This commit is contained in:
Bob Mottram 2018-02-26 13:50:40 +00:00
parent 8b4ddff6eb
commit 8848ea40ef
27 changed files with 2047 additions and 2043 deletions

View File

@ -12,14 +12,14 @@ ERR=$TMP/cronic.err
TRACE=$TMP/cronic.trace TRACE=$TMP/cronic.trace
set +e set +e
"$@" >$OUT 2>$TRACE "$@" >"$OUT" 2>"$TRACE"
RESULT=$? RESULT=$?
set -e set -e
PATTERN="^${PS4:0:1}\\+${PS4:1}" PATTERN="^${PS4:0:1}\\+${PS4:1}"
if grep -aq "$PATTERN" $TRACE if grep -aq "$PATTERN" "$TRACE"
then then
! grep -av "$PATTERN" $TRACE > $ERR ! grep -av "$PATTERN" "$TRACE" > "$ERR"
else else
ERR=$TRACE ERR=$TRACE
fi fi
@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ]
echo echo
echo "STANDARD OUTPUT:" echo "STANDARD OUTPUT:"
cat "$OUT" cat "$OUT"
if [ $TRACE != $ERR ] if [ "$TRACE" != "$ERR" ]
then then
echo echo
echo "TRACE-ERROR OUTPUT:" echo "TRACE-ERROR OUTPUT:"

View File

@ -42,61 +42,61 @@ fi
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
command_options=$1 command_options="$1"
if [[ $command_options == "menuconfig-full" ]]; then if [[ "$command_options" == "menuconfig-full" ]]; then
MINIMAL_INSTALL="no" MINIMAL_INSTALL="no"
fi fi
if [[ $command_options == "menuconfig-onion" ]]; then if [[ "$command_options" == "menuconfig-onion" ]]; then
MINIMAL_INSTALL="yes" MINIMAL_INSTALL="yes"
ONION_ONLY="yes" ONION_ONLY="yes"
fi fi
if [[ $command_options == "menuconfig-gnusocial" ]]; then if [[ "$command_options" == "menuconfig-gnusocial" ]]; then
MINIMAL_INSTALL="yes" MINIMAL_INSTALL="yes"
ONION_ONLY="no" ONION_ONLY="no"
SOCIALINSTANCE='gnusocial' SOCIALINSTANCE='gnusocial'
fi fi
if [[ $command_options == "menuconfig-postactiv" ]]; then if [[ "$command_options" == "menuconfig-postactiv" ]]; then
MINIMAL_INSTALL="yes" MINIMAL_INSTALL="yes"
ONION_ONLY="no" ONION_ONLY="no"
SOCIALINSTANCE='postactiv' SOCIALINSTANCE='postactiv'
fi fi
if [ ! $CONFIGURATION_FILE ]; then if [ ! "$CONFIGURATION_FILE" ]; then
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
fi fi
if [ ! $COMPLETION_FILE ]; then if [ ! "$COMPLETION_FILE" ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
fi fi
# before the interactive config so that wifi adaptors may be detected # before the interactive config so that wifi adaptors may be detected
setup_wifi_atheros setup_wifi_atheros
if [[ $command_options == "menuconfig"* ]]; then if [[ "$command_options" == "menuconfig"* ]]; then
if [[ "$2" == "--reset" ]]; then if [[ "$2" == "--reset" ]]; then
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
rm $CONFIGURATION_FILE rm "$CONFIGURATION_FILE"
fi fi
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
rm $COMPLETION_FILE rm "$COMPLETION_FILE"
fi fi
if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then
rm /usr/share/${PROJECT_NAME}/installed.txt rm "/usr/share/${PROJECT_NAME}/installed.txt"
fi fi
if [ -f /root/removed ]; then if [ -f /root/removed ]; then
rm /root/removed rm /root/removed
@ -104,18 +104,18 @@ if [[ $command_options == "menuconfig"* ]]; then
fi fi
# clear the interactive file which indicates configuration success # clear the interactive file which indicates configuration success
interactive_file=$HOME/.${PROJECT_NAME}-interactive interactive_file="$HOME/.${PROJECT_NAME}-interactive"
if [ -f $interactive_file ]; then if [ -f "$interactive_file" ]; then
rm $interactive_file rm "$interactive_file"
fi fi
interactive_configuration interactive_configuration
# check that the interactive file was created # check that the interactive file was created
if [ ! -f $interactive_file ]; then if [ ! -f "$interactive_file" ]; then
exit 6393562 exit 6393562
fi fi
rm $interactive_file rm "$interactive_file"
else else
while [ $# -gt 1 ] while [ $# -gt 1 ]
do do
@ -169,12 +169,12 @@ else
# Static IP address for the system # Static IP address for the system
--ip) --ip)
shift shift
LOCAL_NETWORK_STATIC_IP_ADDRESS=$1 LOCAL_NETWORK_STATIC_IP_ADDRESS="$1"
;; ;;
# IP address for the internet router # IP address for the internet router
--iprouter) --iprouter)
shift shift
ROUTER_IP_ADDRESS=$1 ROUTER_IP_ADDRESS="$1"
;; ;;
# ssh port # ssh port
--ssh) --ssh)
@ -214,61 +214,61 @@ else
# Mumble server password # Mumble server password
--vpass) --vpass)
shift shift
MUMBLE_SERVER_PASSWORD=$1 MUMBLE_SERVER_PASSWORD="$1"
;; ;;
# Mumble server port # Mumble server port
--vport) --vport)
shift shift
MUMBLE_PORT=$1 MUMBLE_PORT="$1"
;; ;;
# DNS Nameserver 1 # DNS Nameserver 1
--ns1) --ns1)
shift shift
NAMESERVER1=$1 NAMESERVER1="$1"
;; ;;
# DNS Nameserver 2 # DNS Nameserver 2
--ns2) --ns2)
shift shift
NAMESERVER2=$1 NAMESERVER2="$1"
;; ;;
# DNS Nameserver 3 # DNS Nameserver 3
--ns3) --ns3)
shift shift
NAMESERVER3=$1 NAMESERVER3="$1"
;; ;;
# DNS Nameserver 4 # DNS Nameserver 4
--ns4) --ns4)
shift shift
NAMESERVER4=$1 NAMESERVER4="$1"
;; ;;
# DNS Nameserver 5 # DNS Nameserver 5
--ns5) --ns5)
shift shift
NAMESERVER5=$1 NAMESERVER5="$1"
;; ;;
# DNS Nameserver 6 # DNS Nameserver 6
--ns6) --ns6)
shift shift
NAMESERVER6=$1 NAMESERVER6="$1"
;; ;;
# Debian repository # Debian repository
--repo) --repo)
shift shift
DEBIAN_REPO=$1 DEBIAN_REPO="$1"
;; ;;
# clear the config file # clear the config file
--reset) --reset)
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
rm $CONFIGURATION_FILE rm "$CONFIGURATION_FILE"
fi fi
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
rm $COMPLETION_FILE rm "$COMPLETION_FILE"
fi fi
;; ;;
# minimal install # minimal install
--minimal) --minimal)
shift shift
MINIMAL_INSTALL=$1 MINIMAL_INSTALL="$1"
;; ;;
*) *)
# unknown option # unknown option
@ -293,7 +293,7 @@ function parse_args {
read_config_param 'DDNS_USERNAME' read_config_param 'DDNS_USERNAME'
read_config_param 'DDNS_PASSWORD' read_config_param 'DDNS_PASSWORD'
if [ ! -d /home/$MY_USERNAME ]; then if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user." echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
exit 1 exit 1
fi fi
@ -304,7 +304,7 @@ function parse_args {
exit 2 exit 2
fi fi
fi fi
if [ ! $MY_USERNAME ]; then if [ ! "$MY_USERNAME" ]; then
echo 'No username specified' echo 'No username specified'
show_help show_help
exit 3 exit 3
@ -312,11 +312,11 @@ function parse_args {
if [[ $SYSTEM_TYPE != "mesh"* ]]; then if [[ $SYSTEM_TYPE != "mesh"* ]]; then
if [[ "$DDNS_PROVIDER" != 'none' ]]; then if [[ "$DDNS_PROVIDER" != 'none' ]]; then
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
if [ ! $DDNS_USERNAME ]; then if [ ! "$DDNS_USERNAME" ]; then
echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option' echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
exit 7823 exit 7823
fi fi
if [ ! $DDNS_PASSWORD ]; then if [ ! "$DDNS_PASSWORD" ]; then
echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option' echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
exit 6382 exit 6382
fi fi
@ -324,7 +324,7 @@ function parse_args {
fi fi
fi fi
if [ ! $SYSTEM_TYPE ]; then if [ ! "$SYSTEM_TYPE" ]; then
SYSTEM_TYPE=$'full' SYSTEM_TYPE=$'full'
write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE" write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE"
fi fi
@ -338,8 +338,7 @@ function parse_args {
# run some initial tests # run some initial tests
clear clear
${PROJECT_NAME}-tests if ! "${PROJECT_NAME}-tests"; then
if [ ! "$?" = "0" ]; then
exit 768252 exit 768252
fi fi
@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions
setup_utils setup_utils
setup_email setup_email
setup_web setup_web
setup_apps $command_options setup_apps "$command_options"
setup_final setup_final
echo '' echo ''

View File

@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
# Don't pin certs by default # Don't pin certs by default
@ -145,11 +145,11 @@ do
;; ;;
--dhkey) --dhkey)
shift shift
DH_KEYLENGTH=${1} DH_KEYLENGTH="${1}"
;; ;;
--pin) --pin)
shift shift
PIN_CERTS=${1} PIN_CERTS="${1}"
;; ;;
*) *)
# unknown option # unknown option
@ -158,8 +158,8 @@ do
shift shift
done done
if [ ! $HOSTNAME ]; then if [ ! "$HOSTNAME" ]; then
if [ ! $LETSENCRYPT_HOSTNAME ]; then if [ ! "$LETSENCRYPT_HOSTNAME" ]; then
echo $'No hostname specified' echo $'No hostname specified'
exit 5748 exit 5748
fi fi
@ -180,16 +180,16 @@ function remove_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME CERTFILE=$LETSENCRYPT_HOSTNAME
# disable the site if needed # disable the site if needed
if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then
if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then
nginx_dissite ${LETSENCRYPT_HOSTNAME} nginx_dissite "${LETSENCRYPT_HOSTNAME}"
fi fi
fi fi
# remove the cert # remove the cert
rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}* rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*"
rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}* rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*"
rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf"
# restart the web server # restart the web server
systemctl restart nginx systemctl restart nginx
@ -199,14 +199,14 @@ function add_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME CERTFILE=$LETSENCRYPT_HOSTNAME
# obtain the email address for the admin user # obtain the email address for the admin user
if [ ! $MY_EMAIL_ADDRESS ]; then if [ ! "$MY_EMAIL_ADDRESS" ]; then
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
read_config_param MY_EMAIL_ADDRESS read_config_param MY_EMAIL_ADDRESS
fi fi
fi fi
if [ ! $MY_EMAIL_ADDRESS ]; then if [ ! "$MY_EMAIL_ADDRESS" ]; then
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
if grep -q "Admin user:" $COMPLETION_FILE; then if grep -q "Admin user:" "$COMPLETION_FILE"; then
function_check get_completion_param function_check get_completion_param
ADMIN_USER=$(get_completion_param "Admin user") ADMIN_USER=$(get_completion_param "Admin user")
if [ ${#ADMIN_USER} -eq 0 ]; then if [ ${#ADMIN_USER} -eq 0 ]; then
@ -232,8 +232,7 @@ function add_cert_letsencrypt {
chgrp -R root /etc/letsencrypt chgrp -R root /etc/letsencrypt
chmod -R 777 /etc/letsencrypt chmod -R 777 /etc/letsencrypt
certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then
if [ ! "$?" = "0" ]; then
echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
echo $'Also see https://letsencrypt.status.io to check for any service outages' echo $'Also see https://letsencrypt.status.io to check for any service outages'
chgrp -R ssl-cert /etc/letsencrypt chgrp -R ssl-cert /etc/letsencrypt
@ -245,42 +244,42 @@ function add_cert_letsencrypt {
fi fi
# replace some legacy filenames # replace some legacy filenames
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
# link the private key # link the private key
if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then
mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old"
else else
rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
fi fi
fi fi
if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
fi fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
# link the public key # link the public key
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old"
else else
rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
fi fi
if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem"
update_default_domain update_default_domain
@ -291,12 +290,11 @@ function add_cert_letsencrypt {
chmod -R g=rX /etc/letsencrypt chmod -R g=rX /etc/letsencrypt
chown -R root:ssl-cert /etc/letsencrypt chown -R root:ssl-cert /etc/letsencrypt
nginx_ensite ${LETSENCRYPT_HOSTNAME} nginx_ensite "${LETSENCRYPT_HOSTNAME}"
systemctl start nginx systemctl start nginx
if [ $PIN_CERTS ]; then if [ "$PIN_CERTS" ]; then
${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then
if [ ! "$?" = "0" ]; then
echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
exit 62878 exit 62878
fi fi
@ -304,21 +302,20 @@ function add_cert_letsencrypt {
} }
function add_cert_selfsigned { function add_cert_selfsigned {
if [[ $ORGANISATION == "Freedombone-CA" ]]; then if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then
CERTFILE="ca-$HOSTNAME" CERTFILE="ca-$HOSTNAME"
fi fi
openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \ openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \ -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \ -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
-out /etc/ssl/certs/${CERTFILE}.crt -out "/etc/ssl/certs/${CERTFILE}.crt"
chmod 400 /etc/ssl/private/${CERTFILE}.key chmod 400 "/etc/ssl/private/${CERTFILE}.key"
chmod 640 /etc/ssl/certs/${CERTFILE}.crt chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
if [ $PIN_CERTS ]; then if [ "$PIN_CERTS" ]; then
${PROJECT_NAME}-pin-cert $CERTFILE if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
if [ ! "$?" = "0" ]; then
echo $"Certificate for $CERTFILE could not be pinned" echo $"Certificate for $CERTFILE could not be pinned"
exit 62879 exit 62879
fi fi
@ -326,9 +323,9 @@ function add_cert_selfsigned {
} }
function generate_dh_params { function generate_dh_params {
if [ ! $NODH ]; then if [ ! "$NODH" ]; then
if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then
${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes
fi fi
fi fi
} }
@ -346,12 +343,12 @@ function make_cert_bundle {
} }
function create_cert { function create_cert {
if [ $remove_cert ]; then if [ "$remove_cert" ]; then
remove_cert_letsencrypt remove_cert_letsencrypt
return return
fi fi
if [ $LETSENCRYPT_HOSTNAME ]; then if [ "$LETSENCRYPT_HOSTNAME" ]; then
add_cert_letsencrypt add_cert_letsencrypt
else else
add_cert_selfsigned add_cert_selfsigned

View File

@ -82,19 +82,19 @@ do
shift shift
done done
if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then
show_help show_help
fi fi
if [ ${#EMAILADDRESS} -lt 2 ]; then if [ "${#EMAILADDRESS}" -lt 2 ]; then
if [ ${#SUBJECT_TEXT} -lt 2 ]; then if [ ${#SUBJECT_TEXT} -lt 2 ]; then
show_help show_help
fi fi
fi fi
MUTTRC=/home/$MYUSERNAME/.muttrc MUTTRC="/home/$MYUSERNAME/.muttrc"
PM=/home/$MYUSERNAME/.procmailrc PM="/home/$MYUSERNAME/.procmailrc"
LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME"
proc_rule=" * ^From:.*$EMAILADDRESS" proc_rule=" * ^From:.*$EMAILADDRESS"
proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME" proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME"
@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then
fi fi
if [ ! -d "$LISTDIR" ]; then if [ ! -d "$LISTDIR" ]; then
mkdir -m 700 $LISTDIR mkdir -m 700 "$LISTDIR"
mkdir -m 700 $LISTDIR/tmp mkdir -m 700 "$LISTDIR/tmp"
mkdir -m 700 $LISTDIR/new mkdir -m 700 "$LISTDIR/new"
mkdir -m 700 $LISTDIR/cur mkdir -m 700 "$LISTDIR/cur"
fi fi
chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
if ! grep -q "$proc_comment" $PM; then if ! grep -q "$proc_comment" "$PM"; then
if [[ $PUBLIC != "yes" ]]; then if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage # private emails go after the encryption stage
echo '' >> $PM { echo '';
echo "$proc_comment" >> $PM echo "$proc_comment";
echo ":0" >> $PM echo ":0";
echo "$proc_rule" >> $PM echo "$proc_rule";
echo "$LISTDIR/new" >> $PM echo "$LISTDIR/new";
echo "# End of rule" >> $PM echo "# End of rule"; } >> "$PM"
else else
# public emails are copied before the encryption stage # public emails are copied before the encryption stage
if ! grep -q '# encrypt' $PM; then if ! grep -q '# encrypt' "$PM"; then
echo '' >> $PM { echo '';
echo "$proc_comment" >> $PM echo "$proc_comment";
echo ":0" >> $PM echo ":0";
echo "$proc_rule" >> $PM echo "$proc_rule";
echo "$LISTDIR/new" >> $PM echo "$LISTDIR/new";
echo "# End of rule" >> $PM echo "# End of rule"; } >> "$PM"
else else
filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n") sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
sed -i "/# encrypt/i ${filter}" $PM
fi fi
fi fi
chown $MYUSERNAME:$MYUSERNAME $PM chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
fi fi
if [ ! -f "$MUTTRC" ]; then if [ ! -f "$MUTTRC" ]; then
cp /etc/Muttrc $MUTTRC cp /etc/Muttrc "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
PROCMAILLOG=/home/$MYUSERNAME/log PROCMAILLOG=/home/$MYUSERNAME/log
if [ ! -d $PROCMAILLOG ]; then if [ ! -d "$PROCMAILLOG" ]; then
mkdir $PROCMAILLOG mkdir "$PROCMAILLOG"
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi fi
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then
if ! grep -q "=$GROUP_NAME" $MUTTRC; then if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
fi fi

View File

@ -82,89 +82,84 @@ do
shift shift
done done
if [ ! $MYUSERNAME ]; then if [ ! "$MYUSERNAME" ]; then
show_help show_help
fi fi
if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then
show_help show_help
fi fi
MUTTRC=/home/$MYUSERNAME/.muttrc MUTTRC="/home/$MYUSERNAME/.muttrc"
PM=/home/$MYUSERNAME/.procmailrc PM="/home/$MYUSERNAME/.procmailrc"
LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST"
if grep -q "=$MAILINGLIST" $MUTTRC; then if grep -q "=$MAILINGLIST" "$MUTTRC"; then
echo $"Mailing list $MAILINGLIST was already added" echo $"Mailing list $MAILINGLIST was already added"
fi fi
if [ ! -d "$LISTDIR" ]; then if [ ! -d "$LISTDIR" ]; then
mkdir -m 700 $LISTDIR mkdir -m 700 "$LISTDIR"
mkdir -m 700 $LISTDIR/tmp mkdir -m 700 "$LISTDIR/tmp"
mkdir -m 700 $LISTDIR/new mkdir -m 700 "$LISTDIR/new"
mkdir -m 700 $LISTDIR/cur mkdir -m 700 "$LISTDIR/cur"
fi fi
chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
if [ ${#SUBJECTTAG} -gt 0 ]; then if [ ${#SUBJECTTAG} -gt 0 ]; then
# use the subject tag # use the subject tag
if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then
if [[ $PUBLIC != "yes" ]]; then if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage # private emails go after the encryption stage
filter=" { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
# Email rule for $MAILINGLIST subject [$SUBJECTTAG] echo ":0";
:0 echo " * ^Subject:.*()\\[$SUBJECTTAG\\]";
* ^Subject:.*()\[$SUBJECTTAG\] echo "$LISTDIR/new";
$LISTDIR/new echo "# End of rule";
# End of rule echo ""; } >> "$PM"
"
echo "$filter" >> $PM
else else
# public emails are copied before hte encryption stage # public emails are copied before hte encryption stage
if ! grep -q '# encrypt' $PM; then if ! grep -q '# encrypt' "$PM"; then
filter=" { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
# Email rule for $MAILINGLIST subject [$SUBJECTTAG] echo ":0";
:0 echo " * ^Subject:.*()\\[$SUBJECTTAG\\]";
* ^Subject:.*()\[$SUBJECTTAG\] echo "$LISTDIR/new";
$LISTDIR/new echo "# End of rule";
# End of rule echo ""; } >> "$PM"
"
echo "$filter" >> $PM
else else
filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n") sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
sed -i "/# encrypt/i ${filter}" $PM
fi fi
fi fi
chown $MYUSERNAME:$MYUSERNAME $PM chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
fi fi
else else
exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC) exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")"
fi fi
if [ ! -f "$MUTTRC" ]; then if [ ! -f "$MUTTRC" ]; then
cp /etc/Muttrc $MUTTRC cp /etc/Muttrc "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
PROCMAILLOG=/home/$MYUSERNAME/log PROCMAILLOG="/home/$MYUSERNAME/log"
if [ ! -d $PROCMAILLOG ]; then if [ ! -d "$PROCMAILLOG" ]; then
mkdir $PROCMAILLOG mkdir "$PROCMAILLOG"
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi fi
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then
if ! grep -q "=$MAILINGLIST" $MUTTRC; then if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
fi fi
if [ $LIST_ADDRESS ]; then if [ "$LIST_ADDRESS" ]; then
sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC"
if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then
echo "subscribe $LIST_ADDRESS" >> $MUTTRC echo "subscribe $LIST_ADDRESS" >> "$MUTTRC"
fi fi
fi fi

