This commit is contained in:
Bob Mottram 2018-03-03 10:36:40 +00:00
commit bb39f77020
158 changed files with 17351 additions and 17658 deletions

View File

@ -23,6 +23,7 @@ install:
mkdir -p ${DESTDIR}/usr/share/${APP}/utils mkdir -p ${DESTDIR}/usr/share/${APP}/utils
mkdir -p ${DESTDIR}/usr/share/${APP}/avatars mkdir -p ${DESTDIR}/usr/share/${APP}/avatars
mkdir -p ${DESTDIR}/etc/${APP} mkdir -p ${DESTDIR}/etc/${APP}
rm -f ${DESTDIR}/${PREFIX}/bin/${APP}-*
cp -r image_build/* ${DESTDIR}/etc/${APP} cp -r image_build/* ${DESTDIR}/etc/${APP}
cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share
cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars

Binary file not shown.

View File

@ -12,14 +12,14 @@ ERR=$TMP/cronic.err
TRACE=$TMP/cronic.trace TRACE=$TMP/cronic.trace
set +e set +e
"$@" >$OUT 2>$TRACE "$@" >"$OUT" 2>"$TRACE"
RESULT=$? RESULT=$?
set -e set -e
PATTERN="^${PS4:0:1}\\+${PS4:1}" PATTERN="^${PS4:0:1}\\+${PS4:1}"
if grep -aq "$PATTERN" $TRACE if grep -aq "$PATTERN" "$TRACE"
then then
! grep -av "$PATTERN" $TRACE > $ERR ! grep -av "$PATTERN" "$TRACE" > "$ERR"
else else
ERR=$TRACE ERR=$TRACE
fi fi
@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ]
echo echo
echo "STANDARD OUTPUT:" echo "STANDARD OUTPUT:"
cat "$OUT" cat "$OUT"
if [ $TRACE != $ERR ] if [ "$TRACE" != "$ERR" ]
then then
echo echo
echo "TRACE-ERROR OUTPUT:" echo "TRACE-ERROR OUTPUT:"

View File

@ -42,61 +42,61 @@ fi
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
command_options=$1 command_options="$1"
if [[ $command_options == "menuconfig-full" ]]; then if [[ "$command_options" == "menuconfig-full" ]]; then
MINIMAL_INSTALL="no" MINIMAL_INSTALL="no"
fi fi
if [[ $command_options == "menuconfig-onion" ]]; then if [[ "$command_options" == "menuconfig-onion" ]]; then
MINIMAL_INSTALL="yes" MINIMAL_INSTALL="yes"
ONION_ONLY="yes" ONION_ONLY="yes"
fi fi
if [[ $command_options == "menuconfig-gnusocial" ]]; then if [[ "$command_options" == "menuconfig-gnusocial" ]]; then
MINIMAL_INSTALL="yes" MINIMAL_INSTALL="yes"
ONION_ONLY="no" ONION_ONLY="no"
SOCIALINSTANCE='gnusocial' SOCIALINSTANCE='gnusocial'
fi fi
if [[ $command_options == "menuconfig-postactiv" ]]; then if [[ "$command_options" == "menuconfig-postactiv" ]]; then
MINIMAL_INSTALL="yes" MINIMAL_INSTALL="yes"
ONION_ONLY="no" ONION_ONLY="no"
SOCIALINSTANCE='postactiv' SOCIALINSTANCE='postactiv'
fi fi
if [ ! $CONFIGURATION_FILE ]; then if [ ! "$CONFIGURATION_FILE" ]; then
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
fi fi
if [ ! $COMPLETION_FILE ]; then if [ ! "$COMPLETION_FILE" ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
fi fi
# before the interactive config so that wifi adaptors may be detected # before the interactive config so that wifi adaptors may be detected
setup_wifi_atheros setup_wifi_atheros
if [[ $command_options == "menuconfig"* ]]; then if [[ "$command_options" == "menuconfig"* ]]; then
if [[ "$2" == "--reset" ]]; then if [[ "$2" == "--reset" ]]; then
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
rm $CONFIGURATION_FILE rm "$CONFIGURATION_FILE"
fi fi
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
rm $COMPLETION_FILE rm "$COMPLETION_FILE"
fi fi
if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then
rm /usr/share/${PROJECT_NAME}/installed.txt rm "/usr/share/${PROJECT_NAME}/installed.txt"
fi fi
if [ -f /root/removed ]; then if [ -f /root/removed ]; then
rm /root/removed rm /root/removed
@ -104,20 +104,20 @@ if [[ $command_options == "menuconfig"* ]]; then
fi fi
# clear the interactive file which indicates configuration success # clear the interactive file which indicates configuration success
interactive_file=$HOME/.${PROJECT_NAME}-interactive interactive_file="$HOME/.${PROJECT_NAME}-interactive"
if [ -f $interactive_file ]; then if [ -f "$interactive_file" ]; then
rm $interactive_file rm "$interactive_file"
fi fi
interactive_configuration interactive_configuration
# check that the interactive file was created # check that the interactive file was created
if [ ! -f $interactive_file ]; then if [ ! -f "$interactive_file" ]; then
exit 6393562 exit 6393562
fi fi
rm $interactive_file rm "$interactive_file"
else else
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -169,12 +169,12 @@ else
# Static IP address for the system # Static IP address for the system
--ip) --ip)
shift shift
LOCAL_NETWORK_STATIC_IP_ADDRESS=$1 LOCAL_NETWORK_STATIC_IP_ADDRESS="$1"
;; ;;
# IP address for the internet router # IP address for the internet router
--iprouter) --iprouter)
shift shift
ROUTER_IP_ADDRESS=$1 ROUTER_IP_ADDRESS="$1"
;; ;;
# ssh port # ssh port
--ssh) --ssh)
@ -214,61 +214,61 @@ else
# Mumble server password # Mumble server password
--vpass) --vpass)
shift shift
MUMBLE_SERVER_PASSWORD=$1 MUMBLE_SERVER_PASSWORD="$1"
;; ;;
# Mumble server port # Mumble server port
--vport) --vport)
shift shift
MUMBLE_PORT=$1 MUMBLE_PORT="$1"
;; ;;
# DNS Nameserver 1 # DNS Nameserver 1
--ns1) --ns1)
shift shift
NAMESERVER1=$1 NAMESERVER1="$1"
;; ;;
# DNS Nameserver 2 # DNS Nameserver 2
--ns2) --ns2)
shift shift
NAMESERVER2=$1 NAMESERVER2="$1"
;; ;;
# DNS Nameserver 3 # DNS Nameserver 3
--ns3) --ns3)
shift shift
NAMESERVER3=$1 NAMESERVER3="$1"
;; ;;
# DNS Nameserver 4 # DNS Nameserver 4
--ns4) --ns4)
shift shift
NAMESERVER4=$1 NAMESERVER4="$1"
;; ;;
# DNS Nameserver 5 # DNS Nameserver 5
--ns5) --ns5)
shift shift
NAMESERVER5=$1 NAMESERVER5="$1"
;; ;;
# DNS Nameserver 6 # DNS Nameserver 6
--ns6) --ns6)
shift shift
NAMESERVER6=$1 NAMESERVER6="$1"
;; ;;
# Debian repository # Debian repository
--repo) --repo)
shift shift
DEBIAN_REPO=$1 DEBIAN_REPO="$1"
;; ;;
# clear the config file # clear the config file
--reset) --reset)
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
rm $CONFIGURATION_FILE rm "$CONFIGURATION_FILE"
fi fi
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
rm $COMPLETION_FILE rm "$COMPLETION_FILE"
fi fi
;; ;;
# minimal install # minimal install
--minimal) --minimal)
shift shift
MINIMAL_INSTALL=$1 MINIMAL_INSTALL="$1"
;; ;;
*) *)
# unknown option # unknown option
@ -293,7 +293,7 @@ function parse_args {
read_config_param 'DDNS_USERNAME' read_config_param 'DDNS_USERNAME'
read_config_param 'DDNS_PASSWORD' read_config_param 'DDNS_PASSWORD'
if [ ! -d /home/$MY_USERNAME ]; then if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user." echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
exit 1 exit 1
fi fi
@ -304,7 +304,7 @@ function parse_args {
exit 2 exit 2
fi fi
fi fi
if [ ! $MY_USERNAME ]; then if [ ! "$MY_USERNAME" ]; then
echo 'No username specified' echo 'No username specified'
show_help show_help
exit 3 exit 3
@ -312,11 +312,11 @@ function parse_args {
if [[ $SYSTEM_TYPE != "mesh"* ]]; then if [[ $SYSTEM_TYPE != "mesh"* ]]; then
if [[ "$DDNS_PROVIDER" != 'none' ]]; then if [[ "$DDNS_PROVIDER" != 'none' ]]; then
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
if [ ! $DDNS_USERNAME ]; then if [ ! "$DDNS_USERNAME" ]; then
echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option' echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
exit 7823 exit 7823
fi fi
if [ ! $DDNS_PASSWORD ]; then if [ ! "$DDNS_PASSWORD" ]; then
echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option' echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
exit 6382 exit 6382
fi fi
@ -324,7 +324,7 @@ function parse_args {
fi fi
fi fi
if [ ! $SYSTEM_TYPE ]; then if [ ! "$SYSTEM_TYPE" ]; then
SYSTEM_TYPE=$'full' SYSTEM_TYPE=$'full'
write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE" write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE"
fi fi
@ -338,8 +338,7 @@ function parse_args {
# run some initial tests # run some initial tests
clear clear
${PROJECT_NAME}-tests if ! "${PROJECT_NAME}-tests"; then
if [ ! "$?" = "0" ]; then
exit 768252 exit 768252
fi fi
@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions
setup_utils setup_utils
setup_email setup_email
setup_web setup_web
setup_apps $command_options setup_apps "$command_options"
setup_final setup_final
echo '' echo ''

View File

@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
# Don't pin certs by default # Don't pin certs by default
@ -85,7 +85,7 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -145,11 +145,11 @@ do
;; ;;
--dhkey) --dhkey)
shift shift
DH_KEYLENGTH=${1} DH_KEYLENGTH="${1}"
;; ;;
--pin) --pin)
shift shift
PIN_CERTS=${1} PIN_CERTS="${1}"
;; ;;
*) *)
# unknown option # unknown option
@ -158,8 +158,8 @@ do
shift shift
done done
if [ ! $HOSTNAME ]; then if [ ! "$HOSTNAME" ]; then
if [ ! $LETSENCRYPT_HOSTNAME ]; then if [ ! "$LETSENCRYPT_HOSTNAME" ]; then
echo $'No hostname specified' echo $'No hostname specified'
exit 5748 exit 5748
fi fi
@ -180,16 +180,16 @@ function remove_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME CERTFILE=$LETSENCRYPT_HOSTNAME
# disable the site if needed # disable the site if needed
if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then
if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then
nginx_dissite ${LETSENCRYPT_HOSTNAME} nginx_dissite "${LETSENCRYPT_HOSTNAME}"
fi fi
fi fi
# remove the cert # remove the cert
rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}* rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*"
rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}* rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*"
rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf"
# restart the web server # restart the web server
systemctl restart nginx systemctl restart nginx
@ -199,14 +199,14 @@ function add_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME CERTFILE=$LETSENCRYPT_HOSTNAME
# obtain the email address for the admin user # obtain the email address for the admin user
if [ ! $MY_EMAIL_ADDRESS ]; then if [ ! "$MY_EMAIL_ADDRESS" ]; then
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
read_config_param MY_EMAIL_ADDRESS read_config_param MY_EMAIL_ADDRESS
fi fi
fi fi
if [ ! $MY_EMAIL_ADDRESS ]; then if [ ! "$MY_EMAIL_ADDRESS" ]; then
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
if grep -q "Admin user:" $COMPLETION_FILE; then if grep -q "Admin user:" "$COMPLETION_FILE"; then
function_check get_completion_param function_check get_completion_param
ADMIN_USER=$(get_completion_param "Admin user") ADMIN_USER=$(get_completion_param "Admin user")
if [ ${#ADMIN_USER} -eq 0 ]; then if [ ${#ADMIN_USER} -eq 0 ]; then
@ -232,8 +232,7 @@ function add_cert_letsencrypt {
chgrp -R root /etc/letsencrypt chgrp -R root /etc/letsencrypt
chmod -R 777 /etc/letsencrypt chmod -R 777 /etc/letsencrypt
certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then
if [ ! "$?" = "0" ]; then
echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
echo $'Also see https://letsencrypt.status.io to check for any service outages' echo $'Also see https://letsencrypt.status.io to check for any service outages'
chgrp -R ssl-cert /etc/letsencrypt chgrp -R ssl-cert /etc/letsencrypt
@ -245,42 +244,42 @@ function add_cert_letsencrypt {
fi fi
# replace some legacy filenames # replace some legacy filenames
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
# link the private key # link the private key
if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then
mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old"
else else
rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
fi fi
fi fi
if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
fi fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
# link the public key # link the public key
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old"
else else
rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
fi fi
if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
fi fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem"
update_default_domain update_default_domain
@ -291,12 +290,11 @@ function add_cert_letsencrypt {
chmod -R g=rX /etc/letsencrypt chmod -R g=rX /etc/letsencrypt
chown -R root:ssl-cert /etc/letsencrypt chown -R root:ssl-cert /etc/letsencrypt
nginx_ensite ${LETSENCRYPT_HOSTNAME} nginx_ensite "${LETSENCRYPT_HOSTNAME}"
systemctl start nginx systemctl start nginx
if [ $PIN_CERTS ]; then if [ "$PIN_CERTS" ]; then
${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then
if [ ! "$?" = "0" ]; then
echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
exit 62878 exit 62878
fi fi
@ -304,21 +302,20 @@ function add_cert_letsencrypt {
} }
function add_cert_selfsigned { function add_cert_selfsigned {
if [[ $ORGANISATION == "Freedombone-CA" ]]; then if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then
CERTFILE="ca-$HOSTNAME" CERTFILE="ca-$HOSTNAME"
fi fi
openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \ openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \ -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \ -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
-out /etc/ssl/certs/${CERTFILE}.crt -out "/etc/ssl/certs/${CERTFILE}.crt"
chmod 400 /etc/ssl/private/${CERTFILE}.key chmod 400 "/etc/ssl/private/${CERTFILE}.key"
chmod 640 /etc/ssl/certs/${CERTFILE}.crt chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
if [ $PIN_CERTS ]; then if [ "$PIN_CERTS" ]; then
${PROJECT_NAME}-pin-cert $CERTFILE if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
if [ ! "$?" = "0" ]; then
echo $"Certificate for $CERTFILE could not be pinned" echo $"Certificate for $CERTFILE could not be pinned"
exit 62879 exit 62879
fi fi
@ -326,9 +323,9 @@ function add_cert_selfsigned {
} }
function generate_dh_params { function generate_dh_params {
if [ ! $NODH ]; then if [ ! "$NODH" ]; then
if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then
${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes
fi fi
fi fi
} }
@ -346,12 +343,12 @@ function make_cert_bundle {
} }
function create_cert { function create_cert {
if [ $remove_cert ]; then if [ "$remove_cert" ]; then
remove_cert_letsencrypt remove_cert_letsencrypt
return return
fi fi
if [ $LETSENCRYPT_HOSTNAME ]; then if [ "$LETSENCRYPT_HOSTNAME" ]; then
add_cert_letsencrypt add_cert_letsencrypt
else else
add_cert_selfsigned add_cert_selfsigned

View File

@ -47,54 +47,54 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
case $key in case $key in
-h|--help) -h|--help)
show_help show_help
;; ;;
-u|--user) -u|--user)
shift shift
MYUSERNAME="$1" MYUSERNAME="$1"
;; ;;
-e|--email) -e|--email)
shift shift
EMAILADDRESS="$1" EMAILADDRESS="$1"
;; ;;
-s|--subject) -s|--subject)
shift shift
SUBJECT_TEXT="$1" SUBJECT_TEXT="$1"
;; ;;
-g|--group) -g|--group)
shift shift
GROUP_NAME="$1" GROUP_NAME="$1"
;; ;;
-p|--public) -p|--public)
shift shift
PUBLIC="$1" PUBLIC="$1"
;; ;;
*) *)
# unknown option # unknown option
;; ;;
esac esac
shift shift
done done
if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then
show_help show_help
fi fi
if [ ${#EMAILADDRESS} -lt 2 ]; then if [ "${#EMAILADDRESS}" -lt 2 ]; then
if [ ${#SUBJECT_TEXT} -lt 2 ]; then if [ ${#SUBJECT_TEXT} -lt 2 ]; then
show_help show_help
fi fi
fi fi
MUTTRC=/home/$MYUSERNAME/.muttrc MUTTRC="/home/$MYUSERNAME/.muttrc"
PM=/home/$MYUSERNAME/.procmailrc PM="/home/$MYUSERNAME/.procmailrc"
LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME"
proc_rule=" * ^From:.*$EMAILADDRESS" proc_rule=" * ^From:.*$EMAILADDRESS"
proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME" proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME"
@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then
fi fi
if [ ! -d "$LISTDIR" ]; then if [ ! -d "$LISTDIR" ]; then
mkdir -m 700 $LISTDIR mkdir -m 700 "$LISTDIR"
mkdir -m 700 $LISTDIR/tmp mkdir -m 700 "$LISTDIR/tmp"
mkdir -m 700 $LISTDIR/new mkdir -m 700 "$LISTDIR/new"
mkdir -m 700 $LISTDIR/cur mkdir -m 700 "$LISTDIR/cur"
fi fi
chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
if ! grep -q "$proc_comment" $PM; then if ! grep -q "$proc_comment" "$PM"; then
if [[ $PUBLIC != "yes" ]]; then if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage # private emails go after the encryption stage
echo '' >> $PM { echo '';
echo "$proc_comment" >> $PM echo "$proc_comment";
echo ":0" >> $PM echo ":0";
echo "$proc_rule" >> $PM echo "$proc_rule";
echo "$LISTDIR/new" >> $PM echo "$LISTDIR/new";
echo "# End of rule" >> $PM echo "# End of rule"; } >> "$PM"
else else
# public emails are copied before the encryption stage # public emails are copied before the encryption stage
if ! grep -q '# encrypt' $PM; then if ! grep -q '# encrypt' "$PM"; then
echo '' >> $PM { echo '';
echo "$proc_comment" >> $PM echo "$proc_comment";
echo ":0" >> $PM echo ":0";
echo "$proc_rule" >> $PM echo "$proc_rule";
echo "$LISTDIR/new" >> $PM echo "$LISTDIR/new";
echo "# End of rule" >> $PM echo "# End of rule"; } >> "$PM"
else else
filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n") sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
sed -i "/# encrypt/i ${filter}" $PM fi
fi fi
fi chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
chown $MYUSERNAME:$MYUSERNAME $PM
fi fi
if [ ! -f "$MUTTRC" ]; then if [ ! -f "$MUTTRC" ]; then
cp /etc/Muttrc $MUTTRC cp /etc/Muttrc "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
PROCMAILLOG=/home/$MYUSERNAME/log PROCMAILLOG=/home/$MYUSERNAME/log
if [ ! -d $PROCMAILLOG ]; then if [ ! -d "$PROCMAILLOG" ]; then
mkdir $PROCMAILLOG mkdir "$PROCMAILLOG"
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi fi
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then
if ! grep -q "=$GROUP_NAME" $MUTTRC; then if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
fi fi

