TMPDIR ]; then
rm -rf $INSTALL_TMPDIR
if [ -d "$INSTALL_TMPDIR" ]; then
rm -rf "$INSTALL_TMPDIR"
fi
mkdir "$INSTALL_TMPDIR"
if [ ! -f ${TARBALL_FILE} ]; then
if [ ! -f "${TARBALL_FILE}" ]; then
echo "Downloading Meteor distribution"
# keep trying to curl the file until it works (resuming where possible)
MAX_ATTEMPTS=10
@ -90,11 +90,8 @@ function install_meteor_script {
do
ATTEMPTS=$((ATTEMPTS + 1))
curl --progress-bar --fail --continue-at - \
"$TARBALL_URL" --output "$TARBALL_FILE"
if [ $? -eq 0 ]
then
if curl --progress-bar --fail --continue-at - \
"$TARBALL_URL" --output "$TARBALL_FILE"; then
break
fi
@ -103,14 +100,14 @@ function install_meteor_script {
done
fi
if [ ! -f ${TARBALL_FILE} ]; then
if [ ! -f "${TARBALL_FILE}" ]; then
echo $'meteor tarball could not be downloaded'
exit 7272452
fi
tar -xzf "$TARBALL_FILE" -C "$INSTALL_TMPDIR" -o
if [ ! -f ${INSTALL_TMPDIR}/.meteor/meteor ]; then
if [ ! -f "${INSTALL_TMPDIR}/.meteor/meteor" ]; then
echo $'tarball not extracted'
exit 693252
fi
@ -201,10 +198,10 @@ EOF
function install_meteor {
apt-get -yq install curl
if [ ! -d $INSTALL_DIR/meteor ]; then
mkdir $INSTALL_DIR/meteor
if [ ! -d "$INSTALL_DIR/meteor" ]; then
mkdir "$INSTALL_DIR/meteor"
fi
cd $INSTALL_DIR/meteor
cd "$INSTALL_DIR/meteor" || exit 72345274
install_meteor_script
}

51
src/freedombone-utils-mongodb
View File

@ -35,14 +35,14 @@ MONGODB_APPS_FILE=$HOME/.mongodbapps
function store_original_mongodb_password {
if [ ! -f /root/.mongodboriginal ]; then
echo $'Storing original mongodb password'
ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
ORIGINAL_MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
# We can store this in plaintext because it will soon be of historical interest only
echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
fi
}
function get_mongodb_password {
MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
echo $'Could not obtain mongodb password'
exit 7835272
@ -63,14 +63,14 @@ function install_mongodb {
function_check get_mongodb_password
get_mongodb_password
if [ ! $MONGODB_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ ! "$MONGODB_PASSWORD" ]; then
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
MONGODB_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
MONGODB_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD"
"${PROJECT_NAME}-pass" -u root -a mongodb -p "$MONGODB_PASSWORD"
apt-get -yq install mongodb mongo-tools
apt-get -yq remove --purge apache2-bin*
@ -84,9 +84,9 @@ function install_mongodb {
exit 78352
fi
if [ $app_name ]; then
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
echo "$app_name" >> $MONGODB_APPS_FILE
if [ "$app_name" ]; then
if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
echo "$app_name" >> "$MONGODB_APPS_FILE"
fi
fi
@ -96,14 +96,14 @@ function install_mongodb {
function remove_mongodb {
app_name=$1
if [ ! $app_name ]; then
if [ ! "$app_name" ]; then
return
fi
removemongo=
if [ -f $MONGODB_APPS_FILE ]; then
sed -i "/$app_name/d" $MONGODB_APPS_FILE
if [ ! -s $MONGODB_APPS_FILE ]; then
if [ -f "$MONGODB_APPS_FILE" ]; then
sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
if [ ! -s "$MONGODB_APPS_FILE" ]; then
removemongo=1
fi
else
@ -125,7 +125,7 @@ function remove_mongodb {
if [ -f /etc/init.d/mongodb ]; then
rm /etc/init.d/mongodb
fi
sed -i '/install_mongodb/d' $COMPLETION_FILE
sed -i '/install_mongodb/d' "$COMPLETION_FILE"
fi
}
@ -146,10 +146,10 @@ function drop_database_mongodb {
if [[ "$database_name" == 'admin' ]]; then
return
fi
mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )"
if [ $app_name ]; then
if grep -q "$app_name" $MONGODB_APPS_FILE; then
sed -i "/$app_name/d" $MONGODB_APPS_FILE
mongo "$database_name" --eval "db.runCommand( { dropDatabase: 1 } )"
if [ "$app_name" ]; then
if grep -q "$app_name" "$MONGODB_APPS_FILE"; then
sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
fi
fi
}
@ -157,8 +157,7 @@ function drop_database_mongodb {
function initialise_database_mongodb {
database_name=$1
database_file=$2
mongorestore $database_file
if [ ! "$?" = "0" ]; then
if ! mongorestore "$database_file"; then
exit 8358365
fi
}
@ -166,11 +165,13 @@ function initialise_database_mongodb {
function create_database_mongodb {
app_name="$1"
app_admin_password="$2"
app_admin_username=$3
app_admin_username="$3"
mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
if [ $app_name ]; then
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
echo "$app_name" >> $MONGODB_APPS_FILE
if [ "$app_name" ]; then
if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
echo "$app_name" >> "$MONGODB_APPS_FILE"
fi
fi
}
# NOTE: deliberately there is no "exit 0"