View File

@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
PROJECT_INSTALL_DIR=/usr/local/bin PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
PROJECT_INSTALL_DIR=/usr/bin PROJECT_INSTALL_DIR=/usr/bin
fi fi
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
# Start including files # Start including files
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
# End including files # End including files
@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed {
return return
fi fi
if [ -f $REMOVED_APPS_FILE ]; then if [ -f "$REMOVED_APPS_FILE" ]; then
rm $REMOVED_APPS_FILE rm "$REMOVED_APPS_FILE"
fi fi
app_index=0 app_index=0
for app_name in "${APPS_AVAILABLE[@]}" for app_name in "${APPS_AVAILABLE[@]}"
do do
if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then
echo "_${app_name}_" >> $REMOVED_APPS_FILE echo "_${app_name}_" >> "$REMOVED_APPS_FILE"
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
} }
@ -93,7 +93,7 @@ function app_expected_to_be_installed {
echo "0" echo "0"
return return
fi fi
if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
echo "0" echo "0"
return return
fi fi
@ -102,7 +102,7 @@ function app_expected_to_be_installed {
} }
function show_apps { function show_apps {
select_all_apps=$1 select_all_apps="$1"
applist="" applist=""
n=1 n=1
app_index=0 app_index=0
@ -117,19 +117,20 @@ function show_apps {
applist="$applist $n $a on" applist="$applist $n $a on"
fi fi
fi fi
n=$[n+1] n=$((n+1))
app_index=$[app_index+1] app_index=$((app_index+1))
done done
choices=$(dialog --stdout --backtitle $"Freedombone" \ choices=$(dialog --stdout --backtitle $"Freedombone" \
--title $"Add/Remove Applications" \ --title $"Add/Remove Applications" \
--checklist $'Choose:' \ --checklist $'Choose:' \
27 40 20 $applist) 27 40 20 "$applist")
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
for choice in $choices for choice in $choices
do do
app_index=$[choice-1] app_index=$((choice-1))
APPS_CHOSEN[$app_index]="1" APPS_CHOSEN[$app_index]="1"
done done
else else
@ -151,10 +152,10 @@ function remove_apps_selected {
else else
removals="${APPS_AVAILABLE[$app_index]}" removals="${APPS_AVAILABLE[$app_index]}"
fi fi
n=$[n+1] n=$((n+1))
fi fi
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
# if no apps to be removed then don't do anything # if no apps to be removed then don't do anything
@ -166,7 +167,7 @@ function remove_apps_selected {
dialog --title $"Remove applications" \ dialog --title $"Remove applications" \
--backtitle $"Freedombone" \ --backtitle $"Freedombone" \
--defaultno \ --defaultno \
--yesno $"\nYou have chosen to remove $n apps.\n\n $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60 --yesno $"\\nYou have chosen to remove $n apps.\\n\\n $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
@ -195,10 +196,10 @@ function install_apps_selected {
else else
installs="${APPS_AVAILABLE[$app_index]}" installs="${APPS_AVAILABLE[$app_index]}"
fi fi
n=$[n+1] n=$((n+1))
fi fi
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
# if no apps to be installed then don't do anything # if no apps to be installed then don't do anything
@ -212,13 +213,13 @@ function install_apps_selected {
dialog --title $"$installs" \ dialog --title $"$installs" \
--backtitle $"Freedombone" \ --backtitle $"Freedombone" \
--defaultno \ --defaultno \
--yesno $"\nThis will install the $installs app\n\nProceed?" 9 40 --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40
else else
dialog_height=$((15 + $n)) dialog_height=$((15 + "$n"))
dialog --title $"Add applications" \ dialog --title $"Add applications" \
--backtitle $"Freedombone" \ --backtitle $"Freedombone" \
--defaultno \ --defaultno \
--yesno $"\nYou have chosen to install $n apps\n\n $installs\n\nProceed?" $dialog_height 60 --yesno $"\\nYou have chosen to install $n apps\\n\\n $installs\\n\\nProceed?" $dialog_height 60
fi fi
sel=$? sel=$?
case $sel in case $sel in
@ -232,14 +233,13 @@ function install_apps_selected {
# install the apps # install the apps
read_configuration read_configuration
install_apps interactive install_apps interactive
if [ ! $APP_INSTALLED_SUCCESS ]; then if [ ! "$APP_INSTALLED_SUCCESS" ]; then
echo $'One or more apps failed to install' echo $'One or more apps failed to install'
fi fi
} }
if [[ $1 == "test"* ]]; then if [[ $1 == "test"* ]]; then
${PROJECT_NAME}-tests if ! ${PROJECT_NAME}-tests; then
if [ ! "$?" = "0" ]; then
exit 2 exit 2
fi fi
fi fi
@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then
exit 1 exit 1
fi fi
show_apps $1 show_apps "$1"
mark_unselected_apps_as_removed $1 mark_unselected_apps_as_removed "$1"
clear clear

View File

@ -34,18 +34,18 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-adduser export TEXTDOMAIN=${PROJECT_NAME}-adduser
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
ADD_USERNAME=$1 ADD_USERNAME=$1
@ -55,35 +55,35 @@ SSH_PORT=2222
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
if [ ! $ADD_USERNAME ]; then if [ ! "$ADD_USERNAME" ]; then
echo $'No username was given' echo $'No username was given'
exit 1 exit 1
fi fi
if [ -d /home/$ADD_USERNAME ]; then if [ -d "/home/$ADD_USERNAME" ]; then
echo $"The user $ADD_USERNAME already exists" echo $"The user $ADD_USERNAME already exists"
exit 2 exit 2
fi fi
if [ ! -f $COMPLETION_FILE ]; then if [ ! -f "$COMPLETION_FILE" ]; then
echo $"$COMPLETION_FILE not found" echo $"$COMPLETION_FILE not found"
userdel -r $ADD_USERNAME userdel -r "$ADD_USERNAME"
exit 3 exit 3
fi fi
# Minimum number of characters in a password # Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
chmod 600 /etc/shadow chmod 600 /etc/shadow
chmod 600 /etc/gshadow chmod 600 /etc/gshadow
useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
adduser $ADD_USERNAME sasl adduser "$ADD_USERNAME" sasl
groupadd $ADD_USERNAME groupadd "$ADD_USERNAME"
chmod 0000 /etc/shadow chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow chmod 0000 /etc/gshadow
if [ ! -d /home/$ADD_USERNAME ]; then if [ ! -d "/home/$ADD_USERNAME" ]; then
echo $'Home directory was not created' echo $'Home directory was not created'
exit 4 exit 4
fi fi
@ -91,15 +91,15 @@ fi
if [ "$SSH_PUBLIC_KEY" ]; then if [ "$SSH_PUBLIC_KEY" ]; then
if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
if [ -f "$SSH_PUBLIC_KEY" ]; then if [ -f "$SSH_PUBLIC_KEY" ]; then
mkdir /home/$ADD_USERNAME/.ssh mkdir "/home/$ADD_USERNAME/.ssh"
cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed' echo $'ssh public key installed'
else else
if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
mkdir /home/$ADD_USERNAME/.ssh mkdir "/home/$ADD_USERNAME/.ssh"
echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed' echo $'ssh public key installed'
else else
echo $'The second parameter does not look like an ssh key' echo $'The second parameter does not look like an ssh key'
@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then
fi fi
fi fi
if [ -d /home/$ADD_USERNAME/Maildir ]; then if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
else else
echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
fi fi
USERN='$USER@' sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
fi fi
# generate a gpg key # generate a gpg key
echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME" echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
mkdir /home/$ADD_USERNAME/.gnupg mkdir "/home/$ADD_USERNAME/.gnupg"
echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf { echo "keyserver $GPG_KEYSERVER";
echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'keyserver-options auto-key-retrieve';
echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo '';
echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo '# default preferences';
echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'personal-digest-preferences SHA256';
echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'cert-digest-algo SHA256';
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
chmod 700 /home/$ADD_USERNAME/.gnupg chmod 700 "/home/$ADD_USERNAME/.gnupg"
chmod 600 /home/$ADD_USERNAME/.gnupg/* chmod 600 "/home/$ADD_USERNAME/.gnupg/*"
# Generate a GPG key # Generate a GPG key
echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf { echo 'Key-Type: eddsa';
echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf echo 'Key-Curve: Ed25519';
echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf echo 'Subkey-Type: eddsa';
echo "Name-Real: $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf echo "Name-Real: $ADD_USERNAME";
echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf echo 'Expire-Date: 0';
echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
shred -zu /home/$ADD_USERNAME/gpg-genkey.conf shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME") MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then
echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID" echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
userdel -r $ADD_USERNAME userdel -r "$ADD_USERNAME"
exit 7 exit 7
fi fi
gpg_agent_setup $ADD_USERNAME gpg_agent_setup "$ADD_USERNAME"
# add a monkeysphere subkey # add a monkeysphere subkey
#echo $'Adding monkeysphere subkey' #echo $'Adding monkeysphere subkey'
@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME
#echo $'Updating monkeysphere users' #echo $'Updating monkeysphere users'
#monkeysphere-authentication update-users #monkeysphere-authentication update-users
if [ -f /home/$ADD_USERNAME/.muttrc ]; then if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
# encrypt outgoing mail to the "sent" folder # encrypt outgoing mail to the "sent" folder
if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
echo '' >> /home/$ADD_USERNAME/.muttrc { echo '';
echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc echo $'# Encrypt items in the Sent folder';
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
else else
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
fi fi
if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
else else
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
fi fi
fi fi
if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then
echo '' >> /home/$ADD_USERNAME/README { echo '';
echo '' >> /home/$ADD_USERNAME/README echo '';
echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README echo $'# Change your GPG password';
echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README echo $"It's very important to add a password to your GPG key so that";
echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README echo $"if anyone does get access to your email they still won't be able";
echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README echo $'to read them without knowning the GPG password.';
echo $'You can change the it with:' >> /home/$ADD_USERNAME/README echo $'You can change the it with:';
echo '' >> /home/$ADD_USERNAME/README echo '';
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID";
echo ' passwd' >> /home/$ADD_USERNAME/README echo ' passwd';
echo ' save' >> /home/$ADD_USERNAME/README echo ' save';
echo ' quit' >> /home/$ADD_USERNAME/README echo ' quit'; } >> "/home/$ADD_USERNAME/README"
fi fi
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README"
chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY"
chmod 600 /home/$ADD_USERNAME/README chmod 600 "/home/$ADD_USERNAME/README"
echo $'Detecting installed apps...' echo $'Detecting installed apps...'
detect_apps detect_apps
get_apps_installed_names get_apps_installed_names
for app_name in "${APPS_INSTALLED_NAMES[@]}" for app_name in "${APPS_INSTALLED_NAMES[@]}"
do do
if [[ $(function_exists add_user_${app_name}) == "1" ]]; then if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
echo $"Adding user to ${app_name}" echo $"Adding user to ${app_name}"
app_load_variables ${app_name} app_load_variables "${app_name}"
retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1) retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
if [[ $retval != '0' ]]; then if [[ $retval != '0' ]]; then
echo $"Failed with error code ${retval}" echo $"Failed with error code ${retval}"
${PROJECT_NAME}-rmuser $ADD_USERNAME --force "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force
exit 672392 exit 672392
fi fi
if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
fi fi
fi fi
done done
if [ -f /etc/nginx/.htpasswd ]; then if [ -f /etc/nginx/.htpasswd ]; then
if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
fi fi
fi fi
# add user menu on ssh login # add user menu on ssh login
if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
echo 'controluser' >> /home/$ADD_USERNAME/.bashrc echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
fi fi
# fix some gpg strangeness when searching for keys # fix some gpg strangeness when searching for keys
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
chmod +x /home/$ADD_USERNAME/.gnupg/crls.d chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
fi fi
${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD" "${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
gpg_agent_enable $ADD_USERNAME gpg_agent_enable "$ADD_USERNAME"
clear clear

View File

@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY
MY_USERNAME) MY_USERNAME)
function akaunting_remove_bad_links { function akaunting_remove_bad_links {
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658
# copy jquery locally # copy jquery locally
jquery_version='1.12.4' jquery_version='1.12.4'
if [ ! -f jquery-${jquery_version}.js ]; then if [ ! -f jquery-${jquery_version}.js ]; then
cd /var/www/$GHOST_DOMAIN_NAME/htdocs cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
wget https://code.jquery.com/jquery-${jquery_version}.js wget https://code.jquery.com/jquery-${jquery_version}.js
jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@ -74,7 +74,7 @@ function akaunting_remove_bad_links {
sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css
sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html
chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
} }
function logging_on_akaunting { function logging_on_akaunting {
@ -88,65 +88,66 @@ function logging_off_akaunting {
function remove_user_akaunting { function remove_user_akaunting {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting
} }
function add_user_akaunting { function add_user_akaunting {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password"
echo '0' echo '0'
} }
function install_interactive_akaunting { function install_interactive_akaunting {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
AKAUNTING_DOMAIN_NAME='akaunting.local' AKAUNTING_DOMAIN_NAME='akaunting.local'
else else
AKAUNTING_DETAILS_COMPLETE= AKAUNTING_DETAILS_COMPLETE=
while [ ! $AKAUNTING_DETAILS_COMPLETE ] while [ ! $AKAUNTING_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Akaunting Configuration" \ --title $"Akaunting Configuration" \
--form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Akaunting Configuration" \ --title $"Akaunting Configuration" \
--form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p) AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $AKAUNTING_DOMAIN_NAME ]; then if [ "$AKAUNTING_DOMAIN_NAME" ]; then
if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
AKAUNTING_DOMAIN_NAME="" AKAUNTING_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then
AKAUNTING_DOMAIN_NAME= AKAUNTING_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
AKAUNTING_CODE=$(cat $data | sed -n 2p) AKAUNTING_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$AKAUNTING_CODE" validate_freedns_code "$AKAUNTING_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
AKAUNTING_DOMAIN_NAME= AKAUNTING_DOMAIN_NAME=
fi fi
fi fi
@ -155,6 +156,7 @@ function install_interactive_akaunting {
if [ $AKAUNTING_DOMAIN_NAME ]; then if [ $AKAUNTING_DOMAIN_NAME ]; then
AKAUNTING_DETAILS_COMPLETE="yes" AKAUNTING_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE" write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE"
@ -169,23 +171,23 @@ function change_password_akaunting {
read_config_param 'AKAUNTING_DOMAIN_NAME' read_config_param 'AKAUNTING_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password"
} }
function akaunting_create_database { function akaunting_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_akaunting { function reconfigure_akaunting {
@ -198,70 +200,69 @@ function upgrade_akaunting {
return return
fi fi
if grep -q "akaunting domain" $COMPLETION_FILE; then if grep -q "akaunting domain" "$COMPLETION_FILE"; then
AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain") AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835
install_composer install_composer
akaunting_remove_bad_links akaunting_remove_bad_links
chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
} }
function backup_local_akaunting { function backup_local_akaunting {
akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
if [ -d $akaunting_path ]; then if [ -d "$akaunting_path" ]; then
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb akaunting backup_database_to_usb akaunting
backup_directory_to_usb $akaunting_path akaunting backup_directory_to_usb "$akaunting_path" akaunting
restart_site restart_site
fi fi
} }
function restore_local_akaunting { function restore_local_akaunting {
temp_restore_dir=/root/tempakaunting temp_restore_dir=/root/tempakaunting
akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check akaunting_create_database function_check akaunting_create_database
akaunting_create_database akaunting_create_database
restore_database akaunting ${AKAUNTING_DOMAIN_NAME} restore_database akaunting "${AKAUNTING_DOMAIN_NAME}"
chown www-data:www-data $akaunting_dir chown www-data:www-data "$akaunting_dir"
restart_site restart_site
} }
function backup_remote_akaunting { function backup_remote_akaunting {
akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
if [ -d $akaunting_path ]; then if [ -d "$akaunting_path" ]; then
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend akaunting backup_database_to_friend akaunting
backup_directory_to_friend $akaunting_path akaunting backup_directory_to_friend "$akaunting_path" akaunting
restart_site restart_site
fi fi
} }
function restore_remote_akaunting { function restore_remote_akaunting {
temp_restore_dir=/root/tempakaunting akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check akaunting_create_database function_check akaunting_create_database
akaunting_create_database akaunting_create_database
restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME} restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}"
chown www-data:www-data $akaunting_dir chown www-data:www-data "$akaunting_dir"
restart_site restart_site
} }
@ -274,28 +275,28 @@ function remove_akaunting {
read_config_param "AKAUNTING_DOMAIN_NAME" read_config_param "AKAUNTING_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $AKAUNTING_DOMAIN_NAME" echo "Removing $AKAUNTING_DOMAIN_NAME"
nginx_dissite $AKAUNTING_DOMAIN_NAME nginx_dissite "$AKAUNTING_DOMAIN_NAME"
remove_certs $AKAUNTING_DOMAIN_NAME remove_certs "$AKAUNTING_DOMAIN_NAME"
if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
rm -rf /var/www/$AKAUNTING_DOMAIN_NAME rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database akaunting drop_database akaunting
function_check remove_onion_service function_check remove_onion_service
remove_onion_service akaunting ${AKAUNTING_ONION_PORT} remove_onion_service akaunting "${AKAUNTING_ONION_PORT}"
if grep -q "akaunting" /etc/crontab; then if grep -q "akaunting" /etc/crontab; then
sed -i "/akaunting/d" /etc/crontab sed -i "/akaunting/d" /etc/crontab
fi fi
remove_app akaunting remove_app akaunting
remove_completion_param install_akaunting remove_completion_param install_akaunting
sed -i '/akaunting/d' $COMPLETION_FILE sed -i '/akaunting/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $AKAUNTING_DOMAIN_NAME remove_ddns_domain "$AKAUNTING_DOMAIN_NAME"
} }
function install_akaunting { function install_akaunting {
@ -303,7 +304,7 @@ function install_akaunting {
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $AKAUNTING_DOMAIN_NAME ]; then if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then
echo $'No domain name was given for akaunting' echo $'No domain name was given for akaunting'
exit 89353 exit 89353
fi fi
@ -317,142 +318,142 @@ function install_akaunting {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
mkdir /var/www/$AKAUNTING_DOMAIN_NAME mkdir "/var/www/$AKAUNTING_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/akaunting ]; then if [ -d /repos/akaunting ]; then
mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone akaunting repo' echo $'Unable to clone akaunting repo'
exit 2589389 exit 2589389
fi fi
fi fi
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527
git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT"
set_completion_param "akaunting commit" "$AKAUNTING_COMMIT" set_completion_param "akaunting commit" "$AKAUNTING_COMMIT"
chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524
install_composer install_composer
function_check akaunting_create_database function_check akaunting_create_database
akaunting_create_database akaunting_create_database
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $AKAUNTING_DOMAIN_NAME add_ddns_domain "$AKAUNTING_DOMAIN_NAME"
AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT}) AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT})
akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php" nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php"
echo 'server {' >> $akaunting_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $akaunting_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $akaunting_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site echo " server_name $AKAUNTING_DOMAIN_NAME;";
echo '' >> $akaunting_nginx_site echo ''; } >> "$akaunting_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $AKAUNTING_DOMAIN_NAME nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> $akaunting_nginx_site echo '' >> "$akaunting_nginx_site"
echo ' # Security' >> $akaunting_nginx_site echo ' # Security' >> "$akaunting_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $AKAUNTING_DOMAIN_NAME nginx_ssl "$AKAUNTING_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $akaunting_nginx_site echo '';
echo ' access_log /dev/null;' >> $akaunting_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $akaunting_nginx_site echo ' error_log /dev/null;';
echo '' >> $akaunting_nginx_site echo '';
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
echo '' >> $akaunting_nginx_site echo '';
echo ' index index.php;' >> $akaunting_nginx_site echo ' index index.php;';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ \.php {' >> $akaunting_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location / {' >> $akaunting_nginx_site echo ' location / {'; } >> "$akaunting_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $AKAUNTING_DOMAIN_NAME '15m' nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site { echo " try_files \$uri \$uri/ @akaunting;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location @akaunting {' >> $akaunting_nginx_site echo ' location @akaunting {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $akaunting_nginx_site echo ' deny all;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo '}' >> $akaunting_nginx_site echo '}'; } >> "$akaunting_nginx_site"
else else
echo -n '' > $akaunting_nginx_site echo -n '' > "$akaunting_nginx_site"
fi fi
echo 'server {' >> $akaunting_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;";
echo " server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site echo " server_name $AKAUNTING_ONION_HOSTNAME;";
echo '' >> $akaunting_nginx_site echo ''; } >> "$akaunting_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $AKAUNTING_DOMAIN_NAME nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> $akaunting_nginx_site echo '' >> "$akaunting_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
echo '' >> $akaunting_nginx_site { echo '';
echo ' access_log /dev/null;' >> $akaunting_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $akaunting_nginx_site echo ' error_log /dev/null;';
echo '' >> $akaunting_nginx_site echo '';
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
echo '' >> $akaunting_nginx_site echo '';
echo ' index index.php;' >> $akaunting_nginx_site echo ' index index.php;';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ \.php {' >> $akaunting_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location / {' >> $akaunting_nginx_site echo ' location / {'; } >> "$akaunting_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $AKAUNTING_DOMAIN_NAME '15m' nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site { echo " try_files \$uri \$uri/ @akaunting;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location @akaunting {' >> $akaunting_nginx_site echo ' location @akaunting {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $akaunting_nginx_site echo ' deny all;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '}' >> $akaunting_nginx_site echo '}'; } >> "$akaunting_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes' create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes'
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $AKAUNTING_DOMAIN_NAME nginx_ensite "$AKAUNTING_DOMAIN_NAME"
akaunting_remove_bad_links akaunting_remove_bad_links
@ -460,7 +461,7 @@ function install_akaunting {
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME" set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME"