View File

@ -47,124 +47,119 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
case $key in case $key in
-h|--help) -h|--help)
show_help show_help
;; ;;
-u|--user) -u|--user)
shift shift
MYUSERNAME="$1" MYUSERNAME="$1"
;; ;;
-l|--list) -l|--list)
shift shift
MAILINGLIST="$1" MAILINGLIST="$1"
;; ;;
-s|--subject) -s|--subject)
shift shift
SUBJECTTAG="$1" SUBJECTTAG="$1"
;; ;;
-e|--email) -e|--email)
shift shift
LIST_ADDRESS="$1" LIST_ADDRESS="$1"
;; ;;
-p|--public) -p|--public)
shift shift
PUBLIC="$1" PUBLIC="$1"
;; ;;
*) *)
# unknown option # unknown option
;; ;;
esac esac
shift shift
done done
if [ ! $MYUSERNAME ]; then if [ ! "$MYUSERNAME" ]; then
show_help show_help
fi fi
if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then
show_help show_help
fi fi
MUTTRC=/home/$MYUSERNAME/.muttrc MUTTRC="/home/$MYUSERNAME/.muttrc"
PM=/home/$MYUSERNAME/.procmailrc PM="/home/$MYUSERNAME/.procmailrc"
LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST"
if grep -q "=$MAILINGLIST" $MUTTRC; then if grep -q "=$MAILINGLIST" "$MUTTRC"; then
echo $"Mailing list $MAILINGLIST was already added" echo $"Mailing list $MAILINGLIST was already added"
fi fi
if [ ! -d "$LISTDIR" ]; then if [ ! -d "$LISTDIR" ]; then
mkdir -m 700 $LISTDIR mkdir -m 700 "$LISTDIR"
mkdir -m 700 $LISTDIR/tmp mkdir -m 700 "$LISTDIR/tmp"
mkdir -m 700 $LISTDIR/new mkdir -m 700 "$LISTDIR/new"
mkdir -m 700 $LISTDIR/cur mkdir -m 700 "$LISTDIR/cur"
fi fi
chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
if [ ${#SUBJECTTAG} -gt 0 ]; then if [ ${#SUBJECTTAG} -gt 0 ]; then
# use the subject tag # use the subject tag
if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then
if [[ $PUBLIC != "yes" ]]; then if [[ $PUBLIC != "yes" ]]; then
# private emails go after the encryption stage # private emails go after the encryption stage
filter=" { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
# Email rule for $MAILINGLIST subject [$SUBJECTTAG] echo ":0";
:0 echo " * ^Subject:.*()\\[$SUBJECTTAG\\]";
* ^Subject:.*()\[$SUBJECTTAG\] echo "$LISTDIR/new";
$LISTDIR/new echo "# End of rule";
# End of rule echo ""; } >> "$PM"
"
echo "$filter" >> $PM
else
# public emails are copied before hte encryption stage
if ! grep -q '# encrypt' $PM; then
filter="
# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
:0
* ^Subject:.*()\[$SUBJECTTAG\]
$LISTDIR/new
# End of rule
"
echo "$filter" >> $PM
else else
filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n") # public emails are copied before hte encryption stage
sed -i "/# encrypt/i ${filter}" $PM if ! grep -q '# encrypt' "$PM"; then
{ echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
echo ":0";
echo " * ^Subject:.*()\\[$SUBJECTTAG\\]";
echo "$LISTDIR/new";
echo "# End of rule";
echo ""; } >> "$PM"
else
sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
fi
fi fi
fi chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
chown $MYUSERNAME:$MYUSERNAME $PM
fi fi
else else
exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC) exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")"
fi fi
if [ ! -f "$MUTTRC" ]; then if [ ! -f "$MUTTRC" ]; then
cp /etc/Muttrc $MUTTRC cp /etc/Muttrc "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
PROCMAILLOG=/home/$MYUSERNAME/log PROCMAILLOG="/home/$MYUSERNAME/log"
if [ ! -d $PROCMAILLOG ]; then if [ ! -d "$PROCMAILLOG" ]; then
mkdir $PROCMAILLOG mkdir "$PROCMAILLOG"
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi fi
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then
if ! grep -q "=$MAILINGLIST" $MUTTRC; then if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC"
chown $MYUSERNAME:$MYUSERNAME $MUTTRC chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
fi fi
fi fi
if [ $LIST_ADDRESS ]; then if [ "$LIST_ADDRESS" ]; then
sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC"
if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then
echo "subscribe $LIST_ADDRESS" >> $MUTTRC echo "subscribe $LIST_ADDRESS" >> "$MUTTRC"
fi fi
fi fi

View File

@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
PROJECT_INSTALL_DIR=/usr/local/bin PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
PROJECT_INSTALL_DIR=/usr/bin PROJECT_INSTALL_DIR=/usr/bin
fi fi
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
# Start including files # Start including files
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
# End including files # End including files
@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed {
return return
fi fi
if [ -f $REMOVED_APPS_FILE ]; then if [ -f "$REMOVED_APPS_FILE" ]; then
rm $REMOVED_APPS_FILE rm "$REMOVED_APPS_FILE"
fi fi
app_index=0 app_index=0
for app_name in "${APPS_AVAILABLE[@]}" for app_name in "${APPS_AVAILABLE[@]}"
do do
if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then
echo "_${app_name}_" >> $REMOVED_APPS_FILE echo "_${app_name}_" >> "$REMOVED_APPS_FILE"
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
} }
@ -93,7 +93,7 @@ function app_expected_to_be_installed {
echo "0" echo "0"
return return
fi fi
if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
echo "0" echo "0"
return return
fi fi
@ -102,7 +102,7 @@ function app_expected_to_be_installed {
} }
function show_apps { function show_apps {
select_all_apps=$1 select_all_apps="$1"
applist="" applist=""
n=1 n=1
app_index=0 app_index=0
@ -117,19 +117,20 @@ function show_apps {
applist="$applist $n $a on" applist="$applist $n $a on"
fi fi
fi fi
n=$[n+1] n=$((n+1))
app_index=$[app_index+1] app_index=$((app_index+1))
done done
choices=$(dialog --stdout --backtitle $"Freedombone" \ choices=$(dialog --stdout --backtitle $"Freedombone" \
--title $"Add/Remove Applications" \ --title $"Add/Remove Applications" \
--checklist $'Choose:' \ --checklist $'Choose:' \
27 40 20 $applist) 27 40 20 "$applist")
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
for choice in $choices for choice in $choices
do do
app_index=$[choice-1] app_index=$((choice-1))
APPS_CHOSEN[$app_index]="1" APPS_CHOSEN[$app_index]="1"
done done
else else
@ -151,10 +152,10 @@ function remove_apps_selected {
else else
removals="${APPS_AVAILABLE[$app_index]}" removals="${APPS_AVAILABLE[$app_index]}"
fi fi
n=$[n+1] n=$((n+1))
fi fi
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
# if no apps to be removed then don't do anything # if no apps to be removed then don't do anything
@ -166,7 +167,7 @@ function remove_apps_selected {
dialog --title $"Remove applications" \ dialog --title $"Remove applications" \
--backtitle $"Freedombone" \ --backtitle $"Freedombone" \
--defaultno \ --defaultno \
--yesno $"\nYou have chosen to remove $n apps.\n\n $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60 --yesno $"\\nYou have chosen to remove $n apps.\\n\\n $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
@ -195,10 +196,10 @@ function install_apps_selected {
else else
installs="${APPS_AVAILABLE[$app_index]}" installs="${APPS_AVAILABLE[$app_index]}"
fi fi
n=$[n+1] n=$((n+1))
fi fi
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
# if no apps to be installed then don't do anything # if no apps to be installed then don't do anything
@ -212,13 +213,13 @@ function install_apps_selected {
dialog --title $"$installs" \ dialog --title $"$installs" \
--backtitle $"Freedombone" \ --backtitle $"Freedombone" \
--defaultno \ --defaultno \
--yesno $"\nThis will install the $installs app\n\nProceed?" 9 40 --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40
else else
dialog_height=$((15 + $n)) dialog_height=$((15 + "$n"))
dialog --title $"Add applications" \ dialog --title $"Add applications" \
--backtitle $"Freedombone" \ --backtitle $"Freedombone" \
--defaultno \ --defaultno \
--yesno $"\nYou have chosen to install $n apps\n\n $installs\n\nProceed?" $dialog_height 60 --yesno $"\\nYou have chosen to install $n apps\\n\\n $installs\\n\\nProceed?" $dialog_height 60
fi fi
sel=$? sel=$?
case $sel in case $sel in
@ -232,14 +233,13 @@ function install_apps_selected {
# install the apps # install the apps
read_configuration read_configuration
install_apps interactive install_apps interactive
if [ ! $APP_INSTALLED_SUCCESS ]; then if [ ! "$APP_INSTALLED_SUCCESS" ]; then
echo $'One or more apps failed to install' echo $'One or more apps failed to install'
fi fi
} }
if [[ $1 == "test"* ]]; then if [[ $1 == "test"* ]]; then
${PROJECT_NAME}-tests if ! ${PROJECT_NAME}-tests; then
if [ ! "$?" = "0" ]; then
exit 2 exit 2
fi fi
fi fi
@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then
exit 1 exit 1
fi fi
show_apps $1 show_apps "$1"
mark_unselected_apps_as_removed $1 mark_unselected_apps_as_removed "$1"
clear clear

View File

@ -34,18 +34,18 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-adduser export TEXTDOMAIN=${PROJECT_NAME}-adduser
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
ADD_USERNAME=$1 ADD_USERNAME=$1
@ -55,35 +55,35 @@ SSH_PORT=2222
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
if [ ! $ADD_USERNAME ]; then if [ ! "$ADD_USERNAME" ]; then
echo $'No username was given' echo $'No username was given'
exit 1 exit 1
fi fi
if [ -d /home/$ADD_USERNAME ]; then if [ -d "/home/$ADD_USERNAME" ]; then
echo $"The user $ADD_USERNAME already exists" echo $"The user $ADD_USERNAME already exists"
exit 2 exit 2
fi fi
if [ ! -f $COMPLETION_FILE ]; then if [ ! -f "$COMPLETION_FILE" ]; then
echo $"$COMPLETION_FILE not found" echo $"$COMPLETION_FILE not found"
userdel -r $ADD_USERNAME userdel -r "$ADD_USERNAME"
exit 3 exit 3
fi fi
# Minimum number of characters in a password # Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
chmod 600 /etc/shadow chmod 600 /etc/shadow
chmod 600 /etc/gshadow chmod 600 /etc/gshadow
useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
adduser $ADD_USERNAME sasl adduser "$ADD_USERNAME" sasl
groupadd $ADD_USERNAME groupadd "$ADD_USERNAME"
chmod 0000 /etc/shadow chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow chmod 0000 /etc/gshadow
if [ ! -d /home/$ADD_USERNAME ]; then if [ ! -d "/home/$ADD_USERNAME" ]; then
echo $'Home directory was not created' echo $'Home directory was not created'
exit 4 exit 4
fi fi
@ -91,15 +91,15 @@ fi
if [ "$SSH_PUBLIC_KEY" ]; then if [ "$SSH_PUBLIC_KEY" ]; then
if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
if [ -f "$SSH_PUBLIC_KEY" ]; then if [ -f "$SSH_PUBLIC_KEY" ]; then
mkdir /home/$ADD_USERNAME/.ssh mkdir "/home/$ADD_USERNAME/.ssh"
cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed' echo $'ssh public key installed'
else else
if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
mkdir /home/$ADD_USERNAME/.ssh mkdir "/home/$ADD_USERNAME/.ssh"
echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
echo $'ssh public key installed' echo $'ssh public key installed'
else else
echo $'The second parameter does not look like an ssh key' echo $'The second parameter does not look like an ssh key'
@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then
fi fi
fi fi
if [ -d /home/$ADD_USERNAME/Maildir ]; then if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
else else
echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
fi fi
USERN='$USER@' sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
fi fi
# generate a gpg key # generate a gpg key
echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME" echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
mkdir /home/$ADD_USERNAME/.gnupg mkdir "/home/$ADD_USERNAME/.gnupg"
echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf { echo "keyserver $GPG_KEYSERVER";
echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'keyserver-options auto-key-retrieve';
echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo '';
echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo '# default preferences';
echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'personal-digest-preferences SHA256';
echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'cert-digest-algo SHA256';
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
chmod 700 /home/$ADD_USERNAME/.gnupg chmod 700 "/home/$ADD_USERNAME/.gnupg"
chmod 600 /home/$ADD_USERNAME/.gnupg/* chmod 600 "/home/$ADD_USERNAME/.gnupg/*"
# Generate a GPG key # Generate a GPG key
echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf { echo 'Key-Type: eddsa';
echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf echo 'Key-Curve: Ed25519';
echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf echo 'Subkey-Type: eddsa';
echo "Name-Real: $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf echo "Name-Real: $ADD_USERNAME";
echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf echo 'Expire-Date: 0';
echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
shred -zu /home/$ADD_USERNAME/gpg-genkey.conf shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME") MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then
echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID" echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
userdel -r $ADD_USERNAME userdel -r "$ADD_USERNAME"
exit 7 exit 7
fi fi
gpg_agent_setup $ADD_USERNAME gpg_agent_setup "$ADD_USERNAME"
# add a monkeysphere subkey # add a monkeysphere subkey
#echo $'Adding monkeysphere subkey' #echo $'Adding monkeysphere subkey'
@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME
#echo $'Updating monkeysphere users' #echo $'Updating monkeysphere users'
#monkeysphere-authentication update-users #monkeysphere-authentication update-users
if [ -f /home/$ADD_USERNAME/.muttrc ]; then if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
# encrypt outgoing mail to the "sent" folder # encrypt outgoing mail to the "sent" folder
if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
echo '' >> /home/$ADD_USERNAME/.muttrc { echo '';
echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc echo $'# Encrypt items in the Sent folder';
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
else else
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
fi fi
if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
else else
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
fi fi
fi fi
if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then
echo '' >> /home/$ADD_USERNAME/README { echo '';
echo '' >> /home/$ADD_USERNAME/README echo '';
echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README echo $'# Change your GPG password';
echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README echo $"It's very important to add a password to your GPG key so that";
echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README echo $"if anyone does get access to your email they still won't be able";
echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README echo $'to read them without knowning the GPG password.';
echo $'You can change the it with:' >> /home/$ADD_USERNAME/README echo $'You can change the it with:';
echo '' >> /home/$ADD_USERNAME/README echo '';
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID";
echo ' passwd' >> /home/$ADD_USERNAME/README echo ' passwd';
echo ' save' >> /home/$ADD_USERNAME/README echo ' save';
echo ' quit' >> /home/$ADD_USERNAME/README echo ' quit'; } >> "/home/$ADD_USERNAME/README"
fi fi
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README"
chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY"
chmod 600 /home/$ADD_USERNAME/README chmod 600 "/home/$ADD_USERNAME/README"
echo $'Detecting installed apps...' echo $'Detecting installed apps...'
detect_apps detect_apps
get_apps_installed_names get_apps_installed_names
for app_name in "${APPS_INSTALLED_NAMES[@]}" for app_name in "${APPS_INSTALLED_NAMES[@]}"
do do
if [[ $(function_exists add_user_${app_name}) == "1" ]]; then if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
echo $"Adding user to ${app_name}" echo $"Adding user to ${app_name}"
app_load_variables ${app_name} app_load_variables "${app_name}"
retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1) retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
if [[ $retval != '0' ]]; then if [[ $retval != '0' ]]; then
echo $"Failed with error code ${retval}" echo $"Failed with error code ${retval}"
${PROJECT_NAME}-rmuser $ADD_USERNAME --force "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force
exit 672392 exit 672392
fi fi
if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
fi fi
fi fi
done done
if [ -f /etc/nginx/.htpasswd ]; then if [ -f /etc/nginx/.htpasswd ]; then
if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
fi fi
fi fi
# add user menu on ssh login # add user menu on ssh login
if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
echo 'controluser' >> /home/$ADD_USERNAME/.bashrc echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
fi fi
# fix some gpg strangeness when searching for keys # fix some gpg strangeness when searching for keys
printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
chmod +x /home/$ADD_USERNAME/.gnupg/crls.d chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
fi fi
${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD" "${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
gpg_agent_enable $ADD_USERNAME gpg_agent_enable "$ADD_USERNAME"
clear clear