20
src/freedombone-utils-monkeysphere
View File

@ -34,22 +34,22 @@ function install_monkeysphere {
fi
apt-get -yq install monkeysphere msva-perl
#su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
mkdir /home/$MY_USERNAME/.monkeysphere
chmod 755 /home/$MY_USERNAME/.monkeysphere
echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
mkdir "/home/$MY_USERNAME/.monkeysphere"
chmod 755 "/home/$MY_USERNAME/.monkeysphere"
echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
chmod 644 "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.monkeysphere"
monkeysphere-authentication update-users
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo $'monkeysphere import: ssh host key not found'
exit 76295
fi
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
@ -57,8 +57,8 @@ function install_monkeysphere {
fi
fi
# The admin user is the identity certifier
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr
fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier "$fpr"
mark_completed "${FUNCNAME[0]}"
}

28
src/freedombone-utils-network
View File

@ -62,11 +62,11 @@ function install_static_network {
echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
echo 'auto eth0' > /etc/network/interfaces.d/static
echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces.d/static
echo ' netmask 255.255.255.0' >> /etc/network/interfaces.d/static
echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces.d/static
{ echo 'auto eth0';
echo 'iface eth0 inet static';
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS";
echo ' netmask 255.255.255.0';
echo " gateway $ROUTER_IP_ADDRESS"; } > /etc/network/interfaces.d/static
mark_completed "${FUNCNAME[0]}"
}
@ -77,23 +77,23 @@ function get_external_ipv4_address {
function get_ipv4_address {
IPv4dev=$(ip route get $IPV4_ADDRESS_TEST_DESTINATION | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
echo $(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}'
}
function get_ipv6_address {
retval=$(ip -6 route get $IPV6_ADDRESS_TEST_DESTINATION 2> /dev/null)
echo $(echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }'
}
function update_external_ip {
ip_update_script=/usr/bin/externalipupdate
echo '#!/bin/bash' >> $ip_update_script
echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
echo " echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt" >> $ip_update_script
echo 'fi' >> $ip_update_script
{ echo '#!/bin/bash';
echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'";
echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')";
echo "if [[ \"\$curr_ip\" != \"\$existing_ip\" ]]; then";
echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE";
echo " echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt";
echo 'fi'; } > $ip_update_script
cron_add_mins 10 $ip_update_script
}