View File

@ -90,8 +90,7 @@ function restore_remote_batman {
} }
function remove_batman { function remove_batman {
${PROJECT_NAME}-mesh-install -f batman --remove yes if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then
if [ ! "$?" = "0" ]; then
echo $'Failed to remove batman' echo $'Failed to remove batman'
exit 79353 exit 79353
fi fi
@ -100,45 +99,46 @@ function remove_batman {
} }
function mesh_install_batman { function mesh_install_batman {
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
chroot "$rootdir" apt-get -yq install wireless-tools rfkill chroot "$rootdir" apt-get -yq install wireless-tools rfkill
if ! grep -q "batman_adv" $rootdir/etc/modules; then if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
echo 'batman_adv' >> $rootdir/etc/modules echo 'batman_adv' >> "$rootdir/etc/modules"
fi fi
BATMAN_SCRIPT=$rootdir/var/lib/batman BATMAN_SCRIPT=$rootdir/var/lib/batman
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
else else
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
fi fi
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
echo '[Unit]' > $BATMAN_DAEMON { echo '[Unit]';
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON echo 'Description=B.A.T.M.A.N. Advanced';
echo 'After=network.target' >> $BATMAN_DAEMON echo 'After=network.target';
echo '' >> $BATMAN_DAEMON echo '';
echo '[Service]' >> $BATMAN_DAEMON echo '[Service]';
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON echo 'RemainAfterExit=yes';
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON echo "ExecStart=/var/lib/batman start";
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON echo "ExecStop=/var/lib/batman stop";
echo 'Restart=on-failure' >> $BATMAN_DAEMON echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON echo 'RestartForceExitStatus=3 4';
echo '' >> $BATMAN_DAEMON echo '';
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON echo '# Allow time for the server to start/stop';
echo 'TimeoutSec=300' >> $BATMAN_DAEMON echo 'TimeoutSec=300';
echo '' >> $BATMAN_DAEMON echo '';
echo '[Install]' >> $BATMAN_DAEMON echo '[Install]';
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
chroot "$rootdir" systemctl enable batman chroot "$rootdir" systemctl enable batman
} }
function install_batman { function install_batman {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_install_batman mesh_install_batman
return return
fi fi
@ -146,8 +146,7 @@ function install_batman {
return return
fi fi
${PROJECT_NAME}-mesh-install -f batman if ! "${PROJECT_NAME}-mesh-install" -f batman; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install batman' echo $'Failed to install batman'
exit 72524 exit 72524
fi fi

View File

@ -49,29 +49,29 @@ function bdsmail_configure_users {
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# Add the user to the i2p group # Add the user to the i2p group
usermod -a -G i2psvc $USERNAME usermod -a -G i2psvc "$USERNAME"
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
# Create a mutt i2p folder # Create a mutt i2p folder
if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc) MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc")
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc"
fi fi
# Create a mutt folder hook to the i2p config # Create a mutt folder hook to the i2p config
if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
echo 'folder-hook !i2p/* source ~/.muttrc' >> /home/$USERNAME/.muttrc echo 'folder-hook !i2p/* source ~/.muttrc' >> "/home/$USERNAME/.muttrc"
fi fi
if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc"
fi fi
fi fi
# Create a directory where i2p mail will be stored # Create a directory where i2p mail will be stored
if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then
mkdir -p /home/$USERNAME/Maildir/i2p/cur mkdir -p "/home/$USERNAME/Maildir/i2p/cur"
mkdir -p /home/$USERNAME/Maildir/i2p/new mkdir -p "/home/$USERNAME/Maildir/i2p/new"
chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p"
fi fi
fi fi
done done
@ -93,18 +93,18 @@ function add_user_bdsmail {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
if [ ! -d /home/$new_username/.mutt ]; then if [ ! -d "/home/$new_username/.mutt" ]; then
mkdir /home/$new_username/.mutt mkdir "/home/$new_username/.mutt"
cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt"
fi fi
read_config_param MY_USERNAME read_config_param MY_USERNAME
BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail) BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail)
sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail"
sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail"
bdsmail_configure_users bdsmail_configure_users
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 57247684234
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD"
chown -R $new_username:$new_username /home/$new_username/.mutt chown -R "$new_username":"$new_username" "/home/$new_username/.mutt"
echo '0' echo '0'
} }
@ -117,16 +117,16 @@ function change_password_bdsmail {
curr_username="$1" curr_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password"
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
cd $BDSMAIL_DIR cd $BDSMAIL_DIR
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
fi fi
done done
} }
@ -136,9 +136,9 @@ function bdsmail_update_domain {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail"
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
fi fi
done done
} }
@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation {
sleep 30 sleep 30
bds_domain=$(bdsmail_domain) bds_domain=$(bdsmail_domain)
sleep_ctr=$((sleep_ctr + 1)) sleep_ctr=$((sleep_ctr + 1))
if [ $sleep_ctr -gt 100 ]; then if [ "$sleep_ctr" -gt 100 ]; then
break break
fi fi
done done
@ -178,9 +178,9 @@ function upgrade_bdsmail {
fi fi
# update to the next commit # update to the next commit
set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO"
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2457245
make GOROOT=/home/go/go${GO_VERSION} make GOROOT="/home/go/go${GO_VERSION}"
chown -R i2psvc:i2psvc $BDSMAIL_DIR chown -R i2psvc:i2psvc $BDSMAIL_DIR
systemctl restart bdsmail systemctl restart bdsmail
@ -210,7 +210,7 @@ function restore_local_bdsmail {
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir bdsmail restore_directory_from_usb $temp_restore_dir bdsmail
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$bdsmail_dir ]; then if [ -d $temp_restore_dir$bdsmail_dir ]; then
cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
else else
if [ ! -d $bdsmail_dir ]; then if [ ! -d $bdsmail_dir ]; then
@ -246,7 +246,7 @@ function restore_remote_bdsmail {
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir bdsmail restore_directory_from_friend $temp_restore_dir bdsmail
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$bdsmail_dir ]; then if [ -d $temp_restore_dir$bdsmail_dir ]; then
cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
else else
if [ ! -d $bdsmail_dir ]; then if [ ! -d $bdsmail_dir ]; then
@ -272,33 +272,33 @@ function remove_bdsmail {
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# remove the user from the i2p group # remove the user from the i2p group
deluser $USERNAME i2psvc deluser "$USERNAME" i2psvc
# Remove mutt folder hook to the i2p config # Remove mutt folder hook to the i2p config
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc"
fi fi
if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc"
fi fi
fi fi
# Remove folder # Remove folder
if grep -q ' =i2p' /home/$USERNAME/.muttrc; then if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
sed -i 's| =i2p||g' /home/$USERNAME/.muttrc sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc"
fi fi
# NOTE: leave Maildir/i2p/cur. We might want to archive that # NOTE: leave Maildir/i2p/cur. We might want to archive that
# or just be reinstalling the system without losing mail # or just be reinstalling the system without losing mail
rm -rf /home/$USERNAME/Maildir/i2p/new rm -rf "/home/$USERNAME/Maildir/i2p/new"
fi fi
done done
remove_i2p remove_i2p
remove_app bdsmail remove_app bdsmail
remove_completion_param install_bdsmail remove_completion_param install_bdsmail
sed -i '/bdsmail/d' $COMPLETION_FILE sed -i '/bdsmail/d' "$COMPLETION_FILE"
rm -rf /etc/skel/.mutt rm -rf /etc/skel/.mutt
if [ -d $BDSMAIL_DIR ]; then if [ -d $BDSMAIL_DIR ]; then
rm -rf $BDSMAIL_DIR rm -rf $BDSMAIL_DIR
@ -322,7 +322,7 @@ function install_bdsmail {
cd $BDSMAIL_DIR cd $BDSMAIL_DIR
git pull git pull
else else
git_clone $BDSMAIL_REPO $BDSMAIL_DIR git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
fi fi
if [ ! -d $BDSMAIL_DIR ]; then if [ ! -d $BDSMAIL_DIR ]; then
@ -331,13 +331,13 @@ function install_bdsmail {
fi fi
cd $BDSMAIL_DIR cd $BDSMAIL_DIR
git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT" set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
mkdir -p $BDSMAIL_DIR/Maildir/i2p mkdir -p $BDSMAIL_DIR/Maildir/i2p
chmod -R 700 $BDSMAIL_DIR/Maildir chmod -R 700 $BDSMAIL_DIR/Maildir
make GOROOT=/home/go/go${GO_VERSION} make GOROOT="/home/go/go${GO_VERSION}"
if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then
echo $'Unable to make bdsmail' echo $'Unable to make bdsmail'
exit 87923567842 exit 87923567842
@ -347,72 +347,72 @@ function install_bdsmail {
i2p_enable_sam i2p_enable_sam
# create configuration file # create configuration file
$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
echo '[maild]' > $BDSMAIL_DIR/config.ini { echo '[maild]':
echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT";
echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini echo 'i2pkeyfile = bdsmail-privkey.dat';
echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT";
echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini echo "bindweb = 127.0.0.1:$I2P_WEB_PORT";
echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT";
echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini echo 'domain = localhost';
echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini echo 'maildir = Maildir/i2p';
echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini echo 'database = localhost.sqlite';
echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini
echo '[Unit]' > /etc/systemd/system/bdsmail.service { echo '[Unit]';
echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service echo 'Description=bdsmail';
echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/bdsmail.service echo 'After=network.target';
echo '' >> /etc/systemd/system/bdsmail.service echo '';
echo '[Service]' >> /etc/systemd/system/bdsmail.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/bdsmail.service echo 'Type=simple';
echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service echo 'User=i2psvc';
echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service echo 'Group=i2psvc';
echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service echo "WorkingDirectory=$BDSMAIL_DIR";
echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini";
echo 'Restart=always' >> /etc/systemd/system/bdsmail.service echo 'Restart=always';
echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service echo 'Environment="USER=i2psvc"';
echo '' >> /etc/systemd/system/bdsmail.service echo '';
echo '[Install]' >> /etc/systemd/system/bdsmail.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service
echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address { echo '#!/usr/bin/env python2';
echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address echo 'import base64, hashlib, sys';
echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address echo 'with open(sys.argv[1]) as f:';
echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address
chmod +x $BDSMAIL_DIR/get_address chmod +x $BDSMAIL_DIR/get_address
chown -R i2psvc:i2psvc $BDSMAIL_DIR chown -R i2psvc:i2psvc $BDSMAIL_DIR
systemctl enable bdsmail systemctl enable bdsmail
systemctl start bdsmail systemctl start bdsmail
echo '#!/bin/bash' > /usr/bin/bdsmail_distribute { echo '#!/bin/bash';
echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute echo "BDSMAIL_DIR=$BDSMAIL_DIR";
echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')";
echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then";
echo ' exit 0' >> /usr/bin/bdsmail_distribute echo ' exit 0';
echo 'fi' >> /usr/bin/bdsmail_distribute echo 'fi';
echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute echo "for filename in \$MAIL_DIR/postmaster/new/*; do";
echo ' to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute echo " to_line=\$(cat \$filename | grep \"To: \" | head -n 1)";
echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')";
echo ' if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute echo " if [ -d /home/\$to_username/Maildir/i2p/new ]; then";
echo ' chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute echo " chown \$to_username:\$to_username \$filename";
echo ' chmod 600 $filename' >> /usr/bin/bdsmail_distribute echo " chmod 600 \$filename";
echo ' mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute echo " mv \$filename /home/\$to_username/Maildir/i2p/new";
echo ' fi' >> /usr/bin/bdsmail_distribute echo ' fi';
echo 'done' >> /usr/bin/bdsmail_distribute echo 'done'; } > /usr/bin/bdsmail_distribute
chmod +x /usr/bin/bdsmail_distribute chmod +x /usr/bin/bdsmail_distribute
if ! grep -q 'bdsmail_distribute' /etc/crontab; then if ! grep -q 'bdsmail_distribute' /etc/crontab; then
cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null' cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null'
fi fi
echo '#!/bin/bash' > /usr/bin/bdsmail_domain { echo '#!/bin/bash';
echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain echo "cd $BDSMAIL_DIR";
echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain echo 'if [ ! -f bdsmail-privkey.dat ]; then';
echo ' exit 1' >> /usr/bin/bdsmail_domain echo ' exit 1';
echo 'fi' >> /usr/bin/bdsmail_domain echo 'fi';
echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain
chmod +x /usr/bin/bdsmail_domain chmod +x /usr/bin/bdsmail_domain
echo '' echo ''
@ -422,7 +422,7 @@ function install_bdsmail {
bdsmail_wait_for_key_generation bdsmail_wait_for_key_generation
if [ ! $bds_domain ]; then if [ ! "$bds_domain" ]; then
systemctl stop bdsmail systemctl stop bdsmail
systemctl disable bdsmail systemctl disable bdsmail
remove_i2p remove_i2p
@ -430,38 +430,38 @@ function install_bdsmail {
exit 8934638 exit 8934638
fi fi
BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD"
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2346872427
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD"
# Create mutt configuration # Create mutt configuration
if [ ! -d /etc/skel/.mutt ]; then if [ ! -d /etc/skel/.mutt ]; then
mkdir /etc/skel/.mutt mkdir /etc/skel/.mutt
fi fi
echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail { echo 'set mbox_type=Maildir';
echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/";
echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail echo 'set use_from=yes';
echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail echo "set from=username@${bds_domain}";
echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail echo "set spoolfile=~/Maildir/i2p";
echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_autoencrypt=no';
echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_replyencrypt=no';
echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_autosign=no';
echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail
# mutt configuration for the admin user # mutt configuration for the admin user
if [ ! -d /home/$MY_USERNAME/.mutt ]; then if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
mkdir /home/$MY_USERNAME/.mutt mkdir "/home/$MY_USERNAME/.mutt"
fi fi
cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt"
sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail"
sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
bdsmail_configure_users bdsmail_configure_users
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2457245
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD"
APP_INSTALLED=1 APP_INSTALLED=1
} }

View File

@ -101,7 +101,7 @@ function upgrade_cryptpad {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 254724
cryptpad_create_config cryptpad_create_config
npm upgrade npm upgrade
npm install npm install
@ -156,7 +156,7 @@ function restore_local_cryptpad {
} }
function backup_remote_cryptpad { function backup_remote_cryptpad {
if grep -q "cryptpad domain" $COMPLETION_FILE; then if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
temp_backup_dir=$CRYPTPAD_DIR/datastore temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad systemctl stop cryptpad
@ -226,7 +226,7 @@ function remove_cryptpad {
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT} remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad remove_app cryptpad
remove_completion_param install_cryptpad remove_completion_param install_cryptpad
sed -i '/cryptpad/d' $COMPLETION_FILE sed -i '/cryptpad/d' "$COMPLETION_FILE"
userdel -r cryptpad userdel -r cryptpad
} }
@ -236,123 +236,123 @@ function cryptpad_create_config {
cryptpad_prefix= cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then if [[ "$cryptpad_install_type" == "mesh" ]]; then
cryptpad_prefix=$rootdir # shellcheck disable=SC2154
cryptpad_prefix="$rootdir"
fi fi
echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js { echo '/*@flow*/';
echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '/*';
echo ' globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' globals module';
echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo 'module.exports = {';
echo " httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " httpAddress: '::',";
echo ' httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "Access-Control-Allow-Origin": "*"';
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' },';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' contentSecurity: [';
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"font-src 'self' data:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "child-src blob: *",';
echo ' "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "frame-src blob: *",';
echo ' "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "media-src * blob:",';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"img-src 'self' data: blob:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "frame-ancestors *",';
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " ].join('; '),";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' padContentSecurity: [';
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"font-src 'self'\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "child-src *",';
echo ' "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "frame-src *",';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "img-src * blob:",';
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " ].join('; '),";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " httpPort: ${CRYPTPAD_PORT},";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " websocketPath: '/cryptpad_websocket',";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' logToStdout: false,';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' verbose: false,';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' mainPages: [';
echo " 'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " 'index'";
echo ' ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' ],';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname) CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
fi fi
echo ' defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js { echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' customLimits: {';
echo ' customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' },';
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' adminEmail: false,';
echo ' adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " storage: './storage/file',";
echo " storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " filePath: './datastore/',";
echo " filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " pinPath: './pins',";
echo " pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " blobPath: './blob',";
echo " blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " blobStagingPath: './blobstage',";
echo " blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' channelExpirationMs: 30000,';
echo ' channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' openFileLimit: 1024,';
echo ' openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " rpc: './rpc.js',";
echo " rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' suppressRPCErrors: false,';
echo ' suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' enableUploads: true,';
echo ' enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' //restrictUploads: false,';
echo ' //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' //logFeedback: true,';
echo ' //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' //logRPC: true,';
echo ' //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
if [[ "$cryptpad_install_type" != "mesh" ]]; then if [[ "$cryptpad_install_type" != "mesh" ]]; then
chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi fi
} }
function mesh_install_cryptpad { function mesh_install_cryptpad {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
return return
fi fi
if [ ! -d $rootdir/var/www/cryptpad ]; then if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir $rootdir/var/www/cryptpad mkdir "$rootdir/var/www/cryptpad"
fi fi
if [ -d $rootdir$CRYPTPAD_DIR ]; then if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf $rootdir$CRYPTPAD_DIR rm -rf "$rootdir$CRYPTPAD_DIR"
fi fi
git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
if [ ! -d $rootdir$CRYPTPAD_DIR ]; then if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
echo $'Unable to clone cryptpad repo' echo $'Unable to clone cryptpad repo'
exit 783251 exit 783251
fi fi
@ -360,94 +360,94 @@ function mesh_install_cryptpad {
# an unprivileged user to run as # an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd $rootdir$CRYPTPAD_DIR cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site { echo 'server {';
echo " listen 80 default_server;" >> $cryptpad_nginx_site echo " listen 80 default_server;";
echo " server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site echo " server_name P${PEER_ID}.local;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Logs' >> $cryptpad_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $cryptpad_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $cryptpad_nginx_site echo ' error_log /dev/null;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Root' >> $cryptpad_nginx_site echo ' # Root';
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site echo " root $CRYPTPAD_DIR;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' index index.html;' >> $cryptpad_nginx_site echo ' index index.html;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site echo ' proxy_set_header Connection upgrade;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize/ {';
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location = /api/config {' >> $cryptpad_nginx_site echo ' location = /api/config {';
echo ' default_type text/javascript;' >> $cryptpad_nginx_site echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site echo ' location ^~ /blob/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site echo ' location ^~ /register/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site echo ' location ^~ /login/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site echo ' location ^~ /about.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site echo ' location ^~ /contact.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site echo ' location ^~ /what-is-cryptpad.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}' >> $cryptpad_nginx_site echo '}'; } > "$cryptpad_nginx_site"
cd $rootdir$CRYPTPAD_DIR cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
get_npm_arch get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_cryptpad cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
#!/bin/bash #!/bin/bash
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR
npm install --arch=$NPM_ARCH --build-from-source npm install --arch=$NPM_ARCH --build-from-source
@ -456,37 +456,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad su -c 'bower install' - cryptpad
cp config.example.js config.js cp config.example.js config.js
EOF EOF
chmod +x $rootdir/usr/bin/install_cryptpad chmod +x "$rootdir/usr/bin/install_cryptpad"
chroot "$rootdir" /usr/bin/install_cryptpad chroot "$rootdir" /usr/bin/install_cryptpad
if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
echo $'Cryptpad config file not found' echo $'Cryptpad config file not found'
exit 628252 exit 628252
fi fi
rm $rootdir/usr/bin/install_cryptpad rm "$rootdir/usr/bin/install_cryptpad"
cryptpad_create_config mesh cryptpad_create_config mesh
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon # daemon
echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service { echo '[Unit]';
echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Description=Cryptpad';
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service echo 'After=syslog.target';
echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service echo 'After=network.target';
echo '' >> $rootdir/etc/systemd/system/cryptpad.service echo '';
echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service echo '[Service]';
echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service echo 'User=cryptpad';
echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Restart=on-failure';
echo '' >> $rootdir/etc/systemd/system/cryptpad.service echo '';
echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service chroot "$rootdir" systemctl enable cryptpad.service
} }
@ -505,7 +505,7 @@ function install_cryptpad_main {
if [ -d /repos/cryptpad ]; then if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR mkdir $CRYPTPAD_DIR
cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 3468356385
git pull git pull
else else
function_check git_clone function_check git_clone
@ -520,7 +520,7 @@ function install_cryptpad_main {
# an unprivileged user to run as # an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad useradd -d $CRYPTPAD_DIR/ cryptpad
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 34683655
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT" set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
@ -529,87 +529,87 @@ function install_cryptpad_main {
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT}) CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Logs' >> $cryptpad_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $cryptpad_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $cryptpad_nginx_site echo ' error_log /dev/null;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Root' >> $cryptpad_nginx_site echo ' # Root';
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site echo " root $CRYPTPAD_DIR;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' index index.html;' >> $cryptpad_nginx_site echo ' index index.html;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' if ($args ~ ver=) {' >> $cryptpad_nginx_site echo " if (\$args ~ ver=) {";
echo ' set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site echo " set \$cacheControl max-age=31536000;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site echo " add_header Cache-Control \$cacheControl;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site echo ' proxy_set_header Connection upgrade;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize/ {';
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location = /api/config {' >> $cryptpad_nginx_site echo ' location = /api/config {';
echo ' default_type text/javascript;' >> $cryptpad_nginx_site echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site echo ' location ^~ /blob/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site echo ' location ^~ /register/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site echo ' location ^~ /login/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site echo ' location ^~ /about.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site echo ' location ^~ /contact.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site echo ' location ^~ /what-is-cryptpad.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}' >> $cryptpad_nginx_site echo '}'; } > $cryptpad_nginx_site
function_check nginx_ensite function_check nginx_ensite
nginx_ensite cryptpad nginx_ensite cryptpad
@ -623,7 +623,7 @@ function install_cryptpad {
install_cryptpad_main install_cryptpad_main
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 35483548
npm install npm install
npm install -g bower@1.8.0 npm install -g bower@1.8.0
@ -639,22 +639,22 @@ function install_cryptpad {
chown -R cryptpad:cryptpad $CRYPTPAD_DIR chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon # daemon
echo '[Unit]' > /etc/systemd/system/cryptpad.service { echo '[Unit]';
echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service echo 'Description=Cryptpad';
echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/cryptpad.service echo 'After=network.target';
echo '' >> /etc/systemd/system/cryptpad.service echo '';
echo '[Service]' >> /etc/systemd/system/cryptpad.service echo '[Service]';
echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service echo 'User=cryptpad';
echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service echo 'Restart=on-failure';
echo '' >> /etc/systemd/system/cryptpad.service echo '';
echo '[Install]' >> /etc/systemd/system/cryptpad.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service systemctl enable cryptpad.service
systemctl daemon-reload systemctl daemon-reload
systemctl start cryptpad.service systemctl start cryptpad.service
@ -664,7 +664,7 @@ function install_cryptpad {
cryptpad_generate_api_config cryptpad_generate_api_config
# install again # install again
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 73537453
su -c 'bower install' - cryptpad su -c 'bower install' - cryptpad
systemctl restart nginx systemctl restart nginx