View File

@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY
MY_USERNAME) MY_USERNAME)
function akaunting_remove_bad_links { function akaunting_remove_bad_links {
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658
# copy jquery locally # copy jquery locally
jquery_version='1.12.4' jquery_version='1.12.4'
if [ ! -f jquery-${jquery_version}.js ]; then if [ ! -f jquery-${jquery_version}.js ]; then
cd /var/www/$GHOST_DOMAIN_NAME/htdocs cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
wget https://code.jquery.com/jquery-${jquery_version}.js wget https://code.jquery.com/jquery-${jquery_version}.js
jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@ -74,7 +74,7 @@ function akaunting_remove_bad_links {
sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css
sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html
chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
} }
function logging_on_akaunting { function logging_on_akaunting {
@ -88,65 +88,66 @@ function logging_off_akaunting {
function remove_user_akaunting { function remove_user_akaunting {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting
} }
function add_user_akaunting { function add_user_akaunting {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password"
echo '0' echo '0'
} }
function install_interactive_akaunting { function install_interactive_akaunting {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
AKAUNTING_DOMAIN_NAME='akaunting.local' AKAUNTING_DOMAIN_NAME='akaunting.local'
else else
AKAUNTING_DETAILS_COMPLETE= AKAUNTING_DETAILS_COMPLETE=
while [ ! $AKAUNTING_DETAILS_COMPLETE ] while [ ! $AKAUNTING_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Akaunting Configuration" \ --title $"Akaunting Configuration" \
--form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Akaunting Configuration" \ --title $"Akaunting Configuration" \
--form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p) AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $AKAUNTING_DOMAIN_NAME ]; then if [ "$AKAUNTING_DOMAIN_NAME" ]; then
if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
AKAUNTING_DOMAIN_NAME="" AKAUNTING_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then
AKAUNTING_DOMAIN_NAME= AKAUNTING_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
AKAUNTING_CODE=$(cat $data | sed -n 2p) AKAUNTING_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$AKAUNTING_CODE" validate_freedns_code "$AKAUNTING_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
AKAUNTING_DOMAIN_NAME= AKAUNTING_DOMAIN_NAME=
fi fi
fi fi
@ -155,6 +156,7 @@ function install_interactive_akaunting {
if [ $AKAUNTING_DOMAIN_NAME ]; then if [ $AKAUNTING_DOMAIN_NAME ]; then
AKAUNTING_DETAILS_COMPLETE="yes" AKAUNTING_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE" write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE"
@ -169,23 +171,23 @@ function change_password_akaunting {
read_config_param 'AKAUNTING_DOMAIN_NAME' read_config_param 'AKAUNTING_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password"
} }
function akaunting_create_database { function akaunting_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_akaunting { function reconfigure_akaunting {
@ -198,70 +200,69 @@ function upgrade_akaunting {
return return
fi fi
if grep -q "akaunting domain" $COMPLETION_FILE; then if grep -q "akaunting domain" "$COMPLETION_FILE"; then
AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain") AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835
install_composer install_composer
akaunting_remove_bad_links akaunting_remove_bad_links
chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
} }
function backup_local_akaunting { function backup_local_akaunting {
akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
if [ -d $akaunting_path ]; then if [ -d "$akaunting_path" ]; then
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb akaunting backup_database_to_usb akaunting
backup_directory_to_usb $akaunting_path akaunting backup_directory_to_usb "$akaunting_path" akaunting
restart_site restart_site
fi fi
} }
function restore_local_akaunting { function restore_local_akaunting {
temp_restore_dir=/root/tempakaunting temp_restore_dir=/root/tempakaunting
akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check akaunting_create_database function_check akaunting_create_database
akaunting_create_database akaunting_create_database
restore_database akaunting ${AKAUNTING_DOMAIN_NAME} restore_database akaunting "${AKAUNTING_DOMAIN_NAME}"
chown www-data:www-data $akaunting_dir chown www-data:www-data "$akaunting_dir"
restart_site restart_site
} }
function backup_remote_akaunting { function backup_remote_akaunting {
akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
if [ -d $akaunting_path ]; then if [ -d "$akaunting_path" ]; then
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend akaunting backup_database_to_friend akaunting
backup_directory_to_friend $akaunting_path akaunting backup_directory_to_friend "$akaunting_path" akaunting
restart_site restart_site
fi fi
} }
function restore_remote_akaunting { function restore_remote_akaunting {
temp_restore_dir=/root/tempakaunting akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
suspend_site ${AKAUNTING_DOMAIN_NAME} suspend_site "${AKAUNTING_DOMAIN_NAME}"
function_check akaunting_create_database function_check akaunting_create_database
akaunting_create_database akaunting_create_database
restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME} restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}"
chown www-data:www-data $akaunting_dir chown www-data:www-data "$akaunting_dir"
restart_site restart_site
} }
@ -274,28 +275,28 @@ function remove_akaunting {
read_config_param "AKAUNTING_DOMAIN_NAME" read_config_param "AKAUNTING_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $AKAUNTING_DOMAIN_NAME" echo "Removing $AKAUNTING_DOMAIN_NAME"
nginx_dissite $AKAUNTING_DOMAIN_NAME nginx_dissite "$AKAUNTING_DOMAIN_NAME"
remove_certs $AKAUNTING_DOMAIN_NAME remove_certs "$AKAUNTING_DOMAIN_NAME"
if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
rm -rf /var/www/$AKAUNTING_DOMAIN_NAME rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database akaunting drop_database akaunting
function_check remove_onion_service function_check remove_onion_service
remove_onion_service akaunting ${AKAUNTING_ONION_PORT} remove_onion_service akaunting "${AKAUNTING_ONION_PORT}"
if grep -q "akaunting" /etc/crontab; then if grep -q "akaunting" /etc/crontab; then
sed -i "/akaunting/d" /etc/crontab sed -i "/akaunting/d" /etc/crontab
fi fi
remove_app akaunting remove_app akaunting
remove_completion_param install_akaunting remove_completion_param install_akaunting
sed -i '/akaunting/d' $COMPLETION_FILE sed -i '/akaunting/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $AKAUNTING_DOMAIN_NAME remove_ddns_domain "$AKAUNTING_DOMAIN_NAME"
} }
function install_akaunting { function install_akaunting {
@ -303,7 +304,7 @@ function install_akaunting {
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $AKAUNTING_DOMAIN_NAME ]; then if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then
echo $'No domain name was given for akaunting' echo $'No domain name was given for akaunting'
exit 89353 exit 89353
fi fi
@ -317,142 +318,142 @@ function install_akaunting {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
mkdir /var/www/$AKAUNTING_DOMAIN_NAME mkdir "/var/www/$AKAUNTING_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/akaunting ]; then if [ -d /repos/akaunting ]; then
mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone akaunting repo' echo $'Unable to clone akaunting repo'
exit 2589389 exit 2589389
fi fi
fi fi
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527
git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT"
set_completion_param "akaunting commit" "$AKAUNTING_COMMIT" set_completion_param "akaunting commit" "$AKAUNTING_COMMIT"
chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524
install_composer install_composer
function_check akaunting_create_database function_check akaunting_create_database
akaunting_create_database akaunting_create_database
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $AKAUNTING_DOMAIN_NAME add_ddns_domain "$AKAUNTING_DOMAIN_NAME"
AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT}) AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT})
akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php" nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php"
echo 'server {' >> $akaunting_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $akaunting_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $akaunting_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site echo " server_name $AKAUNTING_DOMAIN_NAME;";
echo '' >> $akaunting_nginx_site echo ''; } >> "$akaunting_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $AKAUNTING_DOMAIN_NAME nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> $akaunting_nginx_site echo '' >> "$akaunting_nginx_site"
echo ' # Security' >> $akaunting_nginx_site echo ' # Security' >> "$akaunting_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $AKAUNTING_DOMAIN_NAME nginx_ssl "$AKAUNTING_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $akaunting_nginx_site echo '';
echo ' access_log /dev/null;' >> $akaunting_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $akaunting_nginx_site echo ' error_log /dev/null;';
echo '' >> $akaunting_nginx_site echo '';
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
echo '' >> $akaunting_nginx_site echo '';
echo ' index index.php;' >> $akaunting_nginx_site echo ' index index.php;';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ \.php {' >> $akaunting_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location / {' >> $akaunting_nginx_site echo ' location / {'; } >> "$akaunting_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $AKAUNTING_DOMAIN_NAME '15m' nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site { echo " try_files \$uri \$uri/ @akaunting;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location @akaunting {' >> $akaunting_nginx_site echo ' location @akaunting {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $akaunting_nginx_site echo ' deny all;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo '}' >> $akaunting_nginx_site echo '}'; } >> "$akaunting_nginx_site"
else else
echo -n '' > $akaunting_nginx_site echo -n '' > "$akaunting_nginx_site"
fi fi
echo 'server {' >> $akaunting_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;";
echo " server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site echo " server_name $AKAUNTING_ONION_HOSTNAME;";
echo '' >> $akaunting_nginx_site echo ''; } >> "$akaunting_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $AKAUNTING_DOMAIN_NAME nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> $akaunting_nginx_site echo '' >> "$akaunting_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
echo '' >> $akaunting_nginx_site { echo '';
echo ' access_log /dev/null;' >> $akaunting_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $akaunting_nginx_site echo ' error_log /dev/null;';
echo '' >> $akaunting_nginx_site echo '';
echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
echo '' >> $akaunting_nginx_site echo '';
echo ' index index.php;' >> $akaunting_nginx_site echo ' index index.php;';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ \.php {' >> $akaunting_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location / {' >> $akaunting_nginx_site echo ' location / {'; } >> "$akaunting_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $AKAUNTING_DOMAIN_NAME '15m' nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site { echo " try_files \$uri \$uri/ @akaunting;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location @akaunting {' >> $akaunting_nginx_site echo ' location @akaunting {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '' >> $akaunting_nginx_site echo '';
echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $akaunting_nginx_site echo ' deny all;';
echo ' }' >> $akaunting_nginx_site echo ' }';
echo '}' >> $akaunting_nginx_site echo '}'; } >> "$akaunting_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes' create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes'
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $AKAUNTING_DOMAIN_NAME nginx_ensite "$AKAUNTING_DOMAIN_NAME"
akaunting_remove_bad_links akaunting_remove_bad_links
@ -460,7 +461,7 @@ function install_akaunting {
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME" set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME"

View File

@ -53,7 +53,7 @@ function install_interactive_batman {
} }
function configure_firewall_for_batman { function configure_firewall_for_batman {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
if [[ $ENABLE_BATMAN != "yes" ]]; then if [[ $ENABLE_BATMAN != "yes" ]]; then
@ -62,7 +62,7 @@ function configure_firewall_for_batman {
function_check save_firewall_settings function_check save_firewall_settings
save_firewall_settings save_firewall_settings
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function reconfigure_batman { function reconfigure_batman {
@ -90,8 +90,7 @@ function restore_remote_batman {
} }
function remove_batman { function remove_batman {
${PROJECT_NAME}-mesh-install -f batman --remove yes if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then
if [ ! "$?" = "0" ]; then
echo $'Failed to remove batman' echo $'Failed to remove batman'
exit 79353 exit 79353
fi fi
@ -100,45 +99,46 @@ function remove_batman {
} }
function mesh_install_batman { function mesh_install_batman {
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
chroot "$rootdir" apt-get -yq install wireless-tools rfkill chroot "$rootdir" apt-get -yq install wireless-tools rfkill
if ! grep -q "batman_adv" $rootdir/etc/modules; then if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
echo 'batman_adv' >> $rootdir/etc/modules echo 'batman_adv' >> "$rootdir/etc/modules"
fi fi
BATMAN_SCRIPT=$rootdir/var/lib/batman BATMAN_SCRIPT=$rootdir/var/lib/batman
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
else else
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
fi fi
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
echo '[Unit]' > $BATMAN_DAEMON { echo '[Unit]';
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON echo 'Description=B.A.T.M.A.N. Advanced';
echo 'After=network.target' >> $BATMAN_DAEMON echo 'After=network.target';
echo '' >> $BATMAN_DAEMON echo '';
echo '[Service]' >> $BATMAN_DAEMON echo '[Service]';
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON echo 'RemainAfterExit=yes';
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON echo "ExecStart=/var/lib/batman start";
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON echo "ExecStop=/var/lib/batman stop";
echo 'Restart=on-failure' >> $BATMAN_DAEMON echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON echo 'RestartForceExitStatus=3 4';
echo '' >> $BATMAN_DAEMON echo '';
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON echo '# Allow time for the server to start/stop';
echo 'TimeoutSec=300' >> $BATMAN_DAEMON echo 'TimeoutSec=300';
echo '' >> $BATMAN_DAEMON echo '';
echo '[Install]' >> $BATMAN_DAEMON echo '[Install]';
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
chroot "$rootdir" systemctl enable batman chroot "$rootdir" systemctl enable batman
} }
function install_batman { function install_batman {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_install_batman mesh_install_batman
return return
fi fi
@ -146,8 +146,7 @@ function install_batman {
return return
fi fi
${PROJECT_NAME}-mesh-install -f batman if ! "${PROJECT_NAME}-mesh-install" -f batman; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install batman' echo $'Failed to install batman'
exit 72524 exit 72524
fi fi