View File

@ -49,24 +49,27 @@ function logging_off_dlna {
function configure_interactive_dlna { function configure_interactive_dlna {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Media Menu" \ --title $"Media Menu" \
--radiolist $"Choose an operation:" 13 70 3 \ --radiolist $"Choose an operation:" 13 70 3 \
1 $"Attach a drive containing playable media" off \ 1 $"Attach a drive containing playable media" off \
2 $"Remove a drive containing playable media" off \ 2 $"Remove a drive containing playable media" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat $data) in
1) attach-music;; 1) attach-music;;
2) remove-music;; 2) remove-music;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -95,19 +98,19 @@ function configure_firewall_for_dlna {
firewall_add DLNA 1900 udp firewall_add DLNA 1900 udp
firewall_add DLNA 8200 tcp firewall_add DLNA 8200 tcp
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/dlna.service { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/dlna.service echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>' >> /etc/avahi/services/dlna.service echo '<service-group>';
echo ' <name replace-wildcards="yes">%h DLNA</name>' >> /etc/avahi/services/dlna.service echo ' <name replace-wildcards="yes">%h DLNA</name>';
echo ' <service>' >> /etc/avahi/services/dlna.service echo ' <service>';
echo ' <type>_dlna._tcp</type>' >> /etc/avahi/services/dlna.service echo ' <type>_dlna._tcp</type>';
echo " <port>8200</port>" >> /etc/avahi/services/dlna.service echo " <port>8200</port>";
echo ' </service>' >> /etc/avahi/services/dlna.service echo ' </service>';
echo ' <service>' >> /etc/avahi/services/dlna.service echo ' <service>';
echo ' <type>_dlna._udp</type>' >> /etc/avahi/services/dlna.service echo ' <type>_dlna._udp</type>';
echo " <port>1900</port>" >> /etc/avahi/services/dlna.service echo " <port>1900</port>";
echo ' </service>' >> /etc/avahi/services/dlna.service echo ' </service>';
echo '</service-group>' >> /etc/avahi/services/dlna.service echo '</service-group>'; } > /etc/avahi/services/dlna.service
systemctl restart avahi-daemon systemctl restart avahi-daemon
@ -125,7 +128,7 @@ function backup_local_dlna {
function restore_local_dlna { function restore_local_dlna {
if [ -d /var/cache/minidlna ]; then if [ -d /var/cache/minidlna ]; then
if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then
echo $"Restoring DLNA cache" echo $"Restoring DLNA cache"
temp_restore_dir=/root/tempdlna temp_restore_dir=/root/tempdlna
function_check restore_directory_from_usb function_check restore_directory_from_usb
@ -135,6 +138,7 @@ function restore_local_dlna {
else else
cp -r $temp_restore_dir/* /var/cache/minidlna/ cp -r $temp_restore_dir/* /var/cache/minidlna/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -156,7 +160,7 @@ function backup_remote_dlna {
function restore_remote_dlna { function restore_remote_dlna {
if [ -d /var/cache/minidlna ]; then if [ -d /var/cache/minidlna ]; then
if [ -d $SERVER_DIRECTORY/backup/dlna ]; then if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then
temp_restore_dir=/root/tempdlna temp_restore_dir=/root/tempdlna
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir dlna restore_directory_from_friend $temp_restore_dir dlna
@ -165,6 +169,7 @@ function restore_remote_dlna {
else else
cp -r $temp_restore_dir/* /var/cache/minidlna/ cp -r $temp_restore_dir/* /var/cache/minidlna/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 982 exit 982
fi fi
@ -201,7 +206,7 @@ function install_dlna_main {
exit 55 exit 55
fi fi
if [ ! $USB_MOUNT_DLNA ]; then if [ ! "$USB_MOUNT_DLNA" ]; then
USB_MOUNT_DLNA=/mnt/dlna USB_MOUNT_DLNA=/mnt/dlna
fi fi
if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then
@ -242,7 +247,7 @@ function install_dlna_main {
systemctl reload minidlna systemctl reload minidlna
sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
if ! grep -q "max_user_watches" $COMPLETION_FILE; then if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then
echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
fi fi
/sbin/sysctl -p -q /sbin/sysctl -p -q
@ -256,37 +261,37 @@ function script_for_attaching_usb_drive {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
echo '#!/bin/bash' > /usr/bin/attach-music { echo '#!/bin/bash';
echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music echo "source /usr/local/bin/${PROJECT_NAME}-vars";
echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*";
echo '' >> /usr/bin/attach-music echo '';
echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music echo "for f in \$UTILS_FILES";
echo 'do' >> /usr/bin/attach-music echo 'do';
echo ' source $f' >> /usr/bin/attach-music echo " source \$f";
echo 'done' >> /usr/bin/attach-music echo 'done';
echo '' >> /usr/bin/attach-music echo '';
echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music echo 'USB_DRIVE=/dev/sda1';
echo 'detect_usb_drive' >> /usr/bin/attach-music echo 'detect_usb_drive';
echo '' >> /usr/bin/attach-music echo '';
echo 'remove-music' >> /usr/bin/attach-music echo 'remove-music';
echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music echo "if [ ! -d $USB_MOUNT_DLNA ]; then";
echo " mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music echo " mkdir $USB_MOUNT_DLNA";
echo 'fi' >> /usr/bin/attach-music echo 'fi';
echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music echo -n "mount \$USB_DRIVE ";
echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music echo "$USB_MOUNT_DLNA";
echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music echo "chown root:root $USB_MOUNT_DLNA";
echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*";
echo 'systemctl restart minidlna' >> /usr/bin/attach-music echo 'systemctl restart minidlna';
echo 'minidlnad -R' >> /usr/bin/attach-music echo 'minidlnad -R';
echo 'exit 0' >> /usr/bin/attach-music echo 'exit 0'; } > /usr/bin/attach-music
chmod +x /usr/bin/attach-music chmod +x /usr/bin/attach-music
echo '#!/bin/bash' > /usr/bin/remove-music { echo '#!/bin/bash';
echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music echo "if [ -d $USB_MOUNT_DLNA ]; then";
echo " umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music echo " umount $USB_MOUNT_DLNA";
echo " rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music echo " rm -rf $USB_MOUNT_DLNA";
echo 'fi' >> /usr/bin/remove-music echo 'fi';
echo 'exit 0' >> /usr/bin/remove-music echo 'exit 0'; } > /usr/bin/remove-music
chmod +x /usr/bin/remove-music chmod +x /usr/bin/remove-music
mark_completed "${FUNCNAME[0]}" mark_completed "${FUNCNAME[0]}"

View File

@ -75,18 +75,18 @@ function change_password_dokuwiki {
new_user_password="$2" new_user_password="$2"
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1) existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
if [[ "$existing_user" == *":admin,"* ]]; then if [[ "$existing_user" == *":admin,"* ]]; then
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
else else
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
fi fi
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password"
fi fi
} }
@ -96,21 +96,21 @@ function add_user_dokuwiki {
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password"
} }
function remove_user_dokuwiki { function remove_user_dokuwiki {
remove_username="$1" remove_username="$1"
read_config_param "DOKUWIKI_DOMAIN_NAME" read_config_param "DOKUWIKI_DOMAIN_NAME"
if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki
fi fi
} }
@ -120,7 +120,7 @@ function reconfigure_dokuwiki {
function upgrade_dokuwiki { function upgrade_dokuwiki {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
} }
function backup_local_dokuwiki { function backup_local_dokuwiki {
@ -129,18 +129,18 @@ function backup_local_dokuwiki {
function_check backup_directory_to_usb function_check backup_directory_to_usb
# backup the data # backup the data
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=dokuwikidat dest_directory=dokuwikidat
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
fi fi
# backup the users # backup the users
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=dokuwikiacl dest_directory=dokuwikiacl
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
fi fi
} }
@ -153,11 +153,12 @@ function restore_local_dokuwiki {
temp_restore_dir=/root/tempdokuwikidat temp_restore_dir=/root/tempdokuwikidat
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikidat restore_directory_from_usb ${temp_restore_dir} dokuwikidat
if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then
cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
else else
cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb function_check restore_directory_from_usb
set_user_permissions set_user_permissions
@ -172,13 +173,14 @@ function restore_local_dokuwiki {
temp_restore_dir=/root/tempdokuwikiacl temp_restore_dir=/root/tempdokuwikiacl
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikiacl restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
else else
cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb function_check restore_directory_from_usb
set_user_permissions set_user_permissions
@ -189,21 +191,21 @@ function restore_local_dokuwiki {
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
echo $"Restore of Dokuwiki complete" echo $"Restore of Dokuwiki complete"
} }
function backup_remote_dokuwiki { function backup_remote_dokuwiki {
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then
echo $"Backing up dokuwiki" echo $"Backing up dokuwiki"
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl
fi fi
} }
@ -212,15 +214,16 @@ function restore_remote_dokuwiki {
function_check get_completion_param function_check get_completion_param
function_check restore_directory_from_friend function_check restore_directory_from_friend
if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then
echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME" echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
temp_restore_dir=/root/tempdokuwikidat temp_restore_dir=/root/tempdokuwikidat
restore_directory_from_friend $temp_restore_dir dokuwikidat restore_directory_from_friend $temp_restore_dir dokuwikidat
if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then
cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
else else
cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 92634 exit 92634
fi fi
@ -229,15 +232,16 @@ function restore_remote_dokuwiki {
echo $"Restore of Dokuwiki data complete" echo $"Restore of Dokuwiki data complete"
fi fi
if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then
echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME" echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
temp_restore_dir=/root/tempdokuwikiacl temp_restore_dir=/root/tempdokuwikiacl
restore_directory_from_friend $temp_restore_dir dokuwikiacl restore_directory_from_friend $temp_restore_dir dokuwikiacl
if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then
cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
else else
cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 735287 exit 735287
fi fi
@ -246,11 +250,11 @@ function restore_remote_dokuwiki {
echo $"Restore of Dokuwiki users complete" echo $"Restore of Dokuwiki users complete"
fi fi
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib"
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
} }
function remove_dokuwiki { function remove_dokuwiki {
@ -259,13 +263,13 @@ function remove_dokuwiki {
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT} remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}
nginx_dissite $DOKUWIKI_DOMAIN_NAME nginx_dissite "$DOKUWIKI_DOMAIN_NAME"
remove_certs $DOKUWIKI_DOMAIN_NAME remove_certs "$DOKUWIKI_DOMAIN_NAME"
if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME"
fi fi
if [ -d /var/lib/dokuwiki ]; then if [ -d /var/lib/dokuwiki ]; then
rm -rf /var/lib/dokuwiki rm -rf /var/lib/dokuwiki
@ -278,14 +282,14 @@ function remove_dokuwiki {
fi fi
remove_completion_param "install_dokuwiki" remove_completion_param "install_dokuwiki"
remove_completion_param "dokuwiki domain" remove_completion_param "dokuwiki domain"
sed -i '/dokuwiki/d' $COMPLETION_FILE sed -i '/dokuwiki/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $DOKUWIKI_DOMAIN_NAME remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
} }
function install_dokuwiki { function install_dokuwiki {
if [ ! $DOKUWIKI_DOMAIN_NAME ]; then if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then
return return
fi fi
@ -293,25 +297,25 @@ function install_dokuwiki {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME"
fi fi
if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then
cd /var/www/$DOKUWIKI_DOMAIN_NAME cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824
if [ -d /repos/dokuwiki ]; then if [ -d /repos/dokuwiki ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
fi fi
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832
git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT"
set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT" set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
fi fi
@ -322,40 +326,40 @@ function install_dokuwiki {
echo $'Removed Apache installation after Dokuwiki install' echo $'Removed Apache installation after Dokuwiki install'
fi fi
echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php { echo '<?php';
echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['title'] = '${DOKUWIKI_TITLE}';";
echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['lang'] = 'en';";
echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['license'] = 'cc-by-sa';";
echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['useacl'] = 1;";
echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['superuser'] = '@admin';";
echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['disableactions'] = 'register';"; } > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php"
chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then
DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'ogv video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf echo 'ogv video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi fi
if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'mp4 video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf echo 'mp4 video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi fi
if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'webm video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf echo 'webm video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi fi
DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT}) DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@ -363,178 +367,178 @@ function install_dokuwiki {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $DOKUWIKI_DOMAIN_NAME nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
echo " server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " server_name $DOKUWIKI_DOMAIN_NAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $DOKUWIKI_DOMAIN_NAME nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
else else
echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
fi fi
echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;";
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
echo " server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " server_name $DOKUWIKI_ONION_HOSTNAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes' create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes'
function_check configure_php function_check configure_php
configure_php configure_php
nginx_ensite $DOKUWIKI_DOMAIN_NAME nginx_ensite "$DOKUWIKI_DOMAIN_NAME"
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $DOKUWIKI_DOMAIN_NAME add_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
APP_INSTALLED=1 APP_INSTALLED=1
} }