View File

@ -49,29 +49,29 @@ function bdsmail_configure_users {
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# Add the user to the i2p group # Add the user to the i2p group
usermod -a -G i2psvc $USERNAME usermod -a -G i2psvc "$USERNAME"
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
# Create a mutt i2p folder # Create a mutt i2p folder
if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc) MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc")
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc"
fi fi
# Create a mutt folder hook to the i2p config # Create a mutt folder hook to the i2p config
if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
echo 'folder-hook !i2p/* source ~/.muttrc' >> /home/$USERNAME/.muttrc echo 'folder-hook !i2p/* source ~/.muttrc' >> "/home/$USERNAME/.muttrc"
fi fi
if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc"
fi fi
fi fi
# Create a directory where i2p mail will be stored # Create a directory where i2p mail will be stored
if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then
mkdir -p /home/$USERNAME/Maildir/i2p/cur mkdir -p "/home/$USERNAME/Maildir/i2p/cur"
mkdir -p /home/$USERNAME/Maildir/i2p/new mkdir -p "/home/$USERNAME/Maildir/i2p/new"
chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p"
fi fi
fi fi
done done
@ -93,18 +93,18 @@ function add_user_bdsmail {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
if [ ! -d /home/$new_username/.mutt ]; then if [ ! -d "/home/$new_username/.mutt" ]; then
mkdir /home/$new_username/.mutt mkdir "/home/$new_username/.mutt"
cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt"
fi fi
read_config_param MY_USERNAME read_config_param MY_USERNAME
BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail) BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail)
sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail"
sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail"
bdsmail_configure_users bdsmail_configure_users
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 57247684234
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD"
chown -R $new_username:$new_username /home/$new_username/.mutt chown -R "$new_username":"$new_username" "/home/$new_username/.mutt"
echo '0' echo '0'
} }
@ -117,16 +117,16 @@ function change_password_bdsmail {
curr_username="$1" curr_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password"
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2468246
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
fi fi
done done
} }
@ -136,9 +136,9 @@ function bdsmail_update_domain {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail"
sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
fi fi
done done
} }
@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation {
sleep 30 sleep 30
bds_domain=$(bdsmail_domain) bds_domain=$(bdsmail_domain)
sleep_ctr=$((sleep_ctr + 1)) sleep_ctr=$((sleep_ctr + 1))
if [ $sleep_ctr -gt 100 ]; then if [ "$sleep_ctr" -gt 100 ]; then
break break
fi fi
done done
@ -178,9 +178,9 @@ function upgrade_bdsmail {
fi fi
# update to the next commit # update to the next commit
set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO"
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2457245
make GOROOT=/home/go/go${GO_VERSION} make GOROOT="/home/go/go${GO_VERSION}"
chown -R i2psvc:i2psvc $BDSMAIL_DIR chown -R i2psvc:i2psvc $BDSMAIL_DIR
systemctl restart bdsmail systemctl restart bdsmail
@ -210,7 +210,7 @@ function restore_local_bdsmail {
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir bdsmail restore_directory_from_usb $temp_restore_dir bdsmail
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$bdsmail_dir ]; then if [ -d $temp_restore_dir$bdsmail_dir ]; then
cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
else else
if [ ! -d $bdsmail_dir ]; then if [ ! -d $bdsmail_dir ]; then
@ -246,7 +246,7 @@ function restore_remote_bdsmail {
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir bdsmail restore_directory_from_friend $temp_restore_dir bdsmail
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$bdsmail_dir ]; then if [ -d $temp_restore_dir$bdsmail_dir ]; then
cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
else else
if [ ! -d $bdsmail_dir ]; then if [ ! -d $bdsmail_dir ]; then
@ -272,33 +272,33 @@ function remove_bdsmail {
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# remove the user from the i2p group # remove the user from the i2p group
deluser $USERNAME i2psvc deluser "$USERNAME" i2psvc
# Remove mutt folder hook to the i2p config # Remove mutt folder hook to the i2p config
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc"
fi fi
if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc"
fi fi
fi fi
# Remove folder # Remove folder
if grep -q ' =i2p' /home/$USERNAME/.muttrc; then if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
sed -i 's| =i2p||g' /home/$USERNAME/.muttrc sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc"
fi fi
# NOTE: leave Maildir/i2p/cur. We might want to archive that # NOTE: leave Maildir/i2p/cur. We might want to archive that
# or just be reinstalling the system without losing mail # or just be reinstalling the system without losing mail
rm -rf /home/$USERNAME/Maildir/i2p/new rm -rf "/home/$USERNAME/Maildir/i2p/new"
fi fi
done done
remove_i2p remove_i2p
remove_app bdsmail remove_app bdsmail
remove_completion_param install_bdsmail remove_completion_param install_bdsmail
sed -i '/bdsmail/d' $COMPLETION_FILE sed -i '/bdsmail/d' "$COMPLETION_FILE"
rm -rf /etc/skel/.mutt rm -rf /etc/skel/.mutt
if [ -d $BDSMAIL_DIR ]; then if [ -d $BDSMAIL_DIR ]; then
rm -rf $BDSMAIL_DIR rm -rf $BDSMAIL_DIR
@ -319,10 +319,10 @@ function install_bdsmail {
if [ -d /repos/bdsmail ]; then if [ -d /repos/bdsmail ]; then
mkdir $BDSMAIL_DIR mkdir $BDSMAIL_DIR
cp -r -p /repos/bdsmail/. $BDSMAIL_DIR cp -r -p /repos/bdsmail/. $BDSMAIL_DIR
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 24687246
git pull git pull
else else
git_clone $BDSMAIL_REPO $BDSMAIL_DIR git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
fi fi
if [ ! -d $BDSMAIL_DIR ]; then if [ ! -d $BDSMAIL_DIR ]; then
@ -330,14 +330,14 @@ function install_bdsmail {
exit 5735735 exit 5735735
fi fi
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2468246
git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT" set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
mkdir -p $BDSMAIL_DIR/Maildir/i2p mkdir -p $BDSMAIL_DIR/Maildir/i2p
chmod -R 700 $BDSMAIL_DIR/Maildir chmod -R 700 $BDSMAIL_DIR/Maildir
make GOROOT=/home/go/go${GO_VERSION} make GOROOT="/home/go/go${GO_VERSION}"
if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then
echo $'Unable to make bdsmail' echo $'Unable to make bdsmail'
exit 87923567842 exit 87923567842
@ -347,72 +347,72 @@ function install_bdsmail {
i2p_enable_sam i2p_enable_sam
# create configuration file # create configuration file
$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
echo '[maild]' > $BDSMAIL_DIR/config.ini { echo '[maild]':
echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT";
echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini echo 'i2pkeyfile = bdsmail-privkey.dat';
echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT";
echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini echo "bindweb = 127.0.0.1:$I2P_WEB_PORT";
echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT";
echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini echo 'domain = localhost';
echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini echo 'maildir = Maildir/i2p';
echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini echo 'database = localhost.sqlite';
echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini
echo '[Unit]' > /etc/systemd/system/bdsmail.service { echo '[Unit]';
echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service echo 'Description=bdsmail';
echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/bdsmail.service echo 'After=network.target';
echo '' >> /etc/systemd/system/bdsmail.service echo '';
echo '[Service]' >> /etc/systemd/system/bdsmail.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/bdsmail.service echo 'Type=simple';
echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service echo 'User=i2psvc';
echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service echo 'Group=i2psvc';
echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service echo "WorkingDirectory=$BDSMAIL_DIR";
echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini";
echo 'Restart=always' >> /etc/systemd/system/bdsmail.service echo 'Restart=always';
echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service echo 'Environment="USER=i2psvc"';
echo '' >> /etc/systemd/system/bdsmail.service echo '';
echo '[Install]' >> /etc/systemd/system/bdsmail.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service
echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address { echo '#!/usr/bin/env python2';
echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address echo 'import base64, hashlib, sys';
echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address echo 'with open(sys.argv[1]) as f:';
echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address
chmod +x $BDSMAIL_DIR/get_address chmod +x $BDSMAIL_DIR/get_address
chown -R i2psvc:i2psvc $BDSMAIL_DIR chown -R i2psvc:i2psvc $BDSMAIL_DIR
systemctl enable bdsmail systemctl enable bdsmail
systemctl start bdsmail systemctl start bdsmail
echo '#!/bin/bash' > /usr/bin/bdsmail_distribute { echo '#!/bin/bash';
echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute echo "BDSMAIL_DIR=$BDSMAIL_DIR";
echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')";
echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then";
echo ' exit 0' >> /usr/bin/bdsmail_distribute echo ' exit 0';
echo 'fi' >> /usr/bin/bdsmail_distribute echo 'fi';
echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute echo "for filename in \$MAIL_DIR/postmaster/new/*; do";
echo ' to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute echo " to_line=\$(cat \$filename | grep \"To: \" | head -n 1)";
echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')";
echo ' if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute echo " if [ -d /home/\$to_username/Maildir/i2p/new ]; then";
echo ' chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute echo " chown \$to_username:\$to_username \$filename";
echo ' chmod 600 $filename' >> /usr/bin/bdsmail_distribute echo " chmod 600 \$filename";
echo ' mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute echo " mv \$filename /home/\$to_username/Maildir/i2p/new";
echo ' fi' >> /usr/bin/bdsmail_distribute echo ' fi';
echo 'done' >> /usr/bin/bdsmail_distribute echo 'done'; } > /usr/bin/bdsmail_distribute
chmod +x /usr/bin/bdsmail_distribute chmod +x /usr/bin/bdsmail_distribute
if ! grep -q 'bdsmail_distribute' /etc/crontab; then if ! grep -q 'bdsmail_distribute' /etc/crontab; then
cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null' cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null'
fi fi
echo '#!/bin/bash' > /usr/bin/bdsmail_domain { echo '#!/bin/bash';
echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain echo "cd $BDSMAIL_DIR";
echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain echo 'if [ ! -f bdsmail-privkey.dat ]; then';
echo ' exit 1' >> /usr/bin/bdsmail_domain echo ' exit 1';
echo 'fi' >> /usr/bin/bdsmail_domain echo 'fi';
echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain
chmod +x /usr/bin/bdsmail_domain chmod +x /usr/bin/bdsmail_domain
echo '' echo ''
@ -422,7 +422,7 @@ function install_bdsmail {
bdsmail_wait_for_key_generation bdsmail_wait_for_key_generation
if [ ! $bds_domain ]; then if [ ! "$bds_domain" ]; then
systemctl stop bdsmail systemctl stop bdsmail
systemctl disable bdsmail systemctl disable bdsmail
remove_i2p remove_i2p
@ -430,38 +430,38 @@ function install_bdsmail {
exit 8934638 exit 8934638
fi fi
BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD"
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2346872427
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD"
# Create mutt configuration # Create mutt configuration
if [ ! -d /etc/skel/.mutt ]; then if [ ! -d /etc/skel/.mutt ]; then
mkdir /etc/skel/.mutt mkdir /etc/skel/.mutt
fi fi
echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail { echo 'set mbox_type=Maildir';
echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/";
echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail echo 'set use_from=yes';
echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail echo "set from=username@${bds_domain}";
echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail echo "set spoolfile=~/Maildir/i2p";
echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_autoencrypt=no';
echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_replyencrypt=no';
echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_autosign=no';
echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail
# mutt configuration for the admin user # mutt configuration for the admin user
if [ ! -d /home/$MY_USERNAME/.mutt ]; then if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
mkdir /home/$MY_USERNAME/.mutt mkdir "/home/$MY_USERNAME/.mutt"
fi fi
cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt"
sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail"
sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
bdsmail_configure_users bdsmail_configure_users
cd $BDSMAIL_DIR cd $BDSMAIL_DIR || exit 2457245
$BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD" $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD"
APP_INSTALLED=1 APP_INSTALLED=1
} }

View File

@ -101,7 +101,7 @@ function upgrade_cryptpad {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 254724
cryptpad_create_config cryptpad_create_config
npm upgrade npm upgrade
npm install npm install
@ -156,7 +156,7 @@ function restore_local_cryptpad {
} }
function backup_remote_cryptpad { function backup_remote_cryptpad {
if grep -q "cryptpad domain" $COMPLETION_FILE; then if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
temp_backup_dir=$CRYPTPAD_DIR/datastore temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad systemctl stop cryptpad
@ -226,7 +226,7 @@ function remove_cryptpad {
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT} remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad remove_app cryptpad
remove_completion_param install_cryptpad remove_completion_param install_cryptpad
sed -i '/cryptpad/d' $COMPLETION_FILE sed -i '/cryptpad/d' "$COMPLETION_FILE"
userdel -r cryptpad userdel -r cryptpad
} }
@ -236,123 +236,124 @@ function cryptpad_create_config {
cryptpad_prefix= cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then if [[ "$cryptpad_install_type" == "mesh" ]]; then
cryptpad_prefix=$rootdir # shellcheck disable=SC2154
cryptpad_prefix="$rootdir"
fi fi
echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js { echo '/*@flow*/';
echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '/*';
echo ' globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' globals module';
echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo 'module.exports = {';
echo " httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " httpAddress: '::',";
echo ' httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "Access-Control-Allow-Origin": "*"';
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' },';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' contentSecurity: [';
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"font-src 'self' data:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "child-src blob: *",';
echo ' "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "frame-src blob: *",';
echo ' "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "media-src * blob:",';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"img-src 'self' data: blob:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "frame-ancestors *",';
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " ].join('; '),";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' padContentSecurity: [';
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"font-src 'self'\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "child-src *",';
echo ' "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "frame-src *",';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' "img-src * blob:",';
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " ].join('; '),";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " httpPort: ${CRYPTPAD_PORT},";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo " websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " websocketPath: '/cryptpad_websocket',";
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' logToStdout: false,';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' verbose: false,';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' mainPages: [';
echo " 'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " 'index'";
echo ' ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' ],';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo ' removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname) CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
fi fi
echo ' defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js { echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' customLimits: {';
echo ' customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' },';
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' adminEmail: false,';
echo ' adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " storage: './storage/file',";
echo " storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '';
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " filePath: './datastore/',";
echo " filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " pinPath: './pins',";
echo " pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " blobPath: './blob',";
echo " blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " blobStagingPath: './blobstage',";
echo " blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' channelExpirationMs: 30000,';
echo ' channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' openFileLimit: 1024,';
echo ' openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo " rpc: './rpc.js',";
echo " rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' suppressRPCErrors: false,';
echo ' suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' enableUploads: true,';
echo ' enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' //restrictUploads: false,';
echo ' //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' //logFeedback: true,';
echo ' //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo ' //logRPC: true,';
echo ' //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
if [[ "$cryptpad_install_type" != "mesh" ]]; then if [[ "$cryptpad_install_type" != "mesh" ]]; then
chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi fi
} }
function mesh_install_cryptpad { function mesh_install_cryptpad {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then # shellcheck disable=SC2153
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
return return
fi fi
if [ ! -d $rootdir/var/www/cryptpad ]; then if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir $rootdir/var/www/cryptpad mkdir "$rootdir/var/www/cryptpad"
fi fi
if [ -d $rootdir$CRYPTPAD_DIR ]; then if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf $rootdir$CRYPTPAD_DIR rm -rf "$rootdir$CRYPTPAD_DIR"
fi fi
git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
if [ ! -d $rootdir$CRYPTPAD_DIR ]; then if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
echo $'Unable to clone cryptpad repo' echo $'Unable to clone cryptpad repo'
exit 783251 exit 783251
fi fi
@ -360,94 +361,94 @@ function mesh_install_cryptpad {
# an unprivileged user to run as # an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd $rootdir$CRYPTPAD_DIR cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site { echo 'server {';
echo " listen 80 default_server;" >> $cryptpad_nginx_site echo " listen 80 default_server;";
echo " server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site echo " server_name P${PEER_ID}.local;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Logs' >> $cryptpad_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $cryptpad_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $cryptpad_nginx_site echo ' error_log /dev/null;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Root' >> $cryptpad_nginx_site echo ' # Root';
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site echo " root $CRYPTPAD_DIR;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' index index.html;' >> $cryptpad_nginx_site echo ' index index.html;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site echo ' proxy_set_header Connection upgrade;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize/ {';
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location = /api/config {' >> $cryptpad_nginx_site echo ' location = /api/config {';
echo ' default_type text/javascript;' >> $cryptpad_nginx_site echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site echo ' location ^~ /blob/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site echo ' location ^~ /register/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site echo ' location ^~ /login/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site echo ' location ^~ /about.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site echo ' location ^~ /contact.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site echo ' location ^~ /what-is-cryptpad.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}' >> $cryptpad_nginx_site echo '}'; } > "$cryptpad_nginx_site"
cd $rootdir$CRYPTPAD_DIR cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
get_npm_arch get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_cryptpad cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
#!/bin/bash #!/bin/bash
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR
npm install --arch=$NPM_ARCH --build-from-source npm install --arch=$NPM_ARCH --build-from-source
@ -456,37 +457,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad su -c 'bower install' - cryptpad
cp config.example.js config.js cp config.example.js config.js
EOF EOF
chmod +x $rootdir/usr/bin/install_cryptpad chmod +x "$rootdir/usr/bin/install_cryptpad"
chroot "$rootdir" /usr/bin/install_cryptpad chroot "$rootdir" /usr/bin/install_cryptpad
if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
echo $'Cryptpad config file not found' echo $'Cryptpad config file not found'
exit 628252 exit 628252
fi fi
rm $rootdir/usr/bin/install_cryptpad rm "$rootdir/usr/bin/install_cryptpad"
cryptpad_create_config mesh cryptpad_create_config mesh
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon # daemon
echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service { echo '[Unit]';
echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Description=Cryptpad';
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service echo 'After=syslog.target';
echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service echo 'After=network.target';
echo '' >> $rootdir/etc/systemd/system/cryptpad.service echo '';
echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service echo '[Service]';
echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service echo 'User=cryptpad';
echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service echo 'Restart=on-failure';
echo '' >> $rootdir/etc/systemd/system/cryptpad.service echo '';
echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service chroot "$rootdir" systemctl enable cryptpad.service
} }
@ -505,7 +506,7 @@ function install_cryptpad_main {
if [ -d /repos/cryptpad ]; then if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR mkdir $CRYPTPAD_DIR
cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 3468356385
git pull git pull
else else
function_check git_clone function_check git_clone
@ -520,7 +521,7 @@ function install_cryptpad_main {
# an unprivileged user to run as # an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad useradd -d $CRYPTPAD_DIR/ cryptpad
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 34683655
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT" set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
@ -529,87 +530,87 @@ function install_cryptpad_main {
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT}) CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Logs' >> $cryptpad_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $cryptpad_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $cryptpad_nginx_site echo ' error_log /dev/null;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' # Root' >> $cryptpad_nginx_site echo ' # Root';
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site echo " root $CRYPTPAD_DIR;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' index index.html;' >> $cryptpad_nginx_site echo ' index index.html;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' if ($args ~ ver=) {' >> $cryptpad_nginx_site echo " if (\$args ~ ver=) {";
echo ' set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site echo " set \$cacheControl max-age=31536000;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site echo " add_header Cache-Control \$cacheControl;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '' >> $cryptpad_nginx_site echo '';
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $cryptpad_nginx_site echo '';
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site echo ' proxy_set_header Connection upgrade;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site echo ' location ^~ /customize/ {';
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo ' location = /api/config {' >> $cryptpad_nginx_site echo ' location = /api/config {';
echo ' default_type text/javascript;' >> $cryptpad_nginx_site echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site echo ' location ^~ /blob/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site echo ' location ^~ /register/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site echo ' location ^~ /login/ {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site echo ' location ^~ /about.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site echo ' location ^~ /contact.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site echo ' location ^~ /what-is-cryptpad.html {';
echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo " try_files \$uri =404;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }' >> $cryptpad_nginx_site echo ' }';
echo '' >> $cryptpad_nginx_site echo '';
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}' >> $cryptpad_nginx_site echo '}'; } > $cryptpad_nginx_site
function_check nginx_ensite function_check nginx_ensite
nginx_ensite cryptpad nginx_ensite cryptpad
@ -623,7 +624,7 @@ function install_cryptpad {
install_cryptpad_main install_cryptpad_main
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 35483548
npm install npm install
npm install -g bower@1.8.0 npm install -g bower@1.8.0
@ -639,22 +640,22 @@ function install_cryptpad {
chown -R cryptpad:cryptpad $CRYPTPAD_DIR chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon # daemon
echo '[Unit]' > /etc/systemd/system/cryptpad.service { echo '[Unit]';
echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service echo 'Description=Cryptpad';
echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/cryptpad.service echo 'After=network.target';
echo '' >> /etc/systemd/system/cryptpad.service echo '';
echo '[Service]' >> /etc/systemd/system/cryptpad.service echo '[Service]';
echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service echo 'User=cryptpad';
echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service echo 'Restart=on-failure';
echo '' >> /etc/systemd/system/cryptpad.service echo '';
echo '[Install]' >> /etc/systemd/system/cryptpad.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service systemctl enable cryptpad.service
systemctl daemon-reload systemctl daemon-reload
systemctl start cryptpad.service systemctl start cryptpad.service
@ -664,7 +665,7 @@ function install_cryptpad {
cryptpad_generate_api_config cryptpad_generate_api_config
# install again # install again
cd $CRYPTPAD_DIR cd $CRYPTPAD_DIR || exit 73537453
su -c 'bower install' - cryptpad su -c 'bower install' - cryptpad
systemctl restart nginx systemctl restart nginx