View File

@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME
function remove_bad_links_edith { function remove_bad_links_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs"
# copy jquery locally # copy jquery locally
jquery_version='1.12.4' jquery_version='1.12.4'
if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then
cd $edith_dir cd $edith_dir || exit 246824628
wget https://code.jquery.com/jquery-${jquery_version}.js wget https://code.jquery.com/jquery-${jquery_version}.js
if [ -f $edith_dir/jquery-${jquery_version}.js ]; then if [ -f $edith_dir/jquery-${jquery_version}.js ]; then
jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}') jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
@ -79,9 +79,9 @@ function change_password_edith {
new_user_password="$2" new_user_password="$2"
sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd
echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username} echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}"
${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password"
} }
function logging_on_edith { function logging_on_edith {
@ -102,21 +102,20 @@ function edith_enable_login {
dialog --title $"Enable Edith login" \ dialog --title $"Enable Edith login" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60 --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60
sel=$? sel=$?
case $sel in case $sel in
0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then 0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
systemctl restart nginx systemctl restart nginx
fi fi
read_config_param $MY_USERNAME read_config_param "$MY_USERNAME"
EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith) EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith)
dialog --title $"Enable Edith login" \ dialog --title $"Enable Edith login" \
--msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65 --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65
EDITH__PASSWORD=
;; ;;
1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then 1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
systemctl restart nginx systemctl restart nginx
fi fi
dialog --title $"Disable Edith login" \ dialog --title $"Disable Edith login" \
@ -127,31 +126,34 @@ function edith_enable_login {
function edith_browse { function edith_browse {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642
editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
} }
function configure_interactive_edith { function configure_interactive_edith {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Edith" \ --title $"Edith" \
--radiolist $"Choose an operation:" 10 50 3 \ --radiolist $"Choose an operation:" 10 50 3 \
1 $"Enable login" off \ 1 $"Enable login" off \
2 $"Browse notes" off \ 2 $"Browse notes" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) edith_enable_login;; 1) edith_enable_login;;
2) edith_browse;; 2) edith_browse;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -165,24 +167,24 @@ function upgrade_edith {
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO"
remove_bad_links_edith remove_bad_links_edith
chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
} }
function backup_local_edith { function backup_local_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
function_check suspend_site function_check suspend_site
suspend_site ${EDITH_DOMAIN_NAME} suspend_site "${EDITH_DOMAIN_NAME}"
source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check backup_directory_to_usb function_check backup_directory_to_usb
dest_directory=edith dest_directory=edith
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
@ -192,12 +194,12 @@ function restore_local_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
temp_restore_dir=/root/tempedith temp_restore_dir=/root/tempedith
edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir edith restore_directory_from_usb $temp_restore_dir edith
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$edith_dir ]; then if [ -d $temp_restore_dir$edith_dir ]; then
cp -rp $temp_restore_dir$edith_dir $edith_dir/ cp -rp $temp_restore_dir$edith_dir $edith_dir/
else else
if [ ! -d $edith_dir ]; then if [ ! -d $edith_dir ]; then
@ -215,13 +217,13 @@ function backup_remote_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
function_check suspend_site function_check suspend_site
suspend_site ${EDITH_DOMAIN_NAME} suspend_site "${EDITH_DOMAIN_NAME}"
source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check backup_directory_to_friend function_check backup_directory_to_friend
dest_directory=edith dest_directory=edith
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
@ -231,12 +233,12 @@ function restore_remote_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
temp_restore_dir=/root/tempedith temp_restore_dir=/root/tempedith
edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir edith restore_directory_from_friend $temp_restore_dir edith
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$edith_dir ]; then if [ -d $temp_restore_dir$edith_dir ]; then
cp -rp $temp_restore_dir$edith_dir $edith_dir/ cp -rp $temp_restore_dir$edith_dir $edith_dir/
else else
if [ ! -d $edith_dir ]; then if [ ! -d $edith_dir ]; then
@ -253,17 +255,17 @@ function restore_remote_edith {
function remove_edith { function remove_edith {
nginx_dissite $EDITH_DOMAIN_NAME nginx_dissite $EDITH_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
fi fi
if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then
rm -rf /var/www/$EDITH_DOMAIN_NAME rm -rf "/var/www/$EDITH_DOMAIN_NAME"
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service edith ${EDITH_ONION_PORT} remove_onion_service edith ${EDITH_ONION_PORT}
sed -i '/edith/d' $COMPLETION_FILE sed -i '/edith/d' "$COMPLETION_FILE"
if [ -f /etc/nginx/.edithpasswd ]; then if [ -f /etc/nginx/.edithpasswd ]; then
rm /etc/nginx/.edithpasswd rm /etc/nginx/.edithpasswd
@ -286,26 +288,26 @@ function install_edith {
function_check install_nodejs function_check install_nodejs
install_nodejs edith install_nodejs edith
if [ ! ${EDITH_PASSWORD} ]; then if [ ! "${EDITH_PASSWORD}" ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then
rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs"
fi fi
if [ -d /repos/edith ]; then if [ -d /repos/edith ]; then
mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs"
cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs"
cd /var/www/$EDITH_DOMAIN_NAME/htdocs cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
@ -313,102 +315,102 @@ function install_edith {
exit 537593569 exit 537593569
fi fi
cd /var/www/$EDITH_DOMAIN_NAME/htdocs cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248
git checkout $EDITH_COMMIT -b $EDITH_COMMIT git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT"
set_completion_param "edith commit" "$EDITH_COMMIT" set_completion_param "edith commit" "$EDITH_COMMIT"
if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then
mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
fi fi
EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT}) EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT})
edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php" nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php"
echo 'server {' >> $edith_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $edith_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $edith_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site echo " server_name $EDITH_DOMAIN_NAME;";
echo '' >> $edith_nginx_site echo ''; } >> "$edith_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $EDITH_DOMAIN_NAME nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> $edith_nginx_site echo '' >> "$edith_nginx_site"
echo ' # Security' >> $edith_nginx_site echo ' # Security' >> "$edith_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $EDITH_DOMAIN_NAME nginx_ssl "$EDITH_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $EDITH_DOMAIN_NAME nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $edith_nginx_site echo '';
echo ' access_log /dev/null;' >> $edith_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $edith_nginx_site echo ' error_log /dev/null;';
echo '' >> $edith_nginx_site echo '';
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
echo '' >> $edith_nginx_site echo '';
echo ' index index.php;' >> $edith_nginx_site echo ' index index.php;';
echo '' >> $edith_nginx_site echo '';
echo ' # PHP' >> $edith_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $edith_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '' >> $edith_nginx_site echo '';
echo ' # Location' >> $edith_nginx_site echo ' # Location';
echo ' location / {' >> $edith_nginx_site echo ' location / {'; } >> "$edith_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $EDITH_DOMAIN_NAME '15m' nginx_limits "$EDITH_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site { echo " try_files \$uri \$uri/ /index.php?\$args;";
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site echo " auth_basic \"${EDITH_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site echo ' auth_basic_user_file /etc/nginx/.edithpasswd;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '}' >> $edith_nginx_site echo '}'; } >> "$edith_nginx_site"
else else
echo -n '' > $edith_nginx_site echo -n '' > "$edith_nginx_site"
fi fi
echo 'server {' >> $edith_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;";
echo " server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site echo " server_name $EDITH_ONION_HOSTNAME;";
echo '' >> $edith_nginx_site echo ''; } >> "$edith_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $EDITH_DOMAIN_NAME nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> $edith_nginx_site echo '' >> "$edith_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $EDITH_DOMAIN_NAME nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
echo '' >> $edith_nginx_site { echo '';
echo ' access_log /dev/null;' >> $edith_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $edith_nginx_site echo ' error_log /dev/null;';
echo '' >> $edith_nginx_site echo '';
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
echo '' >> $edith_nginx_site echo '';
echo ' index index.php;' >> $edith_nginx_site echo ' index index.php;';
echo '' >> $edith_nginx_site echo '';
echo ' # PHP' >> $edith_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $edith_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '' >> $edith_nginx_site echo '';
echo ' # Location' >> $edith_nginx_site echo ' # Location';
echo ' location / {' >> $edith_nginx_site echo ' location / {'; } >> "$edith_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $EDITH_DOMAIN_NAME '15m' nginx_limits $EDITH_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site { echo " try_files \$uri \$uri/ /index.php?\$args;";
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site echo " auth_basic \"${EDITH_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site echo ' auth_basic_user_file /etc/nginx/.edithpasswd;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '}' >> $edith_nginx_site echo '}'; } >> "$edith_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $EDITH_DOMAIN_NAME 'yes' create_site_certificate "$EDITH_DOMAIN_NAME" 'yes'
# create a password for users # create a password for users
if [ ! -f /etc/nginx/.edithpasswd ]; then if [ ! -f /etc/nginx/.edithpasswd ]; then
@ -417,24 +419,23 @@ function install_edith {
if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then
sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd
fi fi
echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME"
if [ ! -f /etc/nginx/.edithpasswd ]; then if [ ! -f /etc/nginx/.edithpasswd ]; then
echo $'/etc/nginx/.edithpasswd not found' echo $'/etc/nginx/.edithpasswd not found'
exit 6537683563 exit 6537683563
fi fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD"
cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess"
cd /var/www/$EDITH_DOMAIN_NAME/htdocs cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468
npm install -g coffeescript uglify-js npm install -g coffeescript uglify-js
cake build if ! cake build; then
if [ ! "$?" = "0" ]; then
echo $'Unable to build Edith' echo $'Unable to build Edith'
exit 7396483635 exit 7396483635
fi fi
cp config.example.php config.php cp config.example.php config.php
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php
else else
sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php
@ -445,20 +446,20 @@ function install_edith {
remove_bad_links_edith remove_bad_links_edith
chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
nginx_ensite $EDITH_DAEMON_NAME nginx_ensite "$EDITH_DAEMON_NAME"
systemctl restart nginx systemctl restart nginx
APP_INSTALLED=1 APP_INSTALLED=1
} }
function install_interactive_edith { function install_interactive_edith {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
GHOST_DOMAIN_NAME='edith.local' GHOST_DOMAIN_NAME='edith.local'
write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME" write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
else else

View File

@ -57,13 +57,13 @@ function backup_local_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/.emacs.d ]; then if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME" echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then if [ -f "/home/$USERNAME/.emacs" ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi fi
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
fi fi
fi fi
done done
@ -71,24 +71,25 @@ function backup_local_emacs {
function restore_local_emacs { function restore_local_emacs {
temp_restore_dir=/root/tempemacs temp_restore_dir=/root/tempemacs
if [ -d $USB_MOUNT/backup/emacs ]; then if [ -d "$USB_MOUNT/backup/emacs" ]; then
for d in $USB_MOUNT/backup/emacs/*/ ; do for d in $USB_MOUNT/backup/emacs/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Emacs config for $USERNAME" echo $"Restoring Emacs config for $USERNAME"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir emacs/$USERNAME restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.emacs.d ]; then if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
mkdir /home/$USERNAME/.emacs.d mkdir "/home/$USERNAME/.emacs.d"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -97,10 +98,10 @@ function restore_local_emacs {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
else else
cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -112,13 +113,13 @@ function backup_remote_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/.emacs.d ]; then if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME" echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then if [ -f "/home/$USERNAME/.emacs" ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi fi
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
fi fi
fi fi
done done
@ -126,24 +127,25 @@ function backup_remote_emacs {
function restore_remote_emacs { function restore_remote_emacs {
temp_restore_dir=/root/tempemacs temp_restore_dir=/root/tempemacs
if [ -d $USB_MOUNT/backup/emacs ]; then if [ -d "$USB_MOUNT/backup/emacs" ]; then
for d in $USB_MOUNT/backup/emacs/*/ ; do for d in $USB_MOUNT/backup/emacs/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Emacs config for $USERNAME" echo $"Restoring Emacs config for $USERNAME"
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir emacs/$USERNAME restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.emacs.d ]; then if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
mkdir /home/$USERNAME/.emacs.d mkdir "/home/$USERNAME/.emacs.d"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/* cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -152,10 +154,10 @@ function restore_remote_emacs {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
else else
cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -166,7 +168,7 @@ function restore_remote_emacs {
function remove_emacs { function remove_emacs {
apt-get -yq remove --purge emacs apt-get -yq remove --purge emacs
update-alternatives --set editor /usr/bin/nano update-alternatives --set editor /usr/bin/nano
sed -i '/install_emacs/d' $COMPLETION_FILE sed -i '/install_emacs/d' "$COMPLETION_FILE"
# remove emacs as the mutt email editor # remove emacs as the mutt email editor
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
@ -176,9 +178,9 @@ function remove_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q "set editor=" /home/$USERNAME/.muttrc; then if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
sed -i '/set editor=/d' /home/$USERNAME/.muttrc sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
fi fi
fi fi
fi fi
@ -194,74 +196,74 @@ function install_emacs {
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
#echo '' >> /home/$MY_USERNAME/.emacs #echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs { echo $';; ===== Remove trailing whitepace ======================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs echo ';; Goto a line number with CTRL-l';
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs echo -n '(global-set-key "\C-l" ';
echo "'goto-line)" >> /home/$MY_USERNAME/.emacs echo "'goto-line)";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Show line numbers ==============================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable line wrapping in org-mode ===============================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs echo " (add-hook 'org-mode-hook";
echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs echo " '(lambda ()";
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs echo " (visual-line-mode 1)))";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable shift select in org mode ================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs echo '(setq org-support-shift-select t)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Set standard indent to 4 rather that 4 =========================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs echo '(setq c-basic-offset 4)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Support Wheel Mouse Scrolling ==================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs echo '(mouse-wheel-mode t)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Place Backup Files in Specific Directory =======================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs echo '(setq make-backup-files t)';
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Make Text mode the default mode for new buffers ================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs echo "(setq default-major-mode 'text-mode)";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Line length ====================================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs echo '(setq-default fill-column 72)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable Line and Column Numbering ===============================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(line-number-mode 1)';
echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(column-number-mode 1)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of';
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs echo ';; newlines when the cursor goes over the column limit.';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs echo ';; This should actually turn on auto-fill-mode by default in all major';
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs echo ';; modes. The other way to do this is to turn on the fill for specific modes';
echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs echo ';; via hooks.';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(setq auto-fill-mode 1)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable GPG encryption =========================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs echo "(require 'epa)";
echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs"
cp /home/$MY_USERNAME/.emacs /root/.emacs cp "/home/$MY_USERNAME/.emacs" /root/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs"
# add a mutt entry to use emacs to compose emails # add a mutt entry to use emacs to compose emails
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
@ -273,92 +275,92 @@ function install_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc"
else else
sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc"
fi fi
fi fi
# create an Emacs configuration specifically for use with Mutt, which # create an Emacs configuration specifically for use with Mutt, which
# has word wrap and spell checking on by default # has word wrap and spell checking on by default
if [ ! -f /home/$USERNAME/.emacs-mutt ]; then if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then
echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt echo '(setq org-support-shift-select t)';
echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt echo '(setq c-basic-offset 4)';
echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt echo '(mouse-wheel-mode t)';
echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt echo '(setq make-backup-files t)';
echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt echo "(setq default-major-mode 'text-mode)";
echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt echo "(dolist (hook '(text-mode-hook))";
echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt echo ' (add-hook hook (lambda () (flyspell-mode 1))))';
echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt"
if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then
echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then
echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then
echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then
echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then
echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then
echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then
echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then
echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then
echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then
echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then
echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then
echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then
echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then
echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then
echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then
echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then
echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then
echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt { echo '(setq auto-fill-mode 0)';
echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt"
chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt"
# add the emacs mutt configuration to the user profile skeleton # add the emacs mutt configuration to the user profile skeleton
if [ ! -f /etc/skel/.emacs-mutt ]; then if [ ! -f /etc/skel/.emacs-mutt ]; then
cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt
chown root:root /etc/skel/.emacs-mutt chown root:root /etc/skel/.emacs-mutt
fi fi
fi fi

View File

@ -51,7 +51,7 @@ function select_go_version {
else else
sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
fi fi
cd $GVM_ROOT/bin cd "$GVM_ROOT/bin" || exit 3873658
[[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm" [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
gvm use go${GO_VERSION} --default gvm use go${GO_VERSION} --default
@ -60,21 +60,21 @@ function select_go_version {
exit 629825 exit 629825
fi fi
systemctl set-environment GOPATH=$GOPATH systemctl set-environment GOPATH="$GOPATH"
} }
function mesh_upgrade_golang_from_source { function mesh_upgrade_golang_from_source {
chroot "$rootdir" adduser --disabled-login --gecos 'go' ipfs chroot "$rootdir" adduser --disabled-login --gecos 'go' ipfs
git clone $GO_REPO $rootdir/home/go/go${GO_VERSION} git clone "$GO_REPO" "$rootdir/home/go/go${GO_VERSION}"
cd $rootdir/home/go/go${GO_VERSION} cd "$rootdir/home/go/go${GO_VERSION}" || exit 3463635
git checkout go${GO_VERSION} -b go${GO_VERSION} git checkout "go${GO_VERSION}" -b "go${GO_VERSION}"
git clone $GO_REPO $rootdir/home/go/go${GO_INTERMEDIATE_VERSION} git clone "$GO_REPO" "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}"
cd $rootdir/home/go/go${GO_INTERMEDIATE_VERSION} cd "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}" || exit 672845624
git checkout go${GO_INTERMEDIATE_VERSION} -b go${GO_INTERMEDIATE_VERSION} git checkout go${GO_INTERMEDIATE_VERSION} -b go${GO_INTERMEDIATE_VERSION}
cat <<EOF > ${rootdir}/root/upgrade_golang.sh cat <<EOF > "${rootdir}/root/upgrade_golang.sh"
#!/bin/bash #!/bin/bash
apt-get -yq install build-essential libc6-dev apt-get -yq install build-essential libc6-dev
@ -119,20 +119,20 @@ systemctl set-environment GOROOT=\$GOROOT
exit 0 exit 0
EOF EOF
chroot ${rootdir} chmod +x /root/upgrade_golang.sh chroot "${rootdir}" chmod +x /root/upgrade_golang.sh
chroot ${rootdir} /root/upgrade_golang.sh chroot "${rootdir}" /root/upgrade_golang.sh
if [ ! -f ${rootdir}/home/go/go${GO_VERSION}/bin/go ]; then if [ ! -f "${rootdir}/home/go/go${GO_VERSION}/bin/go" ]; then
echo $'Failed to upgrade golang' echo $'Failed to upgrade golang'
cat ${rootdir}/root/upgrade_golang.sh cat "${rootdir}/root/upgrade_golang.sh"
rm -f ${rootdir}/root/upgrade_golang.sh rm -f "${rootdir}/root/upgrade_golang.sh"
exit 836535 exit 836535
fi fi
rm -f ${rootdir}/root/upgrade_golang.sh rm -f "${rootdir}/root/upgrade_golang.sh"
} }
function mesh_upgrade_golang { function mesh_upgrade_golang {
prefix= prefix=
if [ $rootdir ]; then if [ "$rootdir" ]; then
prefix="chroot $rootdir" prefix="chroot $rootdir"
fi fi
$prefix adduser --disabled-login --gecos 'go' go $prefix adduser --disabled-login --gecos 'go' go
@ -177,43 +177,43 @@ function mesh_upgrade_golang {
fi fi
GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz
if [ ! -d ${rootdir}${INSTALL_DIR} ]; then if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
chroot "$rootdir" mkdir -p ${INSTALL_DIR} chroot "$rootdir" mkdir -p "${INSTALL_DIR}"
fi fi
cd ${rootdir}${INSTALL_DIR} cd "${rootdir}${INSTALL_DIR}" || exit 236487365
if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
wget ${GO_SOURCE} wget ${GO_SOURCE}
fi fi
if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
exit 26524 exit 26524
fi fi
$prefix tar -C /home/go -xzf ${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz $prefix tar -C /home/go -xzf "${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz"
if [ ! -d ${rootdir}/home/go/go/bin ]; then if [ ! -d "${rootdir}/home/go/go/bin" ]; then
echo 'Go binary not installed' echo 'Go binary not installed'
exit 763562 exit 763562
fi fi
mv ${rootdir}/home/go/go ${rootdir}/home/go/go${GO_VERSION} mv "${rootdir}/home/go/go" "${rootdir}/home/go/go${GO_VERSION}"
echo "export GOROOT=/home/go" >> ${rootdir}/root/.bashrc echo "export GOROOT=/home/go" >> "${rootdir}/root/.bashrc"
echo "export GOROOT=/home/go" >> ${rootdir}/etc/skel/.bashrc echo "export GOROOT=/home/go" >> "${rootdir}/etc/skel/.bashrc"
echo "export GOROOT=/home/go" >> ${rootdir}/home/$MY_USERNAME/.bashrc echo "export GOROOT=/home/go" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
echo "export GOROOT=/home/go" >> ${rootdir}/home/go/.bashrc echo "export GOROOT=/home/go" >> "${rootdir}/home/go/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/root/.bashrc echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/root/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/etc/skel/.bashrc echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/etc/skel/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/$MY_USERNAME/.bashrc echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/go/.bashrc echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/go/.bashrc"
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/root/.bashrc echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/root/.bashrc"
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/etc/skel/.bashrc echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/etc/skel/.bashrc"
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/$MY_USERNAME/.bashrc echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/go/.bashrc echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/go/.bashrc"
$prefix chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME $prefix chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME"
$prefix chown -R go:go /home/go $prefix chown -R go:go /home/go
cp ${rootdir}/home/go/go${GO_VERSION}/bin/* ${rootdir}/usr/bin cp "${rootdir}/home/go/go${GO_VERSION}/bin/*" "${rootdir}/usr/bin"
} }
function upgrade_golang { function upgrade_golang {
if grep -Fxq "upgrade_golang:$GO_VERSION" $COMPLETION_FILE; then if grep -Fxq "upgrade_golang:$GO_VERSION" "$COMPLETION_FILE"; then
return return
fi fi

View File

@ -29,57 +29,57 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
function gpg_update_mutt { function gpg_update_mutt {
key_username=$1 key_username="$1"
if [ ! -f /home/$key_username/.muttrc ]; then if [ ! -f "/home/$key_username/.muttrc" ]; then
return return
fi fi
CURR_EMAIL_ADDRESS=$key_username@$HOSTNAME CURR_EMAIL_ADDRESS=$key_username@$HOSTNAME
CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//') CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf # If the default key is specified within gpg.conf
if [ -f /home/$key_username/gpg.conf ]; then if [ -f "/home/$key_username/gpg.conf" ]; then
if grep -q "default-key" /home/$key_username/gpg.conf; then if grep -q "default-key" "/home/$key_username/gpg.conf"; then
default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key") default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf")
if [[ "$default_gpg_key" != *'#'* ]]; then if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf" | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then if [ ${#default_gpg_key} -gt 3 ]; then
CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi fi
fi fi
fi fi
fi fi
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
chown $key_username:$key_username /home/$key_username/.muttrc chown "$key_username":"$key_username" "/home/$key_username/.muttrc"
} }
function gpg_import_public_key { function gpg_import_public_key {
key_username=$1 key_username="$1"
key_filename=$2 key_filename="$2"
gpg --homedir=/home/$key_username/.gnupg --import $key_filename gpg --homedir="/home/$key_username/.gnupg" --import "$key_filename"
gpg_set_permissions $key_username gpg_set_permissions "$key_username"
} }
function gpg_import_private_key { function gpg_import_private_key {
key_username=$1 key_username="$1"
key_filename=$2 key_filename="$2"
gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$key_filename"
gpg_set_permissions $key_username gpg_set_permissions "$key_username"
} }
function gpg_export_public_key { function gpg_export_public_key {
key_username=$1 key_username="$1"
key_id=$2 key_id="$2"
key_filename=$3 key_filename="$3"
chown -R $key_username:$key_username /home/$key_username/.gnupg chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - "$key_username"
} }
function gpg_export_private_key { function gpg_export_private_key {
@ -87,68 +87,68 @@ function gpg_export_private_key {
key_id=$2 key_id=$2
key_filename=$3 key_filename=$3
chown -R $key_username:$key_username /home/$key_username/.gnupg chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - "$key_username"
} }
function gpg_create_key { function gpg_create_key {
key_username=$1 key_username="$1"
key_passphrase=$2 key_passphrase="$2"
gpg_dir=/home/$key_username/.gnupg gpg_dir="/home/$key_username/.gnupg"
echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf { echo 'Key-Type: eddsa';
echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf echo 'Key-Curve: Ed25519';
echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf echo 'Subkey-Type: eddsa';
echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf echo 'Subkey-Curve: Ed25519';
echo "Name-Real: $MY_NAME" >> /home/$key_username/gpg-genkey.conf echo "Name-Real: $MY_NAME";
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf echo "Name-Email: $MY_EMAIL_ADDRESS";
echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf echo 'Expire-Date: 0'; } > "/home/$key_username/gpg-genkey.conf"
cat /home/$key_username/gpg-genkey.conf cat "/home/$key_username/gpg-genkey.conf"
if [ $key_passphrase ]; then if [ "$key_passphrase" ]; then
echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf echo "Passphrase: $key_passphrase" >> "/home/$key_username/gpg-genkey.conf"
else else
echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf echo "Passphrase: $PROJECT_NAME" >> "/home/$key_username/gpg-genkey.conf"
fi fi
chown $key_username:$key_username /home/$key_username/gpg-genkey.conf chown "$key_username":"$key_username" "/home/$key_username/gpg-genkey.conf"
echo $'Generating a new GPG key' echo $'Generating a new GPG key'
su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - "$key_username"
chown -R $key_username:$key_username /home/$key_username/.gnupg chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
KEY_EXISTS=$(gpg_key_exists "$key_username" "$MY_EMAIL_ADDRESS") KEY_EXISTS=$(gpg_key_exists "$key_username" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then if [[ $KEY_EXISTS == "no" ]]; then
echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created" echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
exit 63621 exit 63621
fi fi
shred -zu /home/$key_username/gpg-genkey.conf shred -zu "/home/$key_username/gpg-genkey.conf"
CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS") CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS" echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
exit 825292 exit 825292
fi fi
gpg_set_permissions $key_username gpg_set_permissions "$key_username"
} }
function gpg_delete_key { function gpg_delete_key {
key_username=$1 key_username="$1"
key_id=$2 key_id="$2"
chown -R $key_username:$key_username /home/$key_username/.gnupg chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - $key_username su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - "$key_username"
su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - $key_username su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - "$key_username"
} }
function gpg_set_permissions { function gpg_set_permissions {
key_username=$1 key_username=$1
if [[ "$key_username" != 'root' ]]; then if [[ "$key_username" != 'root' ]]; then
chmod 700 /home/$key_username/.gnupg chmod 700 "/home/$key_username/.gnupg"
chmod -R 600 /home/$key_username/.gnupg/* chmod -R 600 "/home/$key_username/.gnupg/*"
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$key_username/.gnupg/S.dirmngr"
if [ -d /home/$key_username/.gnupg/crls.d ]; then if [ -d "/home/$key_username/.gnupg/crls.d" ]; then
chmod +x /home/$key_username/.gnupg/crls.d chmod +x "/home/$key_username/.gnupg/crls.d"
fi fi
chown -R $key_username:$key_username /home/$key_username/.gnupg chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
else else
chmod 700 /root/.gnupg chmod 700 /root/.gnupg
chmod -R 600 /root/.gnupg/* chmod -R 600 /root/.gnupg/*
@ -156,7 +156,7 @@ function gpg_set_permissions {
if [ -d /root/.gnupg/crls.d ]; then if [ -d /root/.gnupg/crls.d ]; then
chmod +x /root/.gnupg/crls.d chmod +x /root/.gnupg/crls.d
fi fi
chown -R $key_username:$key_username /root/.gnupg chown -R "$key_username":"$key_username" /root/.gnupg
fi fi
} }
@ -164,22 +164,22 @@ function gpg_reconstruct_key {
key_username=$1 key_username=$1
key_interactive=$2 key_interactive=$2
if [ ! -d /home/$key_username/.gnupg_fragments ]; then if [ ! -d "/home/$key_username/.gnupg_fragments" ]; then
return return
fi fi
cd /home/$key_username/.gnupg_fragments cd "/home/$key_username/.gnupg_fragments" || exit 3468346
# shellcheck disable=SC2012
no_of_shares=$(ls -afq keyshare.asc.* | wc -l) no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
if (( no_of_shares < 4 )); then if (( no_of_shares < 4 )); then
if [ $key_interactive ]; then if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70 dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
else else
echo $'Not enough fragments to reconstruct the key' echo $'Not enough fragments to reconstruct the key'
fi fi
exit 7348 exit 7348
fi fi
gfcombine /home/$key_username/.gnupg_fragments/keyshare* if ! gfcombine "/home/$key_username/.gnupg_fragments/keyshare*"; then
if [ ! "$?" = "0" ]; then if [ "$key_interactive" ]; then
if [ $key_interactive ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70 dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
else else
echo $'Unable to reconstruct the key' echo $'Unable to reconstruct the key'
@ -188,8 +188,8 @@ function gpg_reconstruct_key {
fi fi
KEYS_FILE=/home/$key_username/.gnupg_fragments/keyshare.asc KEYS_FILE=/home/$key_username/.gnupg_fragments/keyshare.asc
if [ ! -f $KEYS_FILE ]; then if [ ! -f "$KEYS_FILE" ]; then
if [ $key_interactive ]; then if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70 dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
else else
echo $'Unable to reconstruct the key' echo $'Unable to reconstruct the key'
@ -197,22 +197,21 @@ function gpg_reconstruct_key {
exit 52852 exit 52852
fi fi
gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $KEYS_FILE if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
if [ ! "$?" = "0" ]; then shred -zu "$KEYS_FILE"
shred -zu $KEYS_FILE rm -rf "/home/$key_username/.tempgnupg"
rm -rf /home/$key_username/.tempgnupg if [ "$key_interactive" ]; then
if [ $key_interactive ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70 dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
else else
echo $'Unable to import gpg key' echo $'Unable to import gpg key'
fi fi
exit 96547 exit 96547
fi fi
shred -zu $KEYS_FILE shred -zu "$KEYS_FILE"
gpg_set_permissions $key_username gpg_set_permissions "$key_username"
if [ $key_interactive ]; then if [ "$key_interactive" ]; then
dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70 dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70
else else
echo $'Key has been reconstructed' echo $'Key has been reconstructed'
@ -224,9 +223,9 @@ function gpg_agent_setup {
if [[ $gpg_username == 'root' ]]; then if [[ $gpg_username == 'root' ]]; then
if ! grep -q 'GPG_TTY' /root/.bashrc; then if ! grep -q 'GPG_TTY' /root/.bashrc; then
echo '' >> /root/.bashrc { echo '';
echo 'GPG_TTY=$(tty)' >> /root/.bashrc echo "GPG_TTY=\$(tty)";
echo 'export GPG_TTY' >> /root/.bashrc echo 'export GPG_TTY'; } >> /root/.bashrc
fi fi
if grep -q '# use-agent' /root/.gnupg/gpg.conf; then if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
@ -234,37 +233,37 @@ function gpg_agent_setup {
if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
echo 'use-agent' >> /root/.gnupg/gpg.conf echo 'use-agent' >> /root/.gnupg/gpg.conf
fi fi
echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf { echo 'default-cache-ttl 300';
echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf echo 'max-cache-ttl 999999';
echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf echo 'allow-loopback-pinentry'; } > /root/.gnupg/gpg-agent.conf
if [ -f /root/.gnupg/S.dirmngr ]; then if [ -f /root/.gnupg/S.dirmngr ]; then
rm /root/.gnupg/S.dirmngr rm /root/.gnupg/S.dirmngr
fi fi
echo RELOADAGENT | gpg-connect-agent echo RELOADAGENT | gpg-connect-agent
else else
if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then if ! grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
echo '' >> /home/$gpg_username/.bashrc { echo '';
echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc echo "GPG_TTY=\$(tty)";
echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc echo 'export GPG_TTY'; } >> "/home/$gpg_username/.bashrc"
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
fi fi
if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then if grep -q '# use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf sed -i 's|# use-agent|use-agent|g' "/home/$gpg_username/.gnupg/gpg.conf"
fi fi
if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then if ! grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf echo 'use-agent' >> "/home/$gpg_username/.gnupg/gpg.conf"
fi fi
if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then if ! grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf echo 'pinentry-mode loopback' >> "/home/$gpg_username/.gnupg/gpg.conf"
fi fi
echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf echo 'default-cache-ttl 300' > "/home/$gpg_username/.gnupg/gpg-agent.conf"
echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf echo 'max-cache-ttl 999999' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf echo 'allow-loopback-pinentry' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then if [ -f "/home/$gpg_username/.gnupg/S.dirmngr" ]; then
rm /home/$gpg_username/.gnupg/S.dirmngr rm "/home/$gpg_username/.gnupg/S.dirmngr"
fi fi
if [[ "$gpg_username" != "$USER" ]]; then if [[ "$gpg_username" != "$USER" ]]; then
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
else else
echo RELOADAGENT | gpg-connect-agent echo RELOADAGENT | gpg-connect-agent
fi fi
@ -277,21 +276,21 @@ function gpg_agent_enable {
if [[ $gpg_username == 'root' ]]; then if [[ $gpg_username == 'root' ]]; then
return return
else else
if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then if grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc sed -i '/GPG_TTY/d' "/home/$gpg_username/.bashrc"
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
fi fi
if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then if grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf sed -i '/use-agent/d' "/home/$gpg_username/.gnupg/gpg.conf"
fi fi
if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then if grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf sed -i '/pinentry-mode loopback/d' "/home/$gpg_username/.gnupg/gpg.conf"
fi fi
if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then if [ -f "/home/$gpg_username/.gnupg/gpg-agent.conf" ]; then
rm /home/$gpg_username/.gnupg/gpg-agent.conf rm "/home/$gpg_username/.gnupg/gpg-agent.conf"
fi fi
if [[ "$gpg_username" != "$USER" ]]; then if [[ "$gpg_username" != "$USER" ]]; then
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
else else
echo RELOADAGENT | gpg-connect-agent echo RELOADAGENT | gpg-connect-agent
fi fi
@ -303,46 +302,46 @@ function gpg_pubkey_from_email {
key_email_address=$2 key_email_address=$2
key_id= key_id=
if [[ $key_owner_username != "root" ]]; then if [[ $key_owner_username != "root" ]]; then
key_id=$(su -c "gpg --list-keys $key_email_address" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//') key_id=$(su -c "gpg --list-keys $key_email_address" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf # If the default key is specified within gpg.conf
if [ -f /home/$key_owner_username/gpg.conf ]; then if [ -f "/home/$key_owner_username/gpg.conf" ]; then
if grep -q "default-key" /home/$key_owner_username/gpg.conf; then if grep -q "default-key" "/home/$key_owner_username/gpg.conf"; then
default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key") default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf")
if [[ "$default_gpg_key" != *'#'* ]]; then if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf" | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then if [ ${#default_gpg_key} -gt 3 ]; then
key_id=$(su -c "gpg --list-keys $default_gpg_key" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//') key_id=$(su -c "gpg --list-keys $default_gpg_key" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
fi fi
fi fi
fi fi
fi fi
else else
key_id=$(gpg --list-keys $key_email_address | sed -n '2p' | sed 's/^[ \t]*//') key_id=$(gpg --list-keys "$key_email_address" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf # If the default key is specified within gpg.conf
if [ -f /root/gpg.conf ]; then if [ -f /root/gpg.conf ]; then
if grep -q "default-key" /root/gpg.conf; then if grep -q "default-key" /root/gpg.conf; then
default_gpg_key=$(cat /root/gpg.conf | grep "default-key") default_gpg_key=$(grep "default-key" /root/gpg.conf)
if [[ "$default_gpg_key" != *'#'* ]]; then if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat /root/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') default_gpg_key=$(grep "default-key" /root/gpg.conf | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then if [ ${#default_gpg_key} -gt 3 ]; then
key_id=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') key_id=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi fi
fi fi
fi fi
fi fi
fi fi
echo $key_id echo "$key_id"
} }
function enable_email_encryption_at_rest { function enable_email_encryption_at_rest {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then if grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
sed -i 's|#:0 f|:0 f|g' /home/$USERNAME/.procmailrc sed -i 's|#:0 f|:0 f|g' "/home/$USERNAME/.procmailrc"
fi fi
fi fi
done done
@ -357,9 +356,9 @@ function disable_email_encryption_at_rest {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if ! grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then if ! grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
sed -i 's|:0 f|#:0 f|g' /home/$USERNAME/.procmailrc sed -i 's|:0 f|#:0 f|g' "/home/$USERNAME/.procmailrc"
fi fi
fi fi
done done

View File

@ -37,14 +37,14 @@ EIGHTSYNC_COMMIT='8cbb7f22227c0afdd3b0bd758ebec0efba2fa1e1'
function install_8sync { function install_8sync {
apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir $INSTALL_DIR mkdir "$INSTALL_DIR"
fi fi
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 67832456
git_clone $EIGHTSYNC_REPO $INSTALL_DIR/eightsync git_clone "$EIGHTSYNC_REPO" "$INSTALL_DIR/eightsync"
cd $INSTALL_DIR/eightsync cd "$INSTALL_DIR/eightsync" || exit 23468346
git checkout ${EIGHTSYNC_COMMIT} -b ${EIGHTSYNC_COMMIT} git checkout "${EIGHTSYNC_COMMIT}" -b "${EIGHTSYNC_COMMIT}"
export GUILE_BASE_PATH=/opt/guile-${GUILE_VERSION} export GUILE_BASE_PATH=/opt/guile-${GUILE_VERSION}
export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include" export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include"
@ -67,31 +67,31 @@ function install_guile {
apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo lzip wget apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo lzip wget
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir $INSTALL_DIR mkdir "$INSTALL_DIR"
fi fi
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 4298497
if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
wget https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz wget "https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
fi fi
if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
echo 'Unable to download guile pack' echo 'Unable to download guile pack'
exit 6735238 exit 6735238
fi fi
CURR_GUILE_HASH=$(sha256sum guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz | awk -F ' ' '{print $1}') CURR_GUILE_HASH=$(sha256sum "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" | awk -F ' ' '{print $1}')
if [[ "$CURR_GUILE_HASH" != "$GUILE_HASH" ]]; then if [[ "$CURR_GUILE_HASH" != "$GUILE_HASH" ]]; then
echo 'Guile hash does not match' echo 'Guile hash does not match'
exit 7237625 exit 7237625
fi fi
cd / cd / || exit 73563635
tar xvf $INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz tar xvf "$INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
if [ ! -d /opt/guile-${GUILE_VERSION}/bin ]; then if [ ! -d "/opt/guile-${GUILE_VERSION}/bin" ]; then
echo 'Guile was not installed' echo 'Guile was not installed'
exit 825269 exit 825269
fi fi
echo "export GUILE_PATH=/opt/guile-${GUILE_VERSION}/bin" >> ~/.bashrc echo "export GUILE_PATH=/opt/guile-${GUILE_VERSION}/bin" >> ~/.bashrc
echo 'export PATH=$PATH:$GUILE_PATH' >> ~/.bashrc echo "export PATH=\$PATH:\$GUILE_PATH" >> ~/.bashrc
} }
# NOTE: deliberately no exit 0 # NOTE: deliberately no exit 0

View File

@ -34,12 +34,12 @@
I2P_DOMAIN='deb.i2p2.de' I2P_DOMAIN='deb.i2p2.de'
function install_i2p { function install_i2p {
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p $INSTALL_DIR mkdir -p "$INSTALL_DIR"
fi fi
# install the gpg key # install the gpg key
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 346735
if [ -f i2p-debian-repo.key.asc ]; then if [ -f i2p-debian-repo.key.asc ]; then
rm i2p-debian-repo.key.asc rm i2p-debian-repo.key.asc
fi fi
@ -121,3 +121,5 @@ function i2p_enable_sam {
sed -i 's|clientApp.1.startOnLoad=.*|clientApp.1.startOnLoad=true|g' /var/lib/i2p/i2p-config/clients.config sed -i 's|clientApp.1.startOnLoad=.*|clientApp.1.startOnLoad=true|g' /var/lib/i2p/i2p-config/clients.config
systemctl restart i2p systemctl restart i2p
} }
# NOTE: deliberately no exit 0

View File

@ -32,14 +32,13 @@ function interactive_configuration_remote_backups {
if [[ $SYSTEM_TYPE == "mesh"* ]]; then if [[ $SYSTEM_TYPE == "mesh"* ]]; then
return return
fi fi
if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then if [ ! -f "/usr/local/bin/${PROJECT_NAME}-remote" ]; then
if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then if [ ! -f "/usr/bin/${PROJECT_NAME}-remote" ]; then
echo $"The command ${PROJECT_NAME}-remote was not found" echo $"The command ${PROJECT_NAME}-remote was not found"
exit 87354 exit 87354
fi fi
fi fi
${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes if ! "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$FRIENDS_SERVERS_LIST" -m "$MINIMUM_PASSWORD_LENGTH" -r yes; then
if [ ! "$?" = "0" ]; then
echo $'Command failed:' echo $'Command failed:'
echo '' echo ''
echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes" echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
@ -49,8 +48,8 @@ function interactive_configuration_remote_backups {
} }
function interactive_configuration { function interactive_configuration {
if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then if [ ! -f "/usr/local/bin/${PROJECT_NAME}-config" ]; then
if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then if [ ! -f "/usr/bin/${PROJECT_NAME}-config" ]; then
echo $"The command ${PROJECT_NAME}-config was not found" echo $"The command ${PROJECT_NAME}-config was not found"
exit 63935 exit 63935
fi fi
@ -59,32 +58,32 @@ function interactive_configuration {
rm -f /tmp/meshuserdevice rm -f /tmp/meshuserdevice
fi fi
if [ $SOCIALINSTANCE ]; then if [ "$SOCIALINSTANCE" ]; then
${PROJECT_NAME}-config \ "${PROJECT_NAME}-config" \
-f $CONFIGURATION_FILE \ -f "$CONFIGURATION_FILE" \
-w $PROJECT_WEBSITE \ -w "$PROJECT_WEBSITE" \
-m $MINIMUM_PASSWORD_LENGTH \ -m "$MINIMUM_PASSWORD_LENGTH" \
--minimal "yes" \ --minimal "yes" \
--social $SOCIALINSTANCE --social "$SOCIALINSTANCE"
else else
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
if [[ $MINIMAL_INSTALL == "no" ]]; then if [[ $MINIMAL_INSTALL == "no" ]]; then
${PROJECT_NAME}-config \ "${PROJECT_NAME}-config" \
-f $CONFIGURATION_FILE \ -f "$CONFIGURATION_FILE" \
-w $PROJECT_WEBSITE \ -w "$PROJECT_WEBSITE" \
-m $MINIMUM_PASSWORD_LENGTH -m "$MINIMUM_PASSWORD_LENGTH"
else else
${PROJECT_NAME}-config \ "${PROJECT_NAME}-config" \
-f $CONFIGURATION_FILE \ -f "$CONFIGURATION_FILE" \
-w $PROJECT_WEBSITE \ -w "$PROJECT_WEBSITE" \
-m $MINIMUM_PASSWORD_LENGTH \ -m "$MINIMUM_PASSWORD_LENGTH" \
--minimal "yes" --minimal "yes"
fi fi
else else
${PROJECT_NAME}-config \ "${PROJECT_NAME}-config" \
-f $CONFIGURATION_FILE \ -f "$CONFIGURATION_FILE" \
-w $PROJECT_WEBSITE \ -w "$PROJECT_WEBSITE" \
-m $MINIMUM_PASSWORD_LENGTH \ -m "$MINIMUM_PASSWORD_LENGTH" \
--onion "yes" --onion "yes"
fi fi
fi fi
@ -93,6 +92,7 @@ function interactive_configuration {
rm -f /tmp/meshuserdevice rm -f /tmp/meshuserdevice
exit 0 exit 0
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $'Command failed:' echo $'Command failed:'
echo '' echo ''
@ -107,7 +107,7 @@ function interactive_configuration {
dialog --title $"Encrypted backup to other servers" \ dialog --title $"Encrypted backup to other servers" \
--backtitle $"${PROJECT_NAME} Configuration" \ --backtitle $"${PROJECT_NAME} Configuration" \
--defaultno \ --defaultno \
--yesno $"\nDo you wish to configure some remote backup locations?" 7 60 --yesno $"\\nDo you wish to configure some remote backup locations?" 7 60
sel=$? sel=$?
case $sel in case $sel in
0) interactive_configuration_remote_backups;; 0) interactive_configuration_remote_backups;;
@ -121,53 +121,55 @@ function interactive_site_details {
SITE_BACKTITLE=$"Freedombone Configuration" SITE_BACKTITLE=$"Freedombone Configuration"
SITE_CONFIG_TITLE=$"${site_name^} Configuration" SITE_CONFIG_TITLE=$"${site_name^} Configuration"
SITE_FORM_TEXT=$"\nPlease enter your ${site_name^} details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" SITE_FORM_TEXT=$"\\nPlease enter your ${site_name^} details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
SITE_DOMAIN_NAME= SITE_DOMAIN_NAME=
SITE_CODE= SITE_CODE=
SITE_DETAILS_COMPLETE= SITE_DETAILS_COMPLETE=
while [ ! $SITE_DETAILS_COMPLETE ] while [ ! $SITE_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle "$SITE_BACKTITLE" \ dialog --backtitle "$SITE_BACKTITLE" \
--title "$SITE_CONFIG_TITLE" \ --title "$SITE_CONFIG_TITLE" \
--form "$SITE_FORM_TEXT" 14 55 3 \ --form "$SITE_FORM_TEXT" 14 55 3 \
$"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Code:" 2 1 "$(grep '${site_name_upper}_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \ $"Code:" 2 1 "$(grep "${site_name_upper}_CODE" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle "$SITE_BACKTITLE" \ dialog --backtitle "$SITE_BACKTITLE" \
--title "$SITE_CONFIG_TITLE" \ --title "$SITE_CONFIG_TITLE" \
--form "$SITE_FORM_TEXT" 11 55 3 \ --form "$SITE_FORM_TEXT" 11 55 3 \
$"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
SITE_DOMAIN_NAME=$(cat $data | sed -n 1p) SITE_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $SITE_DOMAIN_NAME ]; then if [ "$SITE_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$SITE_DOMAIN_NAME TEST_DOMAIN_NAME=$SITE_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $SITE_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$SITE_DOMAIN_NAME" ]]; then
SITE_DOMAIN_NAME= SITE_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
SITE_CODE=$(cat $data | sed -n 2p) SITE_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$SITE_CODE" validate_freedns_code "$SITE_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
SITE_DOMAIN_NAME= SITE_DOMAIN_NAME=
fi fi
fi fi
fi fi
fi fi
if [ $SITE_DOMAIN_NAME ]; then if [ "$SITE_DOMAIN_NAME" ]; then
SITE_DETAILS_COMPLETE="yes" SITE_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file
@ -192,31 +194,31 @@ function interactive_site_details_with_title {
SITE_DETAILS_COMPLETE= SITE_DETAILS_COMPLETE=
while [ ! $SITE_DETAILS_COMPLETE ] while [ ! $SITE_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title "$SITE_BACKTITLE" \ --title "$SITE_BACKTITLE" \
--form "$SITE_FORM_TEXT" 14 55 4 \ --form "$SITE_FORM_TEXT" 14 55 4 \
$"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
$"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ $"Code:" 3 1 "$(grep "$SITE_CODE" temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
$"Code:" 3 1 "$(grep '$SITE_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \ 2> "$data"
2> $data
else else
dialog --backtitle "$SITE_BACKTITLE" \ dialog --backtitle "$SITE_BACKTITLE" \
--title "$SITE_CONFIG_TITLE" \ --title "$SITE_CONFIG_TITLE" \
--form "$SITE_FORM_TEXT" 11 55 3 \ --form "$SITE_FORM_TEXT" 11 55 3 \
$"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ $"Title:" 1 1 "$(grep "$SITE_TITLE" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
$"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
SITE_TITLE=$(cat $data | sed -n 1p) SITE_TITLE=$(sed -n 1p < "$data")
SITE_DOMAIN_NAME=$(cat $data | sed -n 2p) SITE_DOMAIN_NAME=$(sed -n 2p < "$data")
site_domain_name_str="$SITE_DOMAIN_NAME" site_domain_name_str="$SITE_DOMAIN_NAME"
if [ ${#site_domain_name_str} -gt 1 ]; then if [ ${#site_domain_name_str} -gt 1 ]; then
TEST_DOMAIN_NAME="$SITE_DOMAIN_NAME" TEST_DOMAIN_NAME="$SITE_DOMAIN_NAME"
@ -225,10 +227,10 @@ function interactive_site_details_with_title {
SITE_DOMAIN_NAME= SITE_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
SITE_CODE=$(cat $data | sed -n 3p) SITE_CODE=$(sed -n 3p < "$data")
validate_freedns_code "${SITE_CODE}" validate_freedns_code "${SITE_CODE}"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
SITE_DOMAIN_NAME= SITE_DOMAIN_NAME=
fi fi
fi fi
@ -240,6 +242,7 @@ function interactive_site_details_with_title {
SITE_DETAILS_COMPLETE="yes" SITE_DETAILS_COMPLETE="yes"
fi fi
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file