View File

@ -49,24 +49,27 @@ function logging_off_dlna {
function configure_interactive_dlna { function configure_interactive_dlna {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Media Menu" \ --title $"Media Menu" \
--radiolist $"Choose an operation:" 13 70 3 \ --radiolist $"Choose an operation:" 13 70 3 \
1 $"Attach a drive containing playable media" off \ 1 $"Attach a drive containing playable media" off \
2 $"Remove a drive containing playable media" off \ 2 $"Remove a drive containing playable media" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) attach-music;; 1) attach-music;;
2) remove-music;; 2) remove-music;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -84,7 +87,7 @@ function upgrade_dlna {
} }
function configure_firewall_for_dlna { function configure_firewall_for_dlna {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -95,23 +98,23 @@ function configure_firewall_for_dlna {
firewall_add DLNA 1900 udp firewall_add DLNA 1900 udp
firewall_add DLNA 8200 tcp firewall_add DLNA 8200 tcp
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/dlna.service { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/dlna.service echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>' >> /etc/avahi/services/dlna.service echo '<service-group>';
echo ' <name replace-wildcards="yes">%h DLNA</name>' >> /etc/avahi/services/dlna.service echo ' <name replace-wildcards="yes">%h DLNA</name>';
echo ' <service>' >> /etc/avahi/services/dlna.service echo ' <service>';
echo ' <type>_dlna._tcp</type>' >> /etc/avahi/services/dlna.service echo ' <type>_dlna._tcp</type>';
echo " <port>8200</port>" >> /etc/avahi/services/dlna.service echo " <port>8200</port>";
echo ' </service>' >> /etc/avahi/services/dlna.service echo ' </service>';
echo ' <service>' >> /etc/avahi/services/dlna.service echo ' <service>';
echo ' <type>_dlna._udp</type>' >> /etc/avahi/services/dlna.service echo ' <type>_dlna._udp</type>';
echo " <port>1900</port>" >> /etc/avahi/services/dlna.service echo " <port>1900</port>";
echo ' </service>' >> /etc/avahi/services/dlna.service echo ' </service>';
echo '</service-group>' >> /etc/avahi/services/dlna.service echo '</service-group>'; } > /etc/avahi/services/dlna.service
systemctl restart avahi-daemon systemctl restart avahi-daemon
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function backup_local_dlna { function backup_local_dlna {
@ -125,7 +128,7 @@ function backup_local_dlna {
function restore_local_dlna { function restore_local_dlna {
if [ -d /var/cache/minidlna ]; then if [ -d /var/cache/minidlna ]; then
if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then
echo $"Restoring DLNA cache" echo $"Restoring DLNA cache"
temp_restore_dir=/root/tempdlna temp_restore_dir=/root/tempdlna
function_check restore_directory_from_usb function_check restore_directory_from_usb
@ -135,6 +138,7 @@ function restore_local_dlna {
else else
cp -r $temp_restore_dir/* /var/cache/minidlna/ cp -r $temp_restore_dir/* /var/cache/minidlna/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -156,7 +160,7 @@ function backup_remote_dlna {
function restore_remote_dlna { function restore_remote_dlna {
if [ -d /var/cache/minidlna ]; then if [ -d /var/cache/minidlna ]; then
if [ -d $SERVER_DIRECTORY/backup/dlna ]; then if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then
temp_restore_dir=/root/tempdlna temp_restore_dir=/root/tempdlna
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir dlna restore_directory_from_friend $temp_restore_dir dlna
@ -165,6 +169,7 @@ function restore_remote_dlna {
else else
cp -r $temp_restore_dir/* /var/cache/minidlna/ cp -r $temp_restore_dir/* /var/cache/minidlna/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 982 exit 982
fi fi
@ -201,7 +206,7 @@ function install_dlna_main {
exit 55 exit 55
fi fi
if [ ! $USB_MOUNT_DLNA ]; then if [ ! "$USB_MOUNT_DLNA" ]; then
USB_MOUNT_DLNA=/mnt/dlna USB_MOUNT_DLNA=/mnt/dlna
fi fi
if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then
@ -242,7 +247,7 @@ function install_dlna_main {
systemctl reload minidlna systemctl reload minidlna
sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
if ! grep -q "max_user_watches" $COMPLETION_FILE; then if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then
echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
fi fi
/sbin/sysctl -p -q /sbin/sysctl -p -q
@ -253,43 +258,43 @@ function install_dlna_main {
} }
function script_for_attaching_usb_drive { function script_for_attaching_usb_drive {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
echo '#!/bin/bash' > /usr/bin/attach-music { echo '#!/bin/bash';
echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music echo "source /usr/local/bin/${PROJECT_NAME}-vars";
echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*";
echo '' >> /usr/bin/attach-music echo '';
echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music echo "for f in \$UTILS_FILES";
echo 'do' >> /usr/bin/attach-music echo 'do';
echo ' source $f' >> /usr/bin/attach-music echo " source \$f";
echo 'done' >> /usr/bin/attach-music echo 'done';
echo '' >> /usr/bin/attach-music echo '';
echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music echo 'USB_DRIVE=/dev/sda1';
echo 'detect_usb_drive' >> /usr/bin/attach-music echo 'detect_usb_drive';
echo '' >> /usr/bin/attach-music echo '';
echo 'remove-music' >> /usr/bin/attach-music echo 'remove-music';
echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music echo "if [ ! -d $USB_MOUNT_DLNA ]; then";
echo " mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music echo " mkdir $USB_MOUNT_DLNA";
echo 'fi' >> /usr/bin/attach-music echo 'fi';
echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music echo -n "mount \$USB_DRIVE ";
echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music echo "$USB_MOUNT_DLNA";
echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music echo "chown root:root $USB_MOUNT_DLNA";
echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*";
echo 'systemctl restart minidlna' >> /usr/bin/attach-music echo 'systemctl restart minidlna';
echo 'minidlnad -R' >> /usr/bin/attach-music echo 'minidlnad -R';
echo 'exit 0' >> /usr/bin/attach-music echo 'exit 0'; } > /usr/bin/attach-music
chmod +x /usr/bin/attach-music chmod +x /usr/bin/attach-music
echo '#!/bin/bash' > /usr/bin/remove-music { echo '#!/bin/bash';
echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music echo "if [ -d $USB_MOUNT_DLNA ]; then";
echo " umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music echo " umount $USB_MOUNT_DLNA";
echo " rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music echo " rm -rf $USB_MOUNT_DLNA";
echo 'fi' >> /usr/bin/remove-music echo 'fi';
echo 'exit 0' >> /usr/bin/remove-music echo 'exit 0'; } > /usr/bin/remove-music
chmod +x /usr/bin/remove-music chmod +x /usr/bin/remove-music
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function install_dlna { function install_dlna {

View File

@ -75,18 +75,18 @@ function change_password_dokuwiki {
new_user_password="$2" new_user_password="$2"
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1) existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
if [[ "$existing_user" == *":admin,"* ]]; then if [[ "$existing_user" == *":admin,"* ]]; then
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
else else
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
fi fi
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password"
fi fi
} }
@ -96,21 +96,21 @@ function add_user_dokuwiki {
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password"
} }
function remove_user_dokuwiki { function remove_user_dokuwiki {
remove_username="$1" remove_username="$1"
read_config_param "DOKUWIKI_DOMAIN_NAME" read_config_param "DOKUWIKI_DOMAIN_NAME"
if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki
fi fi
} }
@ -120,7 +120,7 @@ function reconfigure_dokuwiki {
function upgrade_dokuwiki { function upgrade_dokuwiki {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
} }
function backup_local_dokuwiki { function backup_local_dokuwiki {
@ -129,18 +129,18 @@ function backup_local_dokuwiki {
function_check backup_directory_to_usb function_check backup_directory_to_usb
# backup the data # backup the data
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=dokuwikidat dest_directory=dokuwikidat
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
fi fi
# backup the users # backup the users
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=dokuwikiacl dest_directory=dokuwikiacl
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
fi fi
} }
@ -153,11 +153,12 @@ function restore_local_dokuwiki {
temp_restore_dir=/root/tempdokuwikidat temp_restore_dir=/root/tempdokuwikidat
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikidat restore_directory_from_usb ${temp_restore_dir} dokuwikidat
if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then
cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
else else
cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb function_check restore_directory_from_usb
set_user_permissions set_user_permissions
@ -172,13 +173,14 @@ function restore_local_dokuwiki {
temp_restore_dir=/root/tempdokuwikiacl temp_restore_dir=/root/tempdokuwikiacl
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikiacl restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
else else
cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb function_check restore_directory_from_usb
set_user_permissions set_user_permissions
@ -189,21 +191,21 @@ function restore_local_dokuwiki {
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
echo $"Restore of Dokuwiki complete" echo $"Restore of Dokuwiki complete"
} }
function backup_remote_dokuwiki { function backup_remote_dokuwiki {
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then
echo $"Backing up dokuwiki" echo $"Backing up dokuwiki"
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl
fi fi
} }
@ -212,15 +214,16 @@ function restore_remote_dokuwiki {
function_check get_completion_param function_check get_completion_param
function_check restore_directory_from_friend function_check restore_directory_from_friend
if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then
echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME" echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
temp_restore_dir=/root/tempdokuwikidat temp_restore_dir=/root/tempdokuwikidat
restore_directory_from_friend $temp_restore_dir dokuwikidat restore_directory_from_friend $temp_restore_dir dokuwikidat
if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then
cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
else else
cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 92634 exit 92634
fi fi
@ -229,15 +232,16 @@ function restore_remote_dokuwiki {
echo $"Restore of Dokuwiki data complete" echo $"Restore of Dokuwiki data complete"
fi fi
if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then
echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME" echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
temp_restore_dir=/root/tempdokuwikiacl temp_restore_dir=/root/tempdokuwikiacl
restore_directory_from_friend $temp_restore_dir dokuwikiacl restore_directory_from_friend $temp_restore_dir dokuwikiacl
if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then
cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
else else
cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 735287 exit 735287
fi fi
@ -246,11 +250,11 @@ function restore_remote_dokuwiki {
echo $"Restore of Dokuwiki users complete" echo $"Restore of Dokuwiki users complete"
fi fi
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib"
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
} }
function remove_dokuwiki { function remove_dokuwiki {
@ -259,13 +263,13 @@ function remove_dokuwiki {
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT} remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}
nginx_dissite $DOKUWIKI_DOMAIN_NAME nginx_dissite "$DOKUWIKI_DOMAIN_NAME"
remove_certs $DOKUWIKI_DOMAIN_NAME remove_certs "$DOKUWIKI_DOMAIN_NAME"
if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME"
fi fi
if [ -d /var/lib/dokuwiki ]; then if [ -d /var/lib/dokuwiki ]; then
rm -rf /var/lib/dokuwiki rm -rf /var/lib/dokuwiki
@ -278,14 +282,14 @@ function remove_dokuwiki {
fi fi
remove_completion_param "install_dokuwiki" remove_completion_param "install_dokuwiki"
remove_completion_param "dokuwiki domain" remove_completion_param "dokuwiki domain"
sed -i '/dokuwiki/d' $COMPLETION_FILE sed -i '/dokuwiki/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $DOKUWIKI_DOMAIN_NAME remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
} }
function install_dokuwiki { function install_dokuwiki {
if [ ! $DOKUWIKI_DOMAIN_NAME ]; then if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then
return return
fi fi
@ -293,25 +297,25 @@ function install_dokuwiki {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME"
fi fi
if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then
cd /var/www/$DOKUWIKI_DOMAIN_NAME cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824
if [ -d /repos/dokuwiki ]; then if [ -d /repos/dokuwiki ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
fi fi
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832
git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT"
set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT" set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
fi fi
@ -322,40 +326,40 @@ function install_dokuwiki {
echo $'Removed Apache installation after Dokuwiki install' echo $'Removed Apache installation after Dokuwiki install'
fi fi
echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php { echo '<?php';
echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['title'] = '${DOKUWIKI_TITLE}';";
echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['lang'] = 'en';";
echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['license'] = 'cc-by-sa';";
echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['useacl'] = 1;";
echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['superuser'] = '@admin';";
echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php echo "\$conf['disableactions'] = 'register';"; } > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php"
chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then
DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'ogv video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf echo 'ogv video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi fi
if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'mp4 video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf echo 'mp4 video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi fi
if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
echo 'webm video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf echo 'webm video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
fi fi
DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT}) DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@ -363,178 +367,178 @@ function install_dokuwiki {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $DOKUWIKI_DOMAIN_NAME nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
echo " server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " server_name $DOKUWIKI_DOMAIN_NAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $DOKUWIKI_DOMAIN_NAME nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
else else
echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
fi fi
echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;";
echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
echo " server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " server_name $DOKUWIKI_ONION_HOSTNAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $DOKUWIKI_DOMAIN_NAME nginx_limits "$DOKUWIKI_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes' create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes'
function_check configure_php function_check configure_php
configure_php configure_php
nginx_ensite $DOKUWIKI_DOMAIN_NAME nginx_ensite "$DOKUWIKI_DOMAIN_NAME"
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $DOKUWIKI_DOMAIN_NAME add_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
APP_INSTALLED=1 APP_INSTALLED=1
} }

View File

@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME
function remove_bad_links_edith { function remove_bad_links_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs"
# copy jquery locally # copy jquery locally
jquery_version='1.12.4' jquery_version='1.12.4'
if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then
cd $edith_dir cd $edith_dir || exit 246824628
wget https://code.jquery.com/jquery-${jquery_version}.js wget https://code.jquery.com/jquery-${jquery_version}.js
if [ -f $edith_dir/jquery-${jquery_version}.js ]; then if [ -f $edith_dir/jquery-${jquery_version}.js ]; then
jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}') jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
@ -79,9 +79,9 @@ function change_password_edith {
new_user_password="$2" new_user_password="$2"
sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd
echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username} echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}"
${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password"
} }
function logging_on_edith { function logging_on_edith {
@ -102,21 +102,20 @@ function edith_enable_login {
dialog --title $"Enable Edith login" \ dialog --title $"Enable Edith login" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60 --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60
sel=$? sel=$?
case $sel in case $sel in
0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then 0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
systemctl restart nginx systemctl restart nginx
fi fi
read_config_param $MY_USERNAME read_config_param "$MY_USERNAME"
EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith) EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith)
dialog --title $"Enable Edith login" \ dialog --title $"Enable Edith login" \
--msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65 --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65
EDITH__PASSWORD=
;; ;;
1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then 1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
systemctl restart nginx systemctl restart nginx
fi fi
dialog --title $"Disable Edith login" \ dialog --title $"Disable Edith login" \
@ -127,31 +126,34 @@ function edith_enable_login {
function edith_browse { function edith_browse {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642
editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
} }
function configure_interactive_edith { function configure_interactive_edith {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Edith" \ --title $"Edith" \
--radiolist $"Choose an operation:" 10 50 3 \ --radiolist $"Choose an operation:" 10 50 3 \
1 $"Enable login" off \ 1 $"Enable login" off \
2 $"Browse notes" off \ 2 $"Browse notes" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) edith_enable_login;; 1) edith_enable_login;;
2) edith_browse;; 2) edith_browse;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -165,24 +167,24 @@ function upgrade_edith {
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO"
remove_bad_links_edith remove_bad_links_edith
chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
} }
function backup_local_edith { function backup_local_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
function_check suspend_site function_check suspend_site
suspend_site ${EDITH_DOMAIN_NAME} suspend_site "${EDITH_DOMAIN_NAME}"
source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check backup_directory_to_usb function_check backup_directory_to_usb
dest_directory=edith dest_directory=edith
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
@ -192,12 +194,12 @@ function restore_local_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
temp_restore_dir=/root/tempedith temp_restore_dir=/root/tempedith
edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir edith restore_directory_from_usb $temp_restore_dir edith
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$edith_dir ]; then if [ -d $temp_restore_dir$edith_dir ]; then
cp -rp $temp_restore_dir$edith_dir $edith_dir/ cp -rp $temp_restore_dir$edith_dir $edith_dir/
else else
if [ ! -d $edith_dir ]; then if [ ! -d $edith_dir ]; then
@ -215,13 +217,13 @@ function backup_remote_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
function_check suspend_site function_check suspend_site
suspend_site ${EDITH_DOMAIN_NAME} suspend_site "${EDITH_DOMAIN_NAME}"
source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check backup_directory_to_friend function_check backup_directory_to_friend
dest_directory=edith dest_directory=edith
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
@ -231,12 +233,12 @@ function restore_remote_edith {
read_config_param EDITH_DOMAIN_NAME read_config_param EDITH_DOMAIN_NAME
temp_restore_dir=/root/tempedith temp_restore_dir=/root/tempedith
edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir edith restore_directory_from_friend $temp_restore_dir edith
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$edith_dir ]; then if [ -d $temp_restore_dir$edith_dir ]; then
cp -rp $temp_restore_dir$edith_dir $edith_dir/ cp -rp $temp_restore_dir$edith_dir $edith_dir/
else else
if [ ! -d $edith_dir ]; then if [ ! -d $edith_dir ]; then
@ -253,17 +255,17 @@ function restore_remote_edith {
function remove_edith { function remove_edith {
nginx_dissite $EDITH_DOMAIN_NAME nginx_dissite $EDITH_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
fi fi
if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then
rm -rf /var/www/$EDITH_DOMAIN_NAME rm -rf "/var/www/$EDITH_DOMAIN_NAME"
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service edith ${EDITH_ONION_PORT} remove_onion_service edith ${EDITH_ONION_PORT}
sed -i '/edith/d' $COMPLETION_FILE sed -i '/edith/d' "$COMPLETION_FILE"
if [ -f /etc/nginx/.edithpasswd ]; then if [ -f /etc/nginx/.edithpasswd ]; then
rm /etc/nginx/.edithpasswd rm /etc/nginx/.edithpasswd
@ -286,26 +288,26 @@ function install_edith {
function_check install_nodejs function_check install_nodejs
install_nodejs edith install_nodejs edith
if [ ! ${EDITH_PASSWORD} ]; then if [ ! "${EDITH_PASSWORD}" ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then
rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs"
fi fi
if [ -d /repos/edith ]; then if [ -d /repos/edith ]; then
mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs"
cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs"
cd /var/www/$EDITH_DOMAIN_NAME/htdocs cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
@ -313,102 +315,102 @@ function install_edith {
exit 537593569 exit 537593569
fi fi
cd /var/www/$EDITH_DOMAIN_NAME/htdocs cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248
git checkout $EDITH_COMMIT -b $EDITH_COMMIT git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT"
set_completion_param "edith commit" "$EDITH_COMMIT" set_completion_param "edith commit" "$EDITH_COMMIT"
if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then
mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
fi fi
EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT}) EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT})
edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php" nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php"
echo 'server {' >> $edith_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $edith_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $edith_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site echo " server_name $EDITH_DOMAIN_NAME;";
echo '' >> $edith_nginx_site echo ''; } >> "$edith_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $EDITH_DOMAIN_NAME nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> $edith_nginx_site echo '' >> "$edith_nginx_site"
echo ' # Security' >> $edith_nginx_site echo ' # Security' >> "$edith_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $EDITH_DOMAIN_NAME nginx_ssl "$EDITH_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $EDITH_DOMAIN_NAME nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $edith_nginx_site echo '';
echo ' access_log /dev/null;' >> $edith_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $edith_nginx_site echo ' error_log /dev/null;';
echo '' >> $edith_nginx_site echo '';
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
echo '' >> $edith_nginx_site echo '';
echo ' index index.php;' >> $edith_nginx_site echo ' index index.php;';
echo '' >> $edith_nginx_site echo '';
echo ' # PHP' >> $edith_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $edith_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '' >> $edith_nginx_site echo '';
echo ' # Location' >> $edith_nginx_site echo ' # Location';
echo ' location / {' >> $edith_nginx_site echo ' location / {'; } >> "$edith_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $EDITH_DOMAIN_NAME '15m' nginx_limits "$EDITH_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site { echo " try_files \$uri \$uri/ /index.php?\$args;";
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site echo " auth_basic \"${EDITH_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site echo ' auth_basic_user_file /etc/nginx/.edithpasswd;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '}' >> $edith_nginx_site echo '}'; } >> "$edith_nginx_site"
else else
echo -n '' > $edith_nginx_site echo -n '' > "$edith_nginx_site"
fi fi
echo 'server {' >> $edith_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;";
echo " server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site echo " server_name $EDITH_ONION_HOSTNAME;";
echo '' >> $edith_nginx_site echo ''; } >> "$edith_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $EDITH_DOMAIN_NAME nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> $edith_nginx_site echo '' >> "$edith_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $EDITH_DOMAIN_NAME nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
echo '' >> $edith_nginx_site { echo '';
echo ' access_log /dev/null;' >> $edith_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $edith_nginx_site echo ' error_log /dev/null;';
echo '' >> $edith_nginx_site echo '';
echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
echo '' >> $edith_nginx_site echo '';
echo ' index index.php;' >> $edith_nginx_site echo ' index index.php;';
echo '' >> $edith_nginx_site echo '';
echo ' # PHP' >> $edith_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $edith_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '' >> $edith_nginx_site echo '';
echo ' # Location' >> $edith_nginx_site echo ' # Location';
echo ' location / {' >> $edith_nginx_site echo ' location / {'; } >> "$edith_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $EDITH_DOMAIN_NAME '15m' nginx_limits $EDITH_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site { echo " try_files \$uri \$uri/ /index.php?\$args;";
echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site echo " auth_basic \"${EDITH_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site echo ' auth_basic_user_file /etc/nginx/.edithpasswd;';
echo ' }' >> $edith_nginx_site echo ' }';
echo '}' >> $edith_nginx_site echo '}'; } >> "$edith_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $EDITH_DOMAIN_NAME 'yes' create_site_certificate "$EDITH_DOMAIN_NAME" 'yes'
# create a password for users # create a password for users
if [ ! -f /etc/nginx/.edithpasswd ]; then if [ ! -f /etc/nginx/.edithpasswd ]; then
@ -417,24 +419,23 @@ function install_edith {
if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then
sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd
fi fi
echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME"
if [ ! -f /etc/nginx/.edithpasswd ]; then if [ ! -f /etc/nginx/.edithpasswd ]; then
echo $'/etc/nginx/.edithpasswd not found' echo $'/etc/nginx/.edithpasswd not found'
exit 6537683563 exit 6537683563
fi fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD"
cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess"
cd /var/www/$EDITH_DOMAIN_NAME/htdocs cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468
npm install -g coffeescript uglify-js npm install -g coffeescript uglify-js
cake build if ! cake build; then
if [ ! "$?" = "0" ]; then
echo $'Unable to build Edith' echo $'Unable to build Edith'
exit 7396483635 exit 7396483635
fi fi
cp config.example.php config.php cp config.example.php config.php
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php
else else
sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php
@ -445,20 +446,20 @@ function install_edith {
remove_bad_links_edith remove_bad_links_edith
chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
nginx_ensite $EDITH_DAEMON_NAME nginx_ensite "$EDITH_DAEMON_NAME"
systemctl restart nginx systemctl restart nginx
APP_INSTALLED=1 APP_INSTALLED=1
} }
function install_interactive_edith { function install_interactive_edith {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
GHOST_DOMAIN_NAME='edith.local' GHOST_DOMAIN_NAME='edith.local'
write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME" write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
else else

View File

@ -57,13 +57,13 @@ function backup_local_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/.emacs.d ]; then if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME" echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then if [ -f "/home/$USERNAME/.emacs" ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi fi
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
fi fi
fi fi
done done
@ -71,24 +71,25 @@ function backup_local_emacs {
function restore_local_emacs { function restore_local_emacs {
temp_restore_dir=/root/tempemacs temp_restore_dir=/root/tempemacs
if [ -d $USB_MOUNT/backup/emacs ]; then if [ -d "$USB_MOUNT/backup/emacs" ]; then
for d in $USB_MOUNT/backup/emacs/*/ ; do for d in $USB_MOUNT/backup/emacs/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Emacs config for $USERNAME" echo $"Restoring Emacs config for $USERNAME"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir emacs/$USERNAME restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.emacs.d ]; then if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
mkdir /home/$USERNAME/.emacs.d mkdir "/home/$USERNAME/.emacs.d"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -97,10 +98,10 @@ function restore_local_emacs {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
else else
cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -112,13 +113,13 @@ function backup_remote_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/.emacs.d ]; then if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME" echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then if [ -f "/home/$USERNAME/.emacs" ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi fi
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
fi fi
fi fi
done done
@ -126,24 +127,25 @@ function backup_remote_emacs {
function restore_remote_emacs { function restore_remote_emacs {
temp_restore_dir=/root/tempemacs temp_restore_dir=/root/tempemacs
if [ -d $USB_MOUNT/backup/emacs ]; then if [ -d "$USB_MOUNT/backup/emacs" ]; then
for d in $USB_MOUNT/backup/emacs/*/ ; do for d in $USB_MOUNT/backup/emacs/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Emacs config for $USERNAME" echo $"Restoring Emacs config for $USERNAME"
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir emacs/$USERNAME restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.emacs.d ]; then if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
mkdir /home/$USERNAME/.emacs.d mkdir "/home/$USERNAME/.emacs.d"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/* cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -152,10 +154,10 @@ function restore_remote_emacs {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
else else
cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -166,7 +168,7 @@ function restore_remote_emacs {
function remove_emacs { function remove_emacs {
apt-get -yq remove --purge emacs apt-get -yq remove --purge emacs
update-alternatives --set editor /usr/bin/nano update-alternatives --set editor /usr/bin/nano
sed -i '/install_emacs/d' $COMPLETION_FILE sed -i '/install_emacs/d' "$COMPLETION_FILE"
# remove emacs as the mutt email editor # remove emacs as the mutt email editor
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
@ -176,9 +178,9 @@ function remove_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q "set editor=" /home/$USERNAME/.muttrc; then if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
sed -i '/set editor=/d' /home/$USERNAME/.muttrc sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
fi fi
fi fi
fi fi
@ -194,74 +196,74 @@ function install_emacs {
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
#echo '' >> /home/$MY_USERNAME/.emacs #echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs { echo $';; ===== Remove trailing whitepace ======================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs echo ';; Goto a line number with CTRL-l';
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs echo -n '(global-set-key "\C-l" ';
echo "'goto-line)" >> /home/$MY_USERNAME/.emacs echo "'goto-line)";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Show line numbers ==============================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable line wrapping in org-mode ===============================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs echo " (add-hook 'org-mode-hook";
echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs echo " '(lambda ()";
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs echo " (visual-line-mode 1)))";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable shift select in org mode ================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs echo '(setq org-support-shift-select t)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Set standard indent to 4 rather that 4 =========================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs echo '(setq c-basic-offset 4)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Support Wheel Mouse Scrolling ==================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs echo '(mouse-wheel-mode t)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Place Backup Files in Specific Directory =======================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs echo '(setq make-backup-files t)';
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Make Text mode the default mode for new buffers ================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs echo "(setq default-major-mode 'text-mode)";
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Line length ====================================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs echo '(setq-default fill-column 72)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable Line and Column Numbering ===============================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(line-number-mode 1)';
echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(column-number-mode 1)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of';
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs echo ';; newlines when the cursor goes over the column limit.';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs echo ';; This should actually turn on auto-fill-mode by default in all major';
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs echo ';; modes. The other way to do this is to turn on the fill for specific modes';
echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs echo ';; via hooks.';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(setq auto-fill-mode 1)';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs echo $';; ===== Enable GPG encryption =========================================';
echo '' >> /home/$MY_USERNAME/.emacs echo '';
echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs echo "(require 'epa)";
echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs"
cp /home/$MY_USERNAME/.emacs /root/.emacs cp "/home/$MY_USERNAME/.emacs" /root/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs"
# add a mutt entry to use emacs to compose emails # add a mutt entry to use emacs to compose emails
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
@ -273,92 +275,92 @@ function install_emacs {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc"
else else
sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc"
fi fi
fi fi
# create an Emacs configuration specifically for use with Mutt, which # create an Emacs configuration specifically for use with Mutt, which
# has word wrap and spell checking on by default # has word wrap and spell checking on by default
if [ ! -f /home/$USERNAME/.emacs-mutt ]; then if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then
echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt echo '(setq org-support-shift-select t)';
echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt echo '(setq c-basic-offset 4)';
echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt echo '(mouse-wheel-mode t)';
echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt echo '(setq make-backup-files t)';
echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt echo "(setq default-major-mode 'text-mode)";
echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt echo "(dolist (hook '(text-mode-hook))";
echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt echo ' (add-hook hook (lambda () (flyspell-mode 1))))';
echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt"
if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then
echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then
echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then
echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then
echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then
echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then
echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then
echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then
echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then
echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then
echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then
echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then
echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then
echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then
echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then
echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then
echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then
echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then
echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt"
fi fi
echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt { echo '(setq auto-fill-mode 0)';
echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt"
chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt"
# add the emacs mutt configuration to the user profile skeleton # add the emacs mutt configuration to the user profile skeleton
if [ ! -f /etc/skel/.emacs-mutt ]; then if [ ! -f /etc/skel/.emacs-mutt ]; then
cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt
chown root:root /etc/skel/.emacs-mutt chown root:root /etc/skel/.emacs-mutt
fi fi
fi fi

View File

@ -41,7 +41,7 @@ ETHERPAD_REPO="https://github.com/ether/etherpad-lite"
ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6' ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6'
ETHERPAD_ADMIN_PASSWORD= ETHERPAD_ADMIN_PASSWORD=
ETHERPAD_TITLE=$'Freedombone Docs' ETHERPAD_TITLE=$'Freedombone Docs'
ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!" ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
etherpad_variables=(ONION_ONLY etherpad_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME DEFAULT_DOMAIN_NAME
@ -67,109 +67,109 @@ function change_password_etherpad {
read_config_param ETHERPAD_DOMAIN_NAME read_config_param ETHERPAD_DOMAIN_NAME
if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {") user_line=$(grep "\"$change_username\": {" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json")
if [[ "$user_line" == *"\"is_admin\": true"* ]]; then if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
else else
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
fi fi
${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2" "${PROJECT_NAME}-pass" -u "$change_username" -a etherpad -p "$2"
systemctl restart etherpad systemctl restart etherpad
fi fi
} }
function etherpad_create_database { function etherpad_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" $MY_USERNAME create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function create_etherpad_settings { function create_etherpad_settings {
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
echo '{' > $settings_file { echo '{';
echo " \"title\": \"${ETHERPAD_TITLE}\"," >> $settings_file echo " \"title\": \"${ETHERPAD_TITLE}\",";
echo ' "favicon": "favicon.ico",' >> $settings_file echo ' "favicon": "favicon.ico",';
echo ' "ip": "127.0.0.1",' >> $settings_file echo ' "ip": "127.0.0.1",';
echo " \"port\" : ${ETHERPAD_PORT}," >> $settings_file echo " \"port\" : ${ETHERPAD_PORT},";
echo ' "showSettingsInAdminPage" : true,' >> $settings_file echo ' "showSettingsInAdminPage" : true,';
echo ' "dbType" : "mysql",' >> $settings_file echo ' "dbType" : "mysql",';
echo ' "dbSettings" : {' >> $settings_file echo ' "dbSettings" : {';
echo ' "user" : "root",' >> $settings_file echo ' "user" : "root",';
echo ' "host" : "localhost",' >> $settings_file echo ' "host" : "localhost",';
echo " \"password\": \"${MARIADB_PASSWORD}\"," >> $settings_file echo " \"password\": \"${MARIADB_PASSWORD}\",";
echo ' "database": "etherpad",' >> $settings_file echo ' "database": "etherpad",';
echo ' "charset" : "utf8mb4"' >> $settings_file echo ' "charset" : "utf8mb4"';
echo ' },' >> $settings_file echo ' },';
echo " \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"," >> $settings_file echo " \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\",";
echo ' "padOptions": {' >> $settings_file echo ' "padOptions": {';
echo ' "noColors": false,' >> $settings_file echo ' "noColors": false,';
echo ' "showControls": true,' >> $settings_file echo ' "showControls": true,';
echo ' "showChat": true,' >> $settings_file echo ' "showChat": true,';
echo ' "showLineNumbers": false,' >> $settings_file echo ' "showLineNumbers": false,';
echo ' "useMonospaceFont": false,' >> $settings_file echo ' "useMonospaceFont": false,';
echo ' "userName": false,' >> $settings_file echo ' "userName": false,';
echo ' "userColor": true,' >> $settings_file echo ' "userColor": true,';
echo ' "rtl": false,' >> $settings_file echo ' "rtl": false,';
echo ' "alwaysShowChat": true,' >> $settings_file echo ' "alwaysShowChat": true,';
echo ' "chatAndUsers": true,' >> $settings_file echo ' "chatAndUsers": true,';
echo ' "lang": "en-gb"' >> $settings_file echo ' "lang": "en-gb"';
echo ' },' >> $settings_file echo ' },';
echo ' "suppressErrorsInPadText" : true,' >> $settings_file echo ' "suppressErrorsInPadText" : true,';
echo ' "requireSession" : false,' >> $settings_file echo ' "requireSession" : false,';
echo ' "editOnly" : false,' >> $settings_file echo ' "editOnly" : false,';
echo ' "sessionNoPassword" : false,' >> $settings_file echo ' "sessionNoPassword" : false,';
echo ' "minify" : true,' >> $settings_file echo ' "minify" : true,';
echo ' "maxAge" : 21600, // 60 * 60 * 6 = 6 hours' >> $settings_file echo ' "maxAge" : 21600, // 60 * 60 * 6 = 6 hours';
echo ' "abiword" : null,' >> $settings_file echo ' "abiword" : null,';
echo ' "soffice" : null,' >> $settings_file echo ' "soffice" : null,';
echo ' "tidyHtml" : null,' >> $settings_file echo ' "tidyHtml" : null,';
echo ' "allowUnknownFileEnds" : false,' >> $settings_file echo ' "allowUnknownFileEnds" : false,';
echo ' "requireAuthentication" : true,' >> $settings_file echo ' "requireAuthentication" : true,';
echo ' "requireAuthorization" : true,' >> $settings_file echo ' "requireAuthorization" : true,';
echo ' "trustProxy" : false,' >> $settings_file echo ' "trustProxy" : false,';
echo ' "disableIPlogging" : true,' >> $settings_file echo ' "disableIPlogging" : true,';
echo ' "users": {' >> $settings_file echo ' "users": {';
echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }";
echo ' },' >> $settings_file echo ' },';
echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],';
echo ' "loadTest": false,' >> $settings_file echo ' "loadTest": false,';
echo ' "indentationOnNewLine": false,' >> $settings_file echo ' "indentationOnNewLine": false,';
echo ' "toolbar": {' >> $settings_file echo ' "toolbar": {';
echo ' "left": [' >> $settings_file echo ' "left": [';
echo ' ["bold", "italic", "underline", "strikethrough"],' >> $settings_file echo ' ["bold", "italic", "underline", "strikethrough"],';
echo ' ["orderedlist", "unorderedlist", "indent", "outdent"],' >> $settings_file echo ' ["orderedlist", "unorderedlist", "indent", "outdent"],';
echo ' ["undo", "redo"],' >> $settings_file echo ' ["undo", "redo"],';
echo ' ["clearauthorship"]' >> $settings_file echo ' ["clearauthorship"]';
echo ' ],' >> $settings_file echo ' ],';
echo ' "right": [' >> $settings_file echo ' "right": [';
echo ' ["importexport", "timeslider", "savedrevision"],' >> $settings_file echo ' ["importexport", "timeslider", "savedrevision"],';
echo ' ["settings", "embed"],' >> $settings_file echo ' ["settings", "embed"],';
echo ' ["showusers"]' >> $settings_file echo ' ["showusers"]';
echo ' ],' >> $settings_file echo ' ],';
echo ' "timeslider": [' >> $settings_file echo ' "timeslider": [';
echo ' ["timeslider_export", "timeslider_returnToPad"]' >> $settings_file echo ' ["timeslider_export", "timeslider_returnToPad"]';
echo ' ]' >> $settings_file echo ' ]';
echo ' },' >> $settings_file echo ' },';
echo ' "loglevel": "INFO"' >> $settings_file echo ' "loglevel": "INFO"';
echo '}' >> $settings_file echo '}'; } > $settings_file
chmod 600 $settings_file chmod 600 $settings_file
} }
@ -177,7 +177,7 @@ function remove_user_etherpad {
remove_username="$1" remove_username="$1"
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
${PROJECT_NAME}-pass -u $remove_username --rmapp etherpad "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp etherpad
if grep -q "\"$remove_username\": {" $settings_file; then if grep -q "\"$remove_username\": {" $settings_file; then
sed -i "/\"$remove_username\": {/d" $settings_file sed -i "/\"$remove_username\": {/d" $settings_file
@ -191,7 +191,7 @@ function add_user_etherpad {
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
if ! grep -q "\"$new_username\": {" $settings_file; then if ! grep -q "\"$new_username\": {" $settings_file; then
${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2" "${PROJECT_NAME}-pass" -u "$new_username" -a etherpad -p "$2"
sed -i "/\"users\": {/a \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file sed -i "/\"users\": {/a \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
if grep -q "\"$new_username\": {" $settings_file; then if grep -q "\"$new_username\": {" $settings_file; then
systemctl restart etherpad systemctl restart etherpad
@ -204,11 +204,11 @@ function add_user_etherpad {
} }
function install_interactive_etherpad { function install_interactive_etherpad {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
ETHERPAD_DOMAIN_NAME='etherpad.local' ETHERPAD_DOMAIN_NAME='etherpad.local'
write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME" write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME"
else else
@ -220,18 +220,17 @@ function install_interactive_etherpad {
function etherpad_set_title { function etherpad_set_title {
read_config_param "ETHERPAD_TITLE" read_config_param "ETHERPAD_TITLE"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Etherpad Title" \ dialog --title $"Etherpad Title" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>$data --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
temp_title=$(<$data) temp_title=$(<"$data")
if [ ${#temp_title} -gt 0 ]; then if [ ${#temp_title} -gt 0 ]; then
ETHERPAD_TITLE="$temp_title" ETHERPAD_TITLE="$temp_title"
settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE" write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE"
sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file
@ -241,22 +240,22 @@ function etherpad_set_title {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function etherpad_set_welcome_message { function etherpad_set_welcome_message {
read_config_param "ETHERPAD_WELCOME_MESSAGE" read_config_param "ETHERPAD_WELCOME_MESSAGE"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Etherpad Welcome Message" \ dialog --title $"Etherpad Welcome Message" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>$data --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
temp_welcome=$(<$data) temp_welcome=$(<"$data")
if [ ${#temp_welcome} -gt 0 ]; then if [ ${#temp_welcome} -gt 0 ]; then
ETHERPAD_WELCOME_MESSAGE="$temp_welcome" ETHERPAD_WELCOME_MESSAGE="$temp_welcome"
settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE" write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE"
sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file
@ -266,29 +265,33 @@ function etherpad_set_welcome_message {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_etherpad { function configure_interactive_etherpad {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Etherpad Settings" \ --title $"Etherpad Settings" \
--radiolist $"Choose an operation:" 12 70 3 \ --radiolist $"Choose an operation:" 12 70 3 \
1 $"Set Title" off \ 1 $"Set Title" off \
2 $"Set a welcome message" off \ 2 $"Set a welcome message" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) etherpad_set_title;; 1) etherpad_set_title;;
2) etherpad_set_welcome_message;; 2) etherpad_set_welcome_message;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -311,18 +314,18 @@ function upgrade_etherpad {
function backup_local_etherpad { function backup_local_etherpad {
ETHERPAD_DOMAIN_NAME='etherpad' ETHERPAD_DOMAIN_NAME='etherpad'
if grep -q "etherpad domain" $COMPLETION_FILE; then if grep -q "etherpad domain" "$COMPLETION_FILE"; then
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
fi fi
source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=etherpad dest_directory=etherpad
function_check suspend_site function_check suspend_site
suspend_site ${ETHERPAD_DOMAIN_NAME} suspend_site "${ETHERPAD_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb etherpad backup_database_to_usb etherpad
@ -333,50 +336,50 @@ function backup_local_etherpad {
} }
function restore_local_etherpad { function restore_local_etherpad {
if ! grep -q "etherpad domain" $COMPLETION_FILE; then if ! grep -q "etherpad domain" "$COMPLETION_FILE"; then
return return
fi fi
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
if [ $ETHERPAD_DOMAIN_NAME ]; then if [ "$ETHERPAD_DOMAIN_NAME" ]; then
temp_restore_dir=/root/tempetherpad temp_restore_dir=/root/tempetherpad
etherpad_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs #etherpad_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
function_check etherpad_create_database function_check etherpad_create_database
etherpad_create_database etherpad_create_database
restore_database etherpad ${ETHERPAD_DOMAIN_NAME} restore_database etherpad "${ETHERPAD_DOMAIN_NAME}"
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi fi
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
MARIADB_PASSWORD= MARIADB_PASSWORD=
fi fi
} }
function backup_remote_etherpad { function backup_remote_etherpad {
if grep -q "etherpad domain" $COMPLETION_FILE; then if grep -q "etherpad domain" "$COMPLETION_FILE"; then
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
temp_backup_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs temp_backup_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
function_check suspend_site function_check suspend_site
suspend_site ${ETHERPAD_DOMAIN_NAME} suspend_site "${ETHERPAD_DOMAIN_NAME}"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend etherpad backup_database_to_friend etherpad
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir etherpad backup_directory_to_friend "$temp_backup_dir" etherpad
function_check restart_site function_check restart_site
restart_site restart_site
@ -387,29 +390,29 @@ function backup_remote_etherpad {
} }
function restore_remote_etherpad { function restore_remote_etherpad {
if grep -q "etherpad domain" $COMPLETION_FILE; then if grep -q "etherpad domain" "$COMPLETION_FILE"; then
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
function_check etherpad_create_database function_check etherpad_create_database
etherpad_create_database etherpad_create_database
function_check restore_database_from_friend function_check restore_database_from_friend
restore_database_from_friend etherpad ${ETHERPAD_DOMAIN_NAME} restore_database_from_friend etherpad "${ETHERPAD_DOMAIN_NAME}"
if [ -d /root/tempetherpad ]; then if [ -d /root/tempetherpad ]; then
rm -rf /root/tempetherpad rm -rf /root/tempetherpad
fi fi
chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi fi
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
MARIADB_PASSWORD= MARIADB_PASSWORD=
fi fi
} }
@ -427,13 +430,13 @@ function remove_etherpad {
rm /etc/systemd/system/etherpad.service rm /etc/systemd/system/etherpad.service
fi fi
systemctl daemon-reload systemctl daemon-reload
nginx_dissite $ETHERPAD_DOMAIN_NAME nginx_dissite "$ETHERPAD_DOMAIN_NAME"
remove_certs $ETHERPAD_DOMAIN_NAME remove_certs "$ETHERPAD_DOMAIN_NAME"
if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then if [ -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
rm -rf /var/www/$ETHERPAD_DOMAIN_NAME rm -rf "/var/www/$ETHERPAD_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME rm "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database etherpad drop_database etherpad
@ -441,7 +444,7 @@ function remove_etherpad {
remove_onion_service etherpad ${ETHERPAD_ONION_PORT} remove_onion_service etherpad ${ETHERPAD_ONION_PORT}
remove_app etherpad remove_app etherpad
remove_completion_param install_etherpad remove_completion_param install_etherpad
sed -i '/etherpad/d' $COMPLETION_FILE sed -i '/etherpad/d' "$COMPLETION_FILE"
remove_backup_database_local etherpad remove_backup_database_local etherpad
remove_nodejs etherpad remove_nodejs etherpad
@ -449,22 +452,22 @@ function remove_etherpad {
userdel -r etherpad userdel -r etherpad
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $ETHERPAD_DOMAIN_NAME remove_ddns_domain "$ETHERPAD_DOMAIN_NAME"
} }
function install_etherpad { function install_etherpad {
if [ ! $ETHERPAD_DOMAIN_NAME ]; then if [ ! "$ETHERPAD_DOMAIN_NAME" ]; then
echo $'No domain name was given for etherpad' echo $'No domain name was given for etherpad'
exit 7359 exit 7359
fi fi
check_ram_availability 2000 check_ram_availability 2000
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
@ -484,133 +487,133 @@ function install_etherpad {
function_check install_nodejs function_check install_nodejs
install_nodejs etherpad install_nodejs etherpad
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
mkdir /var/www/$ETHERPAD_DOMAIN_NAME mkdir "/var/www/$ETHERPAD_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/etherpad ]; then if [ -d /repos/etherpad ]; then
mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs mkdir "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs cp -r -p /repos/etherpad/. "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 32468346
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs git_clone "$ETHERPAD_REPO" "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone etherpad repo' echo $'Unable to clone etherpad repo'
exit 56382 exit 56382
fi fi
fi fi
cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 24654824
git checkout $ETHERPAD_COMMIT -b $ETHERPAD_COMMIT git checkout "$ETHERPAD_COMMIT" -b "$ETHERPAD_COMMIT"
set_completion_param "etherpad commit" "$ETHERPAD_COMMIT" set_completion_param "etherpad commit" "$ETHERPAD_COMMIT"
chmod a+w /var/www/$ETHERPAD_DOMAIN_NAME/htdocs chmod a+w "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
chown www-data:www-data /var/www/$ETHERPAD_DOMAIN_NAME/htdocs chown www-data:www-data "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
function_check etherpad_create_database function_check etherpad_create_database
etherpad_create_database etherpad_create_database
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $ETHERPAD_DOMAIN_NAME add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
create_etherpad_settings create_etherpad_settings
adduser --system --home=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ --group etherpad adduser --system --home="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" --group etherpad
chown -R etherpad: /var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ chown -R etherpad: "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/"
echo '[Unit]' > /etc/systemd/system/etherpad.service { echo '[Unit]';
echo 'Description=etherpad-lite (real-time collaborative document editing)' >> /etc/systemd/system/etherpad.service echo 'Description=etherpad-lite (real-time collaborative document editing)';
echo 'After=syslog.target network.target' >> /etc/systemd/system/etherpad.service echo 'After=syslog.target network.target';
echo '' >> /etc/systemd/system/etherpad.service echo '';
echo '[Service]' >> /etc/systemd/system/etherpad.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/etherpad.service echo 'Type=simple';
echo 'User=etherpad' >> /etc/systemd/system/etherpad.service echo 'User=etherpad';
echo 'Group=etherpad' >> /etc/systemd/system/etherpad.service echo 'Group=etherpad';
echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" >> /etc/systemd/system/etherpad.service echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs";
echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh" >> /etc/systemd/system/etherpad.service echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh";
echo 'Restart=on-failure' >> /etc/systemd/system/etherpad.service echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/etherpad.service echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/etherpad.service echo 'RestartForceExitStatus=3 4';
echo '' >> /etc/systemd/system/etherpad.service echo '';
echo '[Install]' >> /etc/systemd/system/etherpad.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/etherpad.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/etherpad.service
chmod +x /etc/systemd/system/etherpad.service chmod +x /etc/systemd/system/etherpad.service
etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $ETHERPAD_DOMAIN_NAME nginx_http_redirect "$ETHERPAD_DOMAIN_NAME"
echo 'server {' >> $etherpad_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $etherpad_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $etherpad_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site echo " server_name $ETHERPAD_DOMAIN_NAME;";
echo '' >> $etherpad_nginx_site echo '';
echo ' # Security' >> $etherpad_nginx_site echo ' # Security'; } >> "$etherpad_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $ETHERPAD_DOMAIN_NAME nginx_ssl "$ETHERPAD_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $etherpad_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $etherpad_nginx_site echo '';
echo ' # Logs' >> $etherpad_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $etherpad_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $etherpad_nginx_site echo ' error_log /dev/null;';
echo '' >> $etherpad_nginx_site echo '';
echo ' # Root' >> $etherpad_nginx_site echo ' # Root';
echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
echo '' >> $etherpad_nginx_site echo '';
echo ' location / {' >> $etherpad_nginx_site echo ' location / {'; } >> "$etherpad_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $ETHERPAD_DOMAIN_NAME '15m' nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site { echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;";
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;' >> $etherpad_nginx_site echo ' proxy_buffering off;';
echo ' }' >> $etherpad_nginx_site echo ' }';
echo '}' >> $etherpad_nginx_site echo '}'; } >> "$etherpad_nginx_site"
else else
echo -n '' > $etherpad_nginx_site echo -n '' > "$etherpad_nginx_site"
fi fi
echo 'server {' >> $etherpad_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;" >> $etherpad_nginx_site echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
echo " server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site echo " server_name $ETHERPAD_ONION_HOSTNAME;";
echo '' >> $etherpad_nginx_site echo ''; } >> "$etherpad_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
echo '' >> $etherpad_nginx_site { echo '';
echo ' # Logs' >> $etherpad_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $etherpad_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $etherpad_nginx_site echo ' error_log /dev/null;';
echo '' >> $etherpad_nginx_site echo '';
echo ' # Root' >> $etherpad_nginx_site echo ' # Root';
echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
echo '' >> $etherpad_nginx_site echo '';
echo ' location / {' >> $etherpad_nginx_site echo ' location / {'; } >> "$etherpad_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $ETHERPAD_DOMAIN_NAME '15m' nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site { echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;";
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;' >> $etherpad_nginx_site echo ' proxy_buffering off;';
echo ' }' >> $etherpad_nginx_site echo ' }';
echo '}' >> $etherpad_nginx_site echo '}'; } >> "$etherpad_nginx_site"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $ETHERPAD_DOMAIN_NAME 'yes' create_site_certificate "$ETHERPAD_DOMAIN_NAME" 'yes'
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt ]; then if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" ]; then
mv /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem mv "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi fi
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi fi
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
fi fi
usermod -a -G ssl-cert etherpad usermod -a -G ssl-cert etherpad
@ -623,14 +626,14 @@ function install_etherpad {
backup_database_local etherpad backup_database_local etherpad
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $ETHERPAD_DOMAIN_NAME nginx_ensite "$ETHERPAD_DOMAIN_NAME"
ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT}) ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT})
${PROJECT_NAME}-pass -u $MY_USERNAME -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $ETHERPAD_DOMAIN_NAME add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME" set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"

View File

@ -127,7 +127,7 @@ function add_user_fedwiki {
} }
function install_interactive_fedwiki { function install_interactive_fedwiki {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -148,7 +148,7 @@ function change_password_fedwiki {
echo $'Fedwiki password is too short' echo $'Fedwiki password is too short'
return return
fi fi
${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD" "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
systemctl daemon-reload systemctl daemon-reload
@ -177,12 +177,12 @@ function upgrade_fedwiki {
function backup_local_fedwiki { function backup_local_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local' FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi fi
systemctl stop fedwiki systemctl stop fedwiki
suspend_site ${FEDWIKI_DOMAIN_NAME} suspend_site "${FEDWIKI_DOMAIN_NAME}"
fedwiki_path=$FEDWIKI_DATA fedwiki_path=$FEDWIKI_DATA
if [ -d $fedwiki_path ]; then if [ -d $fedwiki_path ]; then
@ -195,11 +195,11 @@ function backup_local_fedwiki {
function restore_local_fedwiki { function restore_local_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local' FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi fi
if [ $FEDWIKI_DOMAIN_NAME ]; then if [ "$FEDWIKI_DOMAIN_NAME" ]; then
suspend_site ${FEDWIKI_DOMAIN_NAME} suspend_site "${FEDWIKI_DOMAIN_NAME}"
systemctl stop fedwiki systemctl stop fedwiki
temp_restore_dir=/root/tempfedwiki temp_restore_dir=/root/tempfedwiki
@ -215,8 +215,8 @@ function restore_local_fedwiki {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}') FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD" "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD" write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
systemctl daemon-reload systemctl daemon-reload
@ -227,12 +227,12 @@ function restore_local_fedwiki {
function backup_remote_fedwiki { function backup_remote_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local' FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi fi
systemctl stop fedwiki systemctl stop fedwiki
suspend_site ${FEDWIKI_DOMAIN_NAME} suspend_site "${FEDWIKI_DOMAIN_NAME}"
temp_backup_dir=$FEDWIKI_DATA temp_backup_dir=$FEDWIKI_DATA
if [ -d $temp_backup_dir ]; then if [ -d $temp_backup_dir ]; then
@ -248,12 +248,12 @@ function backup_remote_fedwiki {
function restore_remote_fedwiki { function restore_remote_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local' FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi fi
systemctl stop fedwiki systemctl stop fedwiki
suspend_site ${FEDWIKI_DOMAIN_NAME} suspend_site "${FEDWIKI_DOMAIN_NAME}"
temp_restore_dir=/root/tempfedwiki temp_restore_dir=/root/tempfedwiki
function_check restore_directory_from_friend function_check restore_directory_from_friend
@ -268,8 +268,8 @@ function restore_remote_fedwiki {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}') FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD" "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD" write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
systemctl daemon-reload systemctl daemon-reload
@ -294,20 +294,20 @@ function remove_fedwiki {
remove_nodejs fedwiki remove_nodejs fedwiki
read_config_param "FEDWIKI_DOMAIN_NAME" read_config_param "FEDWIKI_DOMAIN_NAME"
nginx_dissite $FEDWIKI_DOMAIN_NAME nginx_dissite "$FEDWIKI_DOMAIN_NAME"
remove_certs ${FEDWIKI_DOMAIN_NAME} remove_certs "${FEDWIKI_DOMAIN_NAME}"
if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
fi fi
if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
rm -rf /var/www/$FEDWIKI_DOMAIN_NAME rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
fi fi
remove_config_param FEDWIKI_DOMAIN_NAME remove_config_param FEDWIKI_DOMAIN_NAME
remove_config_param FEDWIKI_CODE remove_config_param FEDWIKI_CODE
function_check remove_onion_service function_check remove_onion_service
remove_onion_service fedwiki ${FEDWIKI_ONION_PORT} remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
remove_completion_param "install_fedwiki" remove_completion_param "install_fedwiki"
sed -i '/fedwiki/d' $COMPLETION_FILE sed -i '/fedwiki/d' "$COMPLETION_FILE"
groupdel -f fedwiki groupdel -f fedwiki
userdel -r fedwiki userdel -r fedwiki
@ -317,101 +317,102 @@ function remove_fedwiki {
fi fi
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $FEDWIKI_DOMAIN_NAME remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
} }
function fedwiki_setup_web { function fedwiki_setup_web {
fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
echo 'server {' > $fedwiki_nginx_file { echo 'server {';
echo ' listen 80;' >> $fedwiki_nginx_file echo ' listen 80;';
echo ' listen [::]:80;' >> $fedwiki_nginx_file echo ' listen [::]:80;';
echo " server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file echo " server_name $FEDWIKI_DOMAIN_NAME;";
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file echo " rewrite ^ https://\$server_name\$request_uri? permanent;";
echo '}' >> $fedwiki_nginx_file echo '}';
echo '' >> $fedwiki_nginx_file echo '';
echo 'server {' >> $fedwiki_nginx_file echo 'server {';
echo ' listen 443 ssl;' >> $fedwiki_nginx_file echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $fedwiki_nginx_file echo ' #listen [::]:443 ssl;';
echo " server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file echo " server_name $FEDWIKI_DOMAIN_NAME;";
echo '' >> $fedwiki_nginx_file echo ''; } > "$fedwiki_nginx_file"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $FEDWIKI_DOMAIN_NAME mobile nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
sed -i '/X-Download-Options/d' $fedwiki_nginx_file sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file { echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $fedwiki_nginx_file echo '';
echo ' location /fonts-font-awesome/ {' >> $fedwiki_nginx_file echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file echo ' alias /usr/share/fonts-font-awesome/;';
echo ' }' >> $fedwiki_nginx_file echo ' }';
echo '' >> $fedwiki_nginx_file echo '';
echo ' location / {' >> $fedwiki_nginx_file echo ' location / {';
echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file echo " proxy_pass http://localhost:${FEDWIKI_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $fedwiki_nginx_file echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file echo ' client_max_body_size 1M;';
echo ' }' >> $fedwiki_nginx_file echo ' }';
echo '}' >> $fedwiki_nginx_file echo '}';
echo '' >> $fedwiki_nginx_file echo ''; } >> "$fedwiki_nginx_file"
else else
echo -n '' > $fedwiki_nginx_file echo -n '' > "$fedwiki_nginx_file"
fi fi
echo 'server {' >> $fedwiki_nginx_file { echo 'server {';
echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
echo " server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file echo " server_name $FEDWIKI_ONION_HOSTNAME;";
echo '' >> $fedwiki_nginx_file echo '';
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file echo ' add_header X-Content-Type-Options nosniff;';
echo '' >> $fedwiki_nginx_file echo '';
echo ' location /fonts-font-awesome/ {' >> $fedwiki_nginx_file echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file echo ' alias /usr/share/fonts-font-awesome/;';
echo ' }' >> $fedwiki_nginx_file echo ' }';
echo '' >> $fedwiki_nginx_file echo '';
echo ' location / {' >> $fedwiki_nginx_file echo ' location / {';
echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file echo " proxy_pass http://localhost:${FEDWIKI_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $fedwiki_nginx_file echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file echo ' client_max_body_size 1M;';
echo ' }' >> $fedwiki_nginx_file echo ' }';
echo '}' >> $fedwiki_nginx_file echo '}'; } >> "$fedwiki_nginx_file"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes' create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $FEDWIKI_DOMAIN_NAME nginx_ensite "$FEDWIKI_DOMAIN_NAME"
} }
function install_fedwiki { function install_fedwiki {
if [[ $VARIANT == "mesh"* ]]; then # shellcheck disable=SC2153
if [[ "$VARIANT" == "mesh"* ]]; then
return return
fi fi
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $FEDWIKI_DOMAIN_NAME ]; then if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
echo $'The fedwiki domain name was not specified' echo $'The fedwiki domain name was not specified'
exit 893635 exit 893635
fi fi
if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d $FEDWIKI_DATA ]; then if [ ! -d $FEDWIKI_DATA ]; then
@ -429,14 +430,12 @@ function install_fedwiki {
apt-get -yq install fonts-font-awesome apt-get -yq install fonts-font-awesome
npm install -g wiki@$FEDWIKI_VERSION if ! npm install -g wiki@$FEDWIKI_VERSION; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install fedwiki' echo $'Failed to install fedwiki'
exit 6293523 exit 6293523
fi fi
npm install -g wiki-security-friends@0.1.0 if ! npm install -g wiki-security-friends@0.1.0; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install wiki-security-friends' echo $'Failed to install wiki-security-friends'
exit 783533 exit 783533
fi fi
@ -457,44 +456,44 @@ function install_fedwiki {
FEDWIKI_COOKIE="$(create_password 20)" FEDWIKI_COOKIE="$(create_password 20)"
fi fi
echo '[Unit]' > /etc/systemd/system/fedwiki.service { echo '[Unit]';
echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service echo 'Description=Fedwiki federated wiki';
echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/fedwiki.service echo 'After=network.target';
echo '' >> /etc/systemd/system/fedwiki.service echo '';
echo '[Service]' >> /etc/systemd/system/fedwiki.service echo '[Service]';
echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service echo 'User=fedwiki';
echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service echo 'Group=fedwiki';
echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service echo "WorkingDirectory=/usr/local/lib/node_modules/wiki";
echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service echo 'StandardOutput=syslog';
echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service echo 'StandardError=syslog';
echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service echo 'SyslogIdentifier=fedwiki';
echo 'Restart=always' >> /etc/systemd/system/fedwiki.service echo 'Restart=always';
echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service echo "Environment=NODE_ENV=production";
echo '' >> /etc/systemd/system/fedwiki.service echo '';
echo '[Install]' >> /etc/systemd/system/fedwiki.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service
if [ ! -d ${FEDWIKI_DATA}/status ]; then if [ ! -d ${FEDWIKI_DATA}/status ]; then
mkdir -p ${FEDWIKI_DATA}/status mkdir -p ${FEDWIKI_DATA}/status
fi fi
fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
echo '{' > $fedwiki_auth_file { echo '{';
echo " \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file echo " \"name\": \"${MY_USERNAME}\",";
echo ' "friend": {' >> $fedwiki_auth_file echo ' "friend": {';
echo " \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file echo " \"secret\": \"${FEDWIKI_COOKIE}\"";
echo ' }' >> $fedwiki_auth_file echo ' }';
echo '}' >> $fedwiki_auth_file echo '}'; } > $fedwiki_auth_file
chown -R fedwiki:fedwiki $FEDWIKI_DATA chown -R fedwiki:fedwiki $FEDWIKI_DATA
fedwiki_setup_web fedwiki_setup_web
${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $FEDWIKI_DOMAIN_NAME add_ddns_domain "$FEDWIKI_DOMAIN_NAME"
fedwiki_remove_bad_links fedwiki_remove_bad_links

View File

@ -60,7 +60,7 @@ function logging_off_friendica {
function remove_user_friendica { function remove_user_friendica {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp friendica "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp friendica
} }
function add_user_friendica { function add_user_friendica {
@ -71,27 +71,26 @@ function add_user_friendica {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a friendica -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a friendica -p "$new_user_password"
echo '0' echo '0'
} }
function friendica_renew_cert { function friendica_renew_cert {
dialog --title $"Renew SSL certificate" \ dialog --title $"Renew SSL certificate" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60 --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
255) return;; 255) return;;
esac esac
FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain") FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Renew SSL certificate" \ dialog --title $"Renew SSL certificate" \
--msgbox $"Friendica install directory not found" 6 40 --msgbox $"Friendica install directory not found" 6 40
return return
fi fi
${PROJECT_NAME}-renew-cert -h $FRIENDICA_DOMAIN_NAME -p 'letsencrypt' if ! "${PROJECT_NAME}-renew-cert" -h "$FRIENDICA_DOMAIN_NAME" -p 'letsencrypt'; then
if [ ! "$?" = "0" ]; then
any_key any_key
else else
dialog --title $"Renew SSL certificate" \ dialog --title $"Renew SSL certificate" \
@ -100,52 +99,54 @@ function friendica_renew_cert {
} }
function friendica_channel_directory_server { function friendica_channel_directory_server {
if ! grep -q "friendica domain" $COMPLETION_FILE; then if ! grep -q "friendica domain" "$COMPLETION_FILE"; then
dialog --title $"Friendica channel directory server" \ dialog --title $"Friendica channel directory server" \
--msgbox $"Friendica is not installed on this system" 6 40 --msgbox $"Friendica is not installed on this system" 6 40
return return
fi fi
FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain") FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Friendica channel directory server" \ dialog --title $"Friendica channel directory server" \
--msgbox $"Friendica install directory not found" 6 40 --msgbox $"Friendica install directory not found" 6 40
return return
fi fi
CURR_DIR_SERVER=$(cat /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php | grep directory | awk -F "'" '{print $6}') CURR_DIR_SERVER=$(grep directory "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" | awk -F "'" '{print $6}')
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Friendica channel directory server" \ dialog --title $"Friendica channel directory server" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
friendica_domain_server=$(<$data) friendica_domain_server=$(<"$data")
if [[ "$friendica_domain_server" != *"."* ]]; then if [[ "$friendica_domain_server" != *"."* ]]; then
rm -f "$data"
return return
fi fi
if [[ "$friendica_domain_server" != "http"* ]]; then if [[ "$friendica_domain_server" != "http"* ]]; then
dialog --title $"Friendica channel directory server" \ dialog --title $"Friendica channel directory server" \
--msgbox $"Invalid domain - include the https://" 6 40 --msgbox $"Invalid domain - include the https://" 6 40
rm -f "$data"
return return
fi fi
sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
dialog --title $"Friendica channel directory server" \ dialog --title $"Friendica channel directory server" \
--msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40 --msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40
;; ;;
esac esac
rm -f "$data"
} }
function friendica_close_registrations { function friendica_close_registrations {
sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
dialog --title $"Friendica Account Registrations" \ dialog --title $"Friendica Account Registrations" \
--msgbox $"New registrations are now closed" 6 40 --msgbox $"New registrations are now closed" 6 40
} }
function friendica_allow_registrations { function friendica_allow_registrations {
sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
dialog --title $"Friendica Account Registrations" \ dialog --title $"Friendica Account Registrations" \
--msgbox $"New registrations are permitted" 6 40 --msgbox $"New registrations are permitted" 6 40
} }
@ -153,8 +154,7 @@ function friendica_allow_registrations {
function configure_interactive_friendica { function configure_interactive_friendica {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Friendica" \ --title $"Friendica" \
--radiolist $"Choose an operation:" 15 70 6 \ --radiolist $"Choose an operation:" 15 70 6 \
@ -162,19 +162,21 @@ function configure_interactive_friendica {
2 $"Renew SSL certificate" off \ 2 $"Renew SSL certificate" off \
3 $"Close new account registrations" off \ 3 $"Close new account registrations" off \
4 $"Allow new account registrations" off \ 4 $"Allow new account registrations" off \
5 $"Back to main menu" on 2> $data 5 $"Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) break;;
255) break;; 255) break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) friendica_channel_directory_server;; 1) friendica_channel_directory_server;;
2) friendica_renew_cert;; 2) friendica_renew_cert;;
3) friendica_close_registrations;; 3) friendica_close_registrations;;
4) friendica_allow_registrations;; 4) friendica_allow_registrations;;
5) break;; 5) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -190,7 +192,7 @@ function install_interactive_friendica {
} }
function change_password_friendica { function change_password_friendica {
FRIENDICA_USERNAME="$1" #FRIENDICA_USERNAME="$1"
FRIENDICA_PASSWORD="$2" FRIENDICA_PASSWORD="$2"
if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then
echo $'Friendica password is too short' echo $'Friendica password is too short'
@ -201,14 +203,14 @@ function change_password_friendica {
} }
function friendica_create_database { function friendica_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
FRIENDICA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" FRIENDICA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
fi fi
if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
FRIENDICA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" FRIENDICA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a friendica -p "$FRIENDICA_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
return return
fi fi
@ -229,17 +231,17 @@ function upgrade_friendica {
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $FRIENDICA_PATH "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO set_repo_commit "$FRIENDICA_PATH" "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
set_repo_commit $FRIENDICA_PATH/addon "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO set_repo_commit "$FRIENDICA_PATH/addon" "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
} }
function backup_local_friendica { function backup_local_friendica {
friendica_path=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs friendica_path="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
if [ -d $friendica_path ]; then if [ -d "$friendica_path" ]; then
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb friendica backup_database_to_usb friendica
backup_directory_to_usb $friendica_path friendica backup_directory_to_usb "$friendica_path" friendica
fi fi
} }
@ -250,31 +252,31 @@ function restore_local_friendica {
function_check friendica_create_database function_check friendica_create_database
friendica_create_database friendica_create_database
restore_database friendica ${FRIENDICA_DOMAIN_NAME} restore_database friendica "${FRIENDICA_DOMAIN_NAME}"
if [ -d $USB_MOUNT/backup/friendica ]; then if [ -d "$USB_MOUNT/backup/friendica" ]; then
if [ ! -d $friendica_dir/store/[data]/smarty3 ]; then if [ ! -d "$friendica_dir/store/[data]/smarty3" ]; then
mkdir -p $friendica_dir/store/[data]/smarty3 mkdir -p "$friendica_dir/store/[data]/smarty3"
fi fi
chmod 1777 $friendica_dir/store/[data]/smarty3 chmod 1777 "$friendica_dir/store/[data]/smarty3"
chown -R www-data:www-data $friendica_dir/* chown -R www-data:www-data "$friendica_dir/*"
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
MARIADB_PASSWORD= MARIADB_PASSWORD=
fi fi
} }
function backup_remote_friendica { function backup_remote_friendica {
temp_backup_dir=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs temp_backup_dir="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
suspend_site ${FRIENDICA_DOMAIN_NAME} suspend_site "${FRIENDICA_DOMAIN_NAME}"
backup_database_to_friend friendica backup_database_to_friend friendica
echo "Backing up Friendica installation" echo "Backing up Friendica installation"
backup_directory_to_friend $temp_backup_dir friendica backup_directory_to_friend "$temp_backup_dir" friendica
restart_site restart_site
echo "Backup of Friendica complete" echo "Backup of Friendica complete"
else else
@ -289,21 +291,21 @@ function restore_remote_friendica {
function_check friendica_create_database function_check friendica_create_database
friendica_create_database friendica_create_database
restore_database_from_friend friendica ${FRIENDICA_DOMAIN_NAME} restore_database_from_friend friendica "${FRIENDICA_DOMAIN_NAME}"
if [ -d $SERVER_DIRECTORY/backup/friendica ]; then if [ -d "$SERVER_DIRECTORY/backup/friendica" ]; then
if [ ! -d /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then if [ ! -d "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
mkdir -p /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 mkdir -p "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
fi fi
chmod 1777 /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 chmod 1777 "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
chown -R www-data:www-data /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/* chown -R www-data:www-data "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*"
fi fi
if [ -d /root/tempfriendica ]; then if [ -d /root/tempfriendica ]; then
rm -rf /root/tempfriendica rm -rf /root/tempfriendica
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
MARIADB_PASSWORD= MARIADB_PASSWORD=
} }
@ -311,35 +313,35 @@ function remove_friendica {
if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then
return return
fi fi
nginx_dissite $FRIENDICA_DOMAIN_NAME nginx_dissite "$FRIENDICA_DOMAIN_NAME"
remove_certs ${FRIENDICA_DOMAIN_NAME} remove_certs "${FRIENDICA_DOMAIN_NAME}"
if [ -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then if [ -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
rm -rf /var/www/$FRIENDICA_DOMAIN_NAME rm -rf "/var/www/$FRIENDICA_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME rm "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database friendica drop_database friendica
function_check remove_onion_service function_check remove_onion_service
remove_onion_service friendica ${FRIENDICA_ONION_PORT} remove_onion_service friendica ${FRIENDICA_ONION_PORT}
sed -i '/friendica/d' $COMPLETION_FILE sed -i '/friendica/d' "$COMPLETION_FILE"
sed -i '/poller.php/d' /etc/crontab sed -i '/poller.php/d' /etc/crontab
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $FRIENDICA_DOMAIN_NAME remove_ddns_domain "$FRIENDICA_DOMAIN_NAME"
} }
function install_friendica { function install_friendica {
if [ ! $FRIENDICA_DOMAIN_NAME ]; then if [ ! "$FRIENDICA_DOMAIN_NAME" ]; then
return return
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
return return
fi fi
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
function_check install_mariadb function_check install_mariadb
install_mariadb install_mariadb
@ -354,38 +356,38 @@ function install_friendica {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached apt-get -yq install php-memcached
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
mkdir /var/www/$FRIENDICA_DOMAIN_NAME mkdir "/var/www/$FRIENDICA_DOMAIN_NAME"
fi fi
if [ ! -d $FRIENDICA_PATH ]; then if [ ! -d "$FRIENDICA_PATH" ]; then
mkdir $FRIENDICA_PATH mkdir "$FRIENDICA_PATH"
fi fi
if [ ! -f $FRIENDICA_PATH/index.php ]; then if [ ! -f "$FRIENDICA_PATH/index.php" ]; then
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 2346824864
if [ -d /repos/friendica ]; then if [ -d /repos/friendica ]; then
mkdir friendica mkdir friendica
cp -r -p /repos/friendica/. friendica cp -r -p /repos/friendica/. friendica
cd friendica cd friendica || exit 24682462
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $FRIENDICA_REPO friendica git_clone "$FRIENDICA_REPO" friendica
fi fi
git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
set_completion_param "friendica commit" "$FRIENDICA_COMMIT" set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
rm -rf $FRIENDICA_PATH rm -rf "$FRIENDICA_PATH"
mv friendica $FRIENDICA_PATH mv friendica "$FRIENDICA_PATH"
git_clone $FRIENDICA_ADDONS_REPO $FRIENDICA_PATH/addon git_clone "$FRIENDICA_ADDONS_REPO" "$FRIENDICA_PATH/addon"
cd $FRIENDICA_PATH/addon cd "$FRIENDICA_PATH/addon" || exit 34835685
git checkout $FRIENDICA_ADDONS_COMMIT -b $FRIENDICA_ADDONS_COMMIT git checkout "$FRIENDICA_ADDONS_COMMIT" -b "$FRIENDICA_ADDONS_COMMIT"
set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT"
chown -R www-data:www-data $FRIENDICA_PATH chown -R www-data:www-data "$FRIENDICA_PATH"
fi fi
FRIENDICA_ONION_HOSTNAME= FRIENDICA_ONION_HOSTNAME=
@ -400,158 +402,158 @@ function install_friendica {
fi fi
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $FRIENDICA_DOMAIN_NAME add_ddns_domain "$FRIENDICA_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $FRIENDICA_DOMAIN_NAME nginx_http_redirect "$FRIENDICA_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " root $FRIENDICA_PATH;";
echo " server_name $FRIENDICA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " server_name $FRIENDICA_DOMAIN_NAME;";
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' charset utf-8;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $FRIENDICA_DOMAIN_NAME nginx_ssl "$FRIENDICA_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $FRIENDICA_DOMAIN_NAME nginx_limits "$FRIENDICA_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $FRIENDICA_DOMAIN_NAME nginx_limits "$FRIENDICA_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_read_timeout 300;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
else else
echo 'server {' > /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;";
echo " root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " root $FRIENDICA_PATH;";
echo " server_name $FRIENDICA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " server_name $FRIENDICA_ONION_HOSTNAME;";
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' charset utf-8;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' access_log /dev/null;';
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
nginx_limits $FRIENDICA_DOMAIN_NAME nginx_limits "$FRIENDICA_DOMAIN_NAME"
nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
nginx_limits $FRIENDICA_DOMAIN_NAME nginx_limits "$FRIENDICA_DOMAIN_NAME"
nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' fastcgi_read_timeout 300;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
fi fi
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $FRIENDICA_DOMAIN