View File

@ -41,137 +41,137 @@ function interactive_gpg_from_usb {
do do
detect_usb_drive detect_usb_drive
if [ ! -b $USB_DRIVE ]; then if [ ! -b "$USB_DRIVE" ]; then
if (( GPG_CTR > 0 )); then if (( GPG_CTR > 0 )); then
gpg_reconstruct_key $MY_USERNAME interactive gpg_reconstruct_key "$MY_USERNAME" interactive
gpg_update_mutt $MY_USERNAME gpg_update_mutt "$MY_USERNAME"
return 0 return 0
fi fi
dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30 dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30
exit 739836 exit 739836
fi fi
backup_mount_drive ${USB_DRIVE} ${MY_USERNAME} backup_mount_drive "${USB_DRIVE}" "${MY_USERNAME}"
if [ ! -d $USB_MOUNT ]; then if [ ! -d "$USB_MOUNT" ]; then
if (( GPG_CTR > 0 )); then if (( GPG_CTR > 0 )); then
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
gpg_reconstruct_key $MY_USERNAME interactive gpg_reconstruct_key "$MY_USERNAME" interactive
return 0 return 0
fi fi
dialog --title $"Recover Encryption Keys" \ dialog --title $"Recover Encryption Keys" \
--msgbox $"There was a problem mounting the USB drive $USB_DRIVE to $USB_MOUNT" 6 70 --msgbox $"There was a problem mounting the USB drive $USB_DRIVE to $USB_MOUNT" 6 70
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
exit 74393 exit 74393
fi fi
if [ ! -d $USB_MOUNT/.gnupg ]; then if [ ! -d "$USB_MOUNT/.gnupg" ]; then
if [ ! -d $USB_MOUNT/.gnupg_fragments ]; then if [ ! -d "$USB_MOUNT/.gnupg_fragments" ]; then
if (( GPG_CTR > 0 )); then if (( GPG_CTR > 0 )); then
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
gpg_reconstruct_key $MY_USERNAME interactive gpg_reconstruct_key "$MY_USERNAME" interactive
gpg_update_mutt $MY_USERNAME gpg_update_mutt "$MY_USERNAME"
return 0 return 0
fi fi
dialog --title $"Recover Encryption Keys" \ dialog --title $"Recover Encryption Keys" \
--msgbox $"The directory $USB_MOUNT/.gnupg or $USB_MOUNT/.gnupg_fragments was not found" 6 70 --msgbox $"The directory $USB_MOUNT/.gnupg or $USB_MOUNT/.gnupg_fragments was not found" 6 70
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
exit 723814 exit 723814
fi fi
fi fi
if [ -d $USB_MOUNT/letsencrypt ]; then if [ -d "$USB_MOUNT/letsencrypt" ]; then
if [ ! -d /etc/letsencrypt ]; then if [ ! -d /etc/letsencrypt ]; then
mkdir /etc/letsencrypt mkdir /etc/letsencrypt
fi fi
echo $'Recovering LetsEncrypt keys' echo $'Recovering LetsEncrypt keys'
cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt cp -r "$USB_MOUNT/letsencrypt/*" /etc/letsencrypt
addgroup ssl-cert addgroup ssl-cert
chown -R root:ssl-cert /etc/letsencrypt chown -R root:ssl-cert /etc/letsencrypt
fi fi
if [ -f $USB_MOUNT/.mastergpgkey ]; then if [ -f "$USB_MOUNT/.mastergpgkey" ]; then
# Recovering keys from file rather than just copying the gnupg # Recovering keys from file rather than just copying the gnupg
# directory may help to avoid problems during upgrades/reinstalls # directory may help to avoid problems during upgrades/reinstalls
if [ ! -f $USB_MOUNT/.backupgpgkey ]; then if [ ! -f "$USB_MOUNT/.backupgpgkey" ]; then
echo $'No backup key file found on USB drive' echo $'No backup key file found on USB drive'
exit 725729 exit 725729
fi fi
CURR_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME CURR_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//') CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
CURR_GPG_BACKUP_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//') CURR_GPG_BACKUP_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf # If the default key is specified within gpg.conf
if [ -f $HOME_DIR/gpg.conf ]; then if [ -f "$HOME_DIR/gpg.conf" ]; then
if grep -q "default-key" $HOME_DIR/gpg.conf; then if grep -q "default-key" "$HOME_DIR/gpg.conf"; then
default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key") default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf")
if [[ "$default_gpg_key" != *'#'* ]]; then if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf" | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then if [ ${#default_gpg_key} -gt 3 ]; then
CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi fi
fi fi
fi fi
fi fi
echo $'Making backup copy of existing gpg keys' echo $'Making backup copy of existing gpg keys'
if [ -d $HOME_DIR/.gnupg ]; then if [ -d "$HOME_DIR/.gnupg" ]; then
if [ -d $HOME_DIR/.gnupg_old ]; then if [ -d "$HOME_DIR/.gnupg_old" ]; then
rm -rf $HOME_DIR/.gnupg_old rm -rf "$HOME_DIR/.gnupg_old"
fi fi
cp -r $HOME_DIR/.gnupg $HOME_DIR/.gnupg_old cp -r "$HOME_DIR/.gnupg $HOME_DIR/.gnupg_old"
chmod 700 $HOME_DIR/.gnupg_old chmod 700 "$HOME_DIR/.gnupg_old"
chmod -R 600 $HOME_DIR/.gnupg_old/* chmod -R 600 "$HOME_DIR/.gnupg_old/*"
chown -R $MY_USERNAME:$MY_USERNAME $HOME_DIR/.gnupg_old chown -R "$MY_USERNAME":"$MY_USERNAME" "$HOME_DIR/.gnupg_old"
fi fi
echo $'Removing old gpg keys' echo $'Removing old gpg keys'
gpg_delete_key $MY_USERNAME $CURR_GPG_BACKUP_ID gpg_delete_key "$MY_USERNAME" "$CURR_GPG_BACKUP_ID"
gpg_delete_key $MY_USERNAME $CURR_GPG_ID gpg_delete_key "$MY_USERNAME" "$CURR_GPG_ID"
echo $'Importing master keys' echo $'Importing master keys'
gpg --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey gpg --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.mastergpgkey"
echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.backupgpgkey"
if [ -d $HOME_DIR/.gnupg ]; then if [ -d "$HOME_DIR/.gnupg" ]; then
echo $'Setting permissions' echo $'Setting permissions'
gpg_set_permissions $MY_USERNAME gpg_set_permissions "$MY_USERNAME"
echo $"Updating muttrc for $MY_USERNAME" echo $"Updating muttrc for $MY_USERNAME"
gpg_update_mutt $MY_USERNAME gpg_update_mutt "$MY_USERNAME"
fi fi
GPG_LOADING="no" GPG_LOADING="no"
dialog --title $"Recover Encryption Keys" \ dialog --title $"Recover Encryption Keys" \
--msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70 --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
else else
if [ -d $USB_MOUNT/.gnupg ]; then if [ -d "$USB_MOUNT/.gnupg" ]; then
if [ ! -d $HOME_DIR/.gnupg ]; then if [ ! -d "$HOME_DIR/.gnupg" ]; then
mkdir $HOME_DIR/.gnupg mkdir "$HOME_DIR/.gnupg"
fi fi
echo $'Recovering GPG keys' echo $'Recovering GPG keys'
cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg cp -r "$USB_MOUNT/.gnupg/*" "$HOME_DIR/.gnupg"
GPG_LOADING="no" GPG_LOADING="no"
dialog --title $"Recover Encryption Keys" \ dialog --title $"Recover Encryption Keys" \
--msgbox $"GPG Keyring directory loaded to $HOME_DIR" 6 70 --msgbox $"GPG Keyring directory loaded to $HOME_DIR" 6 70
else else
# Collect fragments from the USB drive # Collect fragments from the USB drive
if [ ! -d $HOME_DIR/.gnupg_fragments ]; then if [ ! -d "$HOME_DIR/.gnupg_fragments" ]; then
mkdir $HOME_DIR/.gnupg_fragments mkdir "$HOME_DIR/.gnupg_fragments"
fi fi
cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments cp -r "$USB_MOUNT/.gnupg_fragments/*" "$HOME_DIR/.gnupg_fragments"
fi fi
fi fi
if [[ $SSH_IMPORTED == "no" ]]; then if [[ "$SSH_IMPORTED" == "no" ]]; then
if [ -d $USB_MOUNT/.ssh ]; then if [ -d "$USB_MOUNT/.ssh" ]; then
if [ ! -d $HOME_DIR/.ssh ]; then if [ ! -d "$HOME_DIR/.ssh" ]; then
mkdir $HOME_DIR/.ssh mkdir "$HOME_DIR/.ssh"
fi fi
cp $USB_MOUNT/.ssh/* $HOME_DIR/.ssh cp "$USB_MOUNT/.ssh/*" "$HOME_DIR/.ssh"
dialog --title $"Recover Encryption Keys" \ dialog --title $"Recover Encryption Keys" \
--msgbox $"ssh keys imported" 6 70 --msgbox $"ssh keys imported" 6 70
SSH_IMPORTED="yes" SSH_IMPORTED="yes"
fi fi
fi fi
if [ -d $USB_MOUNT ]; then if [ -d "$USB_MOUNT" ]; then
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
fi fi
if [[ $GPG_LOADING == "yes" ]]; then if [[ $GPG_LOADING == "yes" ]]; then
dialog --title $"Recover Encryption Keys" \ dialog --title $"Recover Encryption Keys" \
@ -185,15 +185,15 @@ function interactive_gpg_from_remote {
REMOTE_SERVERS_LIST=/home/$MY_USERNAME/keyshareservers.txt REMOTE_SERVERS_LIST=/home/$MY_USERNAME/keyshareservers.txt
# get a list of remote servers # get a list of remote servers
${PROJECT_NAME}-remote -u $MY_USERNAME -l $REMOTE_SERVERS_LIST -t "Remote server" "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST" -t "Remote server"
if [ ! -f $REMOTE_SERVERS_LIST ]; then if [ ! -f "$REMOTE_SERVERS_LIST" ]; then
dialog --title $"Encryption Keys Recovery" --msgbox $'Error obtaining server list' 6 70 dialog --title $"Encryption Keys Recovery" --msgbox $'Error obtaining server list' 6 70
return 1 return 1
fi fi
# check the number of entries in the file # check the number of entries in the file
no_of_servers=$(cat $REMOTE_SERVERS_LIST | wc -l) no_of_servers=$(wc -l < "$REMOTE_SERVERS_LIST")
if (( no_of_servers < 3 )); then if (( no_of_servers < 3 )); then
dialog --title $"Encryption Keys Recovery" \ dialog --title $"Encryption Keys Recovery" \
--msgbox $'There must be at least three servers to recover the key' 6 70 --msgbox $'There must be at least three servers to recover the key' 6 70
@ -201,8 +201,7 @@ function interactive_gpg_from_remote {
fi fi
# try to recover the key from the servers # try to recover the key from the servers
${PROJECT_NAME}-recoverkey -u $MY_USERNAME -l $REMOTE_SERVERS_LIST if ! "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST"; then
if [ ! "$?" = "0" ]; then
dialog --title $"Encryption Keys Recovery" --msgbox $'Your key could not be recovered' 6 70 dialog --title $"Encryption Keys Recovery" --msgbox $'Your key could not be recovered' 6 70
return 3 return 3
fi fi
@ -217,36 +216,36 @@ function interactive_gpg {
while [[ $GPG_CONFIGURED != "yes" ]] while [[ $GPG_CONFIGURED != "yes" ]]
do do
GPG_CONFIGURED="yes" GPG_CONFIGURED="yes"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--radiolist $"GPG/PGP keys for your system:" 13 70 3 \ --radiolist $"GPG/PGP keys for your system:" 13 70 3 \
1 $"Generate new keys (new user)" on \ 1 $"Generate new keys (new user)" on \
2 $"Import keys from USB drive/s" off \ 2 $"Import keys from USB drive/s" off \
3 $"Retrieve keys from friends servers" off 2> $data 3 $"Retrieve keys from friends servers" off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 2;; exit 1;;
255) rm -f "$data"
exit 2;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) if [ -d /home/${MY_USERNAME}/.gnupg ]; then 1) if [ -d "/home/${MY_USERNAME}/.gnupg" ]; then
rm -rf /home/${MY_USERNAME}/.gnupg rm -rf "/home/${MY_USERNAME}/.gnupg"
fi fi
break;; break;;
2) interactive_gpg_from_usb 2) interactive_gpg_from_usb
break;; break;;
3) interactive_gpg_from_remote 3) if ! interactive_gpg_from_remote; then
if [ ! "$?" = "0" ]; then
GPG_CONFIGURED="no" GPG_CONFIGURED="no"
fi;; fi;;
esac esac
rm -f "$data"
done done
} }
function interactive_key_recovery { function interactive_key_recovery {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Encryption Keys Recovery" \ dialog --title $"Encryption Keys Recovery" \
--backtitle $"Freedombone Configuration" \ --backtitle $"Freedombone Configuration" \
@ -254,14 +253,16 @@ function interactive_key_recovery {
--yesno $"Do you wish to recover your previous encryption keys from a USB master keydrive?" 7 60 --yesno $"Do you wish to recover your previous encryption keys from a USB master keydrive?" 7 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
clear clear
apt-get -yq install cryptsetup apt-get -yq install cryptsetup
${PROJECT_NAME}-recoverkey -u $MY_USERNAME "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME"
if [ -d /home/$MY_USERNAME/.gnupg ]; then if [ -d "/home/$MY_USERNAME/.gnupg" ]; then
cp -rf /home/$MY_USERNAME/.gnupg /root cp -rf "/home/$MY_USERNAME/.gnupg" /root
chmod 700 /root/.gnupg chmod 700 /root/.gnupg
chmod 600 /root/.gnupg/* chmod 600 /root/.gnupg/*
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
@ -269,6 +270,7 @@ function interactive_key_recovery {
chmod +x /root/.gnupg/crls.d chmod +x /root/.gnupg/crls.d
fi fi
fi fi
rm -f "$data"
} }
function set_password_for_all_users { function set_password_for_all_users {
@ -278,7 +280,7 @@ function set_password_for_all_users {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
${PROJECT_NAME}-pass -u "${USERNAME}" -a "${app_name}" -p "${change_password}" "${PROJECT_NAME}-pass" -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
fi fi
done done
} }

View File

@ -38,14 +38,13 @@ function change_login_message {
rm -f /etc/init.d/motd rm -f /etc/init.d/motd
fi fi
echo '' > /etc/motd { echo ".---. . . ";
echo ".---. . . " >> /etc/motd echo "| | | ";
echo "| | | " >> /etc/motd echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. ";
echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' ";
echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'";
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd echo $' Freedom in the Cloud';
echo $' Freedom in the Cloud' >> /etc/motd echo ''; } > /etc/motd
echo '' >> /etc/motd
mark_completed "${FUNCNAME[0]}" mark_completed "${FUNCNAME[0]}"
} }

View File

@ -35,11 +35,11 @@ MESH_DEFAULT_PROTOCOL=/root/.mesh_protocol_default
function mesh_generate_ipv6_address { function mesh_generate_ipv6_address {
network=fd66:66:66 network=fd66:66:66
if [ $1 ]; then if [ "$1" ]; then
search_ipv6=$(ifconfig $1 | grep $network) search_ipv6=$(ifconfig "$1" | grep "$network")
if [ $search_ipv6 ]; then if [ "$search_ipv6" ]; then
result=$(ifconfig $1 | grep $network | awk -F ' ' '{print $2}') result=$(ifconfig "$1" | grep "$network" | awk -F ' ' '{print $2}')
ip -6 addr add ${result}/128 dev $1 ip -6 addr add "${result}/128" dev "$1"
return return
fi fi
fi fi
@ -51,7 +51,7 @@ function mesh_generate_ipv6_address {
d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]} d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]} e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
result=$network:$a:$b:$c:$d:$e result=$network:$a:$b:$c:$d:$e
ip -6 addr add ${result}/128 dev $1 ip -6 addr add "${result}/128" dev "$1"
} }
function mesh_protocol_init { function mesh_protocol_init {
@ -67,21 +67,21 @@ function mesh_protocol_init {
# Mesh definition # Mesh definition
WIFI_SSID='mesh' WIFI_SSID='mesh'
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
if grep -q "WIFI_SSID:" $COMPLETION_FILE; then if grep -q "WIFI_SSID:" "$COMPLETION_FILE"; then
WIFI_SSID=$(cat $COMPLETION_FILE | grep "WIFI_SSID:" | awk -F ':' '{print $2}') WIFI_SSID=$(grep "WIFI_SSID:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
fi fi
sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" $COMPLETION_FILE sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" "$COMPLETION_FILE"
fi fi
CELLID='any' CELLID='any'
CHANNEL=2 CHANNEL=2
HOTSPOT_CHANNEL=6 HOTSPOT_CHANNEL=6
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
if grep -q "Wifi channel:" $COMPLETION_FILE; then if grep -q "Wifi channel:" "$COMPLETION_FILE"; then
CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}') CHANNEL=$(grep "Wifi channel:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
fi fi
sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" $COMPLETION_FILE sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" "$COMPLETION_FILE"
fi fi
ZERONET_PORT=15441 ZERONET_PORT=15441
@ -101,18 +101,18 @@ function mesh_protocol_init {
EIFACE=eth0 EIFACE=eth0
WLAN_ADAPTORS=$(count_wlan) WLAN_ADAPTORS=$(count_wlan)
if [ $WLAN_ADAPTORS -eq 0 ]; then if [ "$WLAN_ADAPTORS" -eq 0 ]; then
echo $'No wlan adaptors found' echo $'No wlan adaptors found'
exit 0 exit 0
fi fi
} }
function get_ipv6_wlan { function get_ipv6_wlan {
echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}') ifconfig "${IFACE}" | grep inet6 | awk -F ' ' '{print $2}'
} }
function mesh_hotspot_ip_address { function mesh_hotspot_ip_address {
echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}') ifconfig "${BRIDGE}" | grep inet6 | awk -F ' ' '{print $2}'
} }
function global_rate_limit { function global_rate_limit {
@ -129,7 +129,7 @@ function global_rate_limit {
function assign_peer_address { function assign_peer_address {
for i in {1..6}; do for i in {1..6}; do
number=$RANDOM number=$RANDOM
let "number %= 255" (( "number %= 255" ))
octet=$(echo "obase=16;$number" | bc) octet=$(echo "obase=16;$number" | bc)
if [ ${#octet} -lt 2 ]; then if [ ${#octet} -lt 2 ]; then
octet="0${octet}" octet="0${octet}"
@ -142,7 +142,7 @@ function assign_peer_address {
} }
function mesh_create_app_downloads_page { function mesh_create_app_downloads_page {
if [ ! -d /root/$PROJECT_NAME/image_build/mesh_apps ]; then if [ ! -d "/root/$PROJECT_NAME/image_build/mesh_apps" ]; then
return return
fi fi
if [ ! -d /var/www/html ]; then if [ ! -d /var/www/html ]; then
@ -163,27 +163,27 @@ function mesh_create_app_downloads_page {
mv /home/fbone/Desktop/cryptpad.desktop /home/fbone/.cryptpad.desktop mv /home/fbone/Desktop/cryptpad.desktop /home/fbone/.cryptpad.desktop
fi fi
cp /root/$PROJECT_NAME/website/EN/meshindex.html /var/www/html/index.html cp "/root/$PROJECT_NAME/website/EN/meshindex.html" /var/www/html/index.html
if [ ! -f /var/www/html/ssb.apk ]; then if [ ! -f /var/www/html/ssb.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk cp "/root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk" /var/www/html/ssb.apk
fi fi
if [ ! -f /var/www/html/trifa.apk ]; then if [ ! -f /var/www/html/trifa.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk cp "/root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk" /var/www/html/trifa.apk
fi fi
if [ ! -d /var/www/html/images ]; then if [ ! -d /var/www/html/images ]; then
mkdir /var/www/html/images mkdir /var/www/html/images
fi fi
if [ ! -f /var/www/html/images/logo.png ]; then if [ ! -f /var/www/html/images/logo.png ]; then
cp /root/$PROJECT_NAME/img/logo.png /var/www/html/images/logo.png cp "/root/$PROJECT_NAME/img/logo.png" /var/www/html/images/logo.png
fi fi
if [ ! -f /var/www/html/images/ssb.png ]; then if [ ! -f /var/www/html/images/ssb.png ]; then
cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png cp "/root/$PROJECT_NAME/img/icon_patchwork.png" /var/www/html/images/ssb.png
fi fi
if [ ! -f /var/www/html/images/trifa.png ]; then if [ ! -f /var/www/html/images/trifa.png ]; then
cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png
fi fi
if [ ! -f /var/www/html/freedombone.css ]; then if [ ! -f /var/www/html/freedombone.css ]; then
cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css
fi fi
chown -R www-data:www-data /var/www/html/* chown -R www-data:www-data /var/www/html/*
} }
@ -191,8 +191,8 @@ function mesh_create_app_downloads_page {
function enable_mesh_firewall { function enable_mesh_firewall {
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT iptables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport 6240 -j ACCEPT iptables -A INPUT -p udp --dport 6240 -j ACCEPT
iptables -A INPUT -p tcp --dport 6240 -j ACCEPT iptables -A INPUT -p tcp --dport 6240 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT
@ -203,16 +203,16 @@ function enable_mesh_firewall {
iptables -A INPUT -p udp --dport 5353 -j ACCEPT iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT iptables -A INPUT -p udp --dport 5354 -j ACCEPT
iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT iptables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT iptables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT iptables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork # SSB/Scuttlebot/Patchwork
iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT iptables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
iptables -A INPUT -p udp --dport 8008 -j ACCEPT iptables -A INPUT -p udp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p udp --dport 8010 -j ACCEPT iptables -A INPUT -p udp --dport 8010 -j ACCEPT
@ -227,8 +227,8 @@ function enable_mesh_firewall {
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT ip6tables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport 6240 -j ACCEPT ip6tables -A INPUT -p udp --dport 6240 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 6240 -j ACCEPT ip6tables -A INPUT -p tcp --dport 6240 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
@ -239,16 +239,16 @@ function enable_mesh_firewall {
ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 5354 -j ACCEPT ip6tables -A INPUT -p tcp --dport 5354 -j ACCEPT
ip6tables -A INPUT -p udp --dport 5354 -j ACCEPT ip6tables -A INPUT -p udp --dport 5354 -j ACCEPT
ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT ip6tables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT ip6tables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT ip6tables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork # SSB/Scuttlebot/Patchwork
ip6tables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
ip6tables -A INPUT -p udp --dport 8008 -j ACCEPT ip6tables -A INPUT -p udp --dport 8008 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT
ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT
@ -266,12 +266,12 @@ function enable_mesh_firewall {
# to discover local peers # to discover local peers
iptables -A INPUT -p tcp --dport 653 -j ACCEPT iptables -A INPUT -p tcp --dport 653 -j ACCEPT
iptables -A INPUT -p udp --dport 653 -j ACCEPT iptables -A INPUT -p udp --dport 653 -j ACCEPT
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
@ -280,8 +280,8 @@ function enable_mesh_firewall {
} }
function disable_mesh_firewall { function disable_mesh_firewall {
iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT iptables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport 6240 -j ACCEPT iptables -D INPUT -p udp --dport 6240 -j ACCEPT
iptables -D INPUT -p tcp --dport 6240 -j ACCEPT iptables -D INPUT -p tcp --dport 6240 -j ACCEPT
iptables -D INPUT -p tcp --dport 80 -j ACCEPT iptables -D INPUT -p tcp --dport 80 -j ACCEPT
@ -292,17 +292,17 @@ function disable_mesh_firewall {
iptables -D INPUT -p udp --dport 5353 -j ACCEPT iptables -D INPUT -p udp --dport 5353 -j ACCEPT
iptables -D INPUT -p tcp --dport 5354 -j ACCEPT iptables -D INPUT -p tcp --dport 5354 -j ACCEPT
iptables -D INPUT -p udp --dport 5354 -j ACCEPT iptables -D INPUT -p udp --dport 5354 -j ACCEPT
iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT iptables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT iptables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT iptables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT iptables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork # SSB/Scuttlebot/Patchwork
iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT iptables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
iptables -D INPUT -p udp --dport 8008 -j ACCEPT iptables -D INPUT -p udp --dport 8008 -j ACCEPT
iptables -D INPUT -p tcp --dport 8008 -j ACCEPT iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
iptables -D INPUT -p udp --dport 8010 -j ACCEPT iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@ -315,8 +315,8 @@ function disable_mesh_firewall {
ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT ip6tables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport 6240 -j ACCEPT ip6tables -D INPUT -p udp --dport 6240 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 6240 -j ACCEPT ip6tables -D INPUT -p tcp --dport 6240 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 80 -j ACCEPT ip6tables -D INPUT -p tcp --dport 80 -j ACCEPT
@ -327,17 +327,17 @@ function disable_mesh_firewall {
ip6tables -D INPUT -p udp --dport 5353 -j ACCEPT ip6tables -D INPUT -p udp --dport 5353 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 5354 -j ACCEPT ip6tables -D INPUT -p tcp --dport 5354 -j ACCEPT
ip6tables -D INPUT -p udp --dport 5354 -j ACCEPT ip6tables -D INPUT -p udp --dport 5354 -j ACCEPT
ip6tables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT ip6tables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT ip6tables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT ip6tables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT ip6tables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
ip6tables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
# SSB/Scuttlebot/Patchwork # SSB/Scuttlebot/Patchwork
ip6tables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT ip6tables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
ip6tables -D INPUT -p udp --dport 8008 -j ACCEPT ip6tables -D INPUT -p udp --dport 8008 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT
ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT
@ -352,12 +352,12 @@ function disable_mesh_firewall {
# vpn over the internet # vpn over the internet
iptables -D INPUT -p tcp --dport 653 -j ACCEPT iptables -D INPUT -p tcp --dport 653 -j ACCEPT
iptables -D INPUT -p udp --dport 653 -j ACCEPT iptables -D INPUT -p udp --dport 653 -j ACCEPT
iptables -D INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT iptables -D INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -D INPUT -i tun+ -j ACCEPT iptables -D INPUT -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -j ACCEPT iptables -D FORWARD -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
iptables -D OUTPUT -o tun+ -j ACCEPT iptables -D OUTPUT -o tun+ -j ACCEPT
echo 0 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/ip_forward
@ -401,25 +401,25 @@ function enable_mesh_tor {
} }
function enable_mesh_seconary_wifi { function enable_mesh_seconary_wifi {
if [ $secondary_wifi_available ]; then if [ "$secondary_wifi_available" ]; then
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
mesh_hotspot_address=$(mesh_hotspot_ip_address) mesh_hotspot_address=$(mesh_hotspot_ip_address)
if [[ "$mesh_hotspot_address" == *'.'* ]]; then if [[ "$mesh_hotspot_address" == *'.'* ]]; then
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf { echo "interface=${IFACE_SECONDARY}";
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf echo "bridge=${BRIDGE}";
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf echo 'driver=nl80211';
echo "country_code=UK" >> /etc/hostapd/hostapd.conf echo "country_code=UK";
echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}";
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf echo 'hw_mode=g';
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf echo "channel=${HOTSPOT_CHANNEL}";
echo 'wpa=2' >> /etc/hostapd/hostapd.conf echo 'wpa=2';
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf echo "wpa_passphrase=$HOTSPOT_PASSPHRASE";
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf echo 'wpa_key_mgmt=WPA-PSK';
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf echo 'wpa_pairwise=TKIP';
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf echo 'rsn_pairwise=CCMP';
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf echo 'auth_algs=1';
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf echo 'macaddr_acl=0'; } > /etc/hostapd/hostapd.conf
sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
@ -437,7 +437,7 @@ function enable_mesh_seconary_wifi {
fi fi
fi fi
if [ ! $secondary_wifi_available ]; then if [ ! "$secondary_wifi_available" ]; then
systemctl stop hostapd systemctl stop hostapd
systemctl disable hostapd systemctl disable hostapd

View File

@ -41,14 +41,14 @@ function meteor_cleanUp {
} }
function install_meteor_script { function install_meteor_script {
meteor_dir=$1 meteor_dir="$1"
if [ ! $meteor_dir ]; then if [ ! "$meteor_dir" ]; then
echo $'No meteor install directory specified' echo $'No meteor install directory specified'
exit 692025 exit 692025
fi fi
if [ ! -d $meteor_dir ]; then if [ ! -d "$meteor_dir" ]; then
echo $'Meteor install directory not found' echo $'Meteor install directory not found'
exit 845382 exit 845382
fi fi
@ -67,19 +67,19 @@ function install_meteor_script {
DIR_PREFIX="/usr/local" DIR_PREFIX="/usr/local"
TARBALL_URL="$https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz" TARBALL_URL="https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
INSTALL_TMPDIR="$meteor_dir/.meteor-install-tmp" INSTALL_TMPDIR="$meteor_dir/.meteor-install-tmp"
TARBALL_FILE="$meteor_dir/.meteor-tarball-tmp" TARBALL_FILE="$meteor_dir/.meteor-tarball-tmp"
# Remove temporary files now in case they exist. # Remove temporary files now in case they exist.
meteor_cleanUp meteor_cleanUp
if [ -d $INSTALL_TMPDIR ]; then if [ -d "$INSTALL_TMPDIR" ]; then
rm -rf $INSTALL_TMPDIR rm -rf "$INSTALL_TMPDIR"
fi fi
mkdir "$INSTALL_TMPDIR" mkdir "$INSTALL_TMPDIR"
if [ ! -f ${TARBALL_FILE} ]; then if [ ! -f "${TARBALL_FILE}" ]; then
echo "Downloading Meteor distribution" echo "Downloading Meteor distribution"
# keep trying to curl the file until it works (resuming where possible) # keep trying to curl the file until it works (resuming where possible)
MAX_ATTEMPTS=10 MAX_ATTEMPTS=10
@ -90,11 +90,8 @@ function install_meteor_script {
do do
ATTEMPTS=$((ATTEMPTS + 1)) ATTEMPTS=$((ATTEMPTS + 1))
curl --progress-bar --fail --continue-at - \ if curl --progress-bar --fail --continue-at - \
"$TARBALL_URL" --output "$TARBALL_FILE" "$TARBALL_URL" --output "$TARBALL_FILE"; then
if [ $? -eq 0 ]
then
break break
fi fi
@ -103,14 +100,14 @@ function install_meteor_script {
done done
fi fi
if [ ! -f ${TARBALL_FILE} ]; then if [ ! -f "${TARBALL_FILE}" ]; then
echo $'meteor tarball could not be downloaded' echo $'meteor tarball could not be downloaded'
exit 7272452 exit 7272452
fi fi
tar -xzf "$TARBALL_FILE" -C "$INSTALL_TMPDIR" -o tar -xzf "$TARBALL_FILE" -C "$INSTALL_TMPDIR" -o
if [ ! -f ${INSTALL_TMPDIR}/.meteor/meteor ]; then if [ ! -f "${INSTALL_TMPDIR}/.meteor/meteor" ]; then
echo $'tarball not extracted' echo $'tarball not extracted'
exit 693252 exit 693252
fi fi
@ -201,10 +198,10 @@ EOF
function install_meteor { function install_meteor {
apt-get -yq install curl apt-get -yq install curl
if [ ! -d $INSTALL_DIR/meteor ]; then if [ ! -d "$INSTALL_DIR/meteor" ]; then
mkdir $INSTALL_DIR/meteor mkdir "$INSTALL_DIR/meteor"
fi fi
cd $INSTALL_DIR/meteor cd "$INSTALL_DIR/meteor" || exit 72345274
install_meteor_script install_meteor_script
} }

View File

@ -35,14 +35,14 @@ MONGODB_APPS_FILE=$HOME/.mongodbapps
function store_original_mongodb_password { function store_original_mongodb_password {
if [ ! -f /root/.mongodboriginal ]; then if [ ! -f /root/.mongodboriginal ]; then
echo $'Storing original mongodb password' echo $'Storing original mongodb password'
ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb) ORIGINAL_MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
# We can store this in plaintext because it will soon be of historical interest only # We can store this in plaintext because it will soon be of historical interest only
echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
fi fi
} }
function get_mongodb_password { function get_mongodb_password {
MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb) MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
echo $'Could not obtain mongodb password' echo $'Could not obtain mongodb password'
exit 7835272 exit 7835272
@ -63,14 +63,14 @@ function install_mongodb {
function_check get_mongodb_password function_check get_mongodb_password
get_mongodb_password get_mongodb_password
if [ ! $MONGODB_PASSWORD ]; then if [ ! "$MONGODB_PASSWORD" ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" MONGODB_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" MONGODB_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD" "${PROJECT_NAME}-pass" -u root -a mongodb -p "$MONGODB_PASSWORD"
apt-get -yq install mongodb mongo-tools apt-get -yq install mongodb mongo-tools
apt-get -yq remove --purge apache2-bin* apt-get -yq remove --purge apache2-bin*
@ -84,9 +84,9 @@ function install_mongodb {
exit 78352 exit 78352
fi fi
if [ $app_name ]; then if [ "$app_name" ]; then
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
echo "$app_name" >> $MONGODB_APPS_FILE echo "$app_name" >> "$MONGODB_APPS_FILE"
fi fi
fi fi
@ -96,14 +96,14 @@ function install_mongodb {
function remove_mongodb { function remove_mongodb {
app_name=$1 app_name=$1
if [ ! $app_name ]; then if [ ! "$app_name" ]; then
return return
fi fi
removemongo= removemongo=
if [ -f $MONGODB_APPS_FILE ]; then if [ -f "$MONGODB_APPS_FILE" ]; then
sed -i "/$app_name/d" $MONGODB_APPS_FILE sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
if [ ! -s $MONGODB_APPS_FILE ]; then if [ ! -s "$MONGODB_APPS_FILE" ]; then
removemongo=1 removemongo=1
fi fi
else else
@ -125,7 +125,7 @@ function remove_mongodb {
if [ -f /etc/init.d/mongodb ]; then if [ -f /etc/init.d/mongodb ]; then
rm /etc/init.d/mongodb rm /etc/init.d/mongodb
fi fi
sed -i '/install_mongodb/d' $COMPLETION_FILE sed -i '/install_mongodb/d' "$COMPLETION_FILE"
fi fi
} }
@ -146,10 +146,10 @@ function drop_database_mongodb {
if [[ "$database_name" == 'admin' ]]; then if [[ "$database_name" == 'admin' ]]; then
return return
fi fi
mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )" mongo "$database_name" --eval "db.runCommand( { dropDatabase: 1 } )"
if [ $app_name ]; then if [ "$app_name" ]; then
if grep -q "$app_name" $MONGODB_APPS_FILE; then if grep -q "$app_name" "$MONGODB_APPS_FILE"; then
sed -i "/$app_name/d" $MONGODB_APPS_FILE sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
fi fi
fi fi
} }
@ -157,8 +157,7 @@ function drop_database_mongodb {
function initialise_database_mongodb { function initialise_database_mongodb {
database_name=$1 database_name=$1
database_file=$2 database_file=$2
mongorestore $database_file if ! mongorestore "$database_file"; then
if [ ! "$?" = "0" ]; then
exit 8358365 exit 8358365
fi fi
} }
@ -166,11 +165,13 @@ function initialise_database_mongodb {
function create_database_mongodb { function create_database_mongodb {
app_name="$1" app_name="$1"
app_admin_password="$2" app_admin_password="$2"
app_admin_username=$3 app_admin_username="$3"
mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })" mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
if [ $app_name ]; then if [ "$app_name" ]; then
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
echo "$app_name" >> $MONGODB_APPS_FILE echo "$app_name" >> "$MONGODB_APPS_FILE"
fi fi
fi fi
} }
# NOTE: deliberately there is no "exit 0"

View File

@ -34,22 +34,22 @@ function install_monkeysphere {
fi fi
apt-get -yq install monkeysphere msva-perl apt-get -yq install monkeysphere msva-perl
#su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME #su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
mkdir /home/$MY_USERNAME/.monkeysphere mkdir "/home/$MY_USERNAME/.monkeysphere"
chmod 755 /home/$MY_USERNAME/.monkeysphere chmod 755 "/home/$MY_USERNAME/.monkeysphere"
echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids chmod 644 "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.monkeysphere"
monkeysphere-authentication update-users monkeysphere-authentication update-users
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo $'monkeysphere import: ssh host key not found' echo $'monkeysphere import: ssh host key not found'
exit 76295 exit 76295
fi fi
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}') SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME") MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME" echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
@ -57,8 +57,8 @@ function install_monkeysphere {
fi fi
fi fi
# The admin user is the identity certifier # The admin user is the identity certifier
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}') fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr monkeysphere-authentication add-identity-certifier "$fpr"
mark_completed "${FUNCNAME[0]}" mark_completed "${FUNCNAME[0]}"
} }

View File

@ -62,11 +62,11 @@ function install_static_network {
echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
echo 'auto eth0' > /etc/network/interfaces.d/static { echo 'auto eth0';
echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static echo 'iface eth0 inet static';
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces.d/static echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS";
echo ' netmask 255.255.255.0' >> /etc/network/interfaces.d/static echo ' netmask 255.255.255.0';
echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces.d/static echo " gateway $ROUTER_IP_ADDRESS"; } > /etc/network/interfaces.d/static
mark_completed "${FUNCNAME[0]}" mark_completed "${FUNCNAME[0]}"
} }
@ -77,23 +77,23 @@ function get_external_ipv4_address {
function get_ipv4_address { function get_ipv4_address {
IPv4dev=$(ip route get $IPV4_ADDRESS_TEST_DESTINATION | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') IPv4dev=$(ip route get $IPV4_ADDRESS_TEST_DESTINATION | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
echo $(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}') ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}'
} }
function get_ipv6_address { function get_ipv6_address {
retval=$(ip -6 route get $IPV6_ADDRESS_TEST_DESTINATION 2> /dev/null) retval=$(ip -6 route get $IPV6_ADDRESS_TEST_DESTINATION 2> /dev/null)
echo $(echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }') echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }'
} }
function update_external_ip { function update_external_ip {
ip_update_script=/usr/bin/externalipupdate ip_update_script=/usr/bin/externalipupdate
echo '#!/bin/bash' >> $ip_update_script { echo '#!/bin/bash';
echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'";
echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')";
echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script echo "if [[ \"\$curr_ip\" != \"\$existing_ip\" ]]; then";
echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE";
echo " echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt" >> $ip_update_script echo " echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt";
echo 'fi' >> $ip_update_script echo 'fi'; } > $ip_update_script
cron_add_mins 10 $ip_update_script cron_add_mins 10 $ip_update_script
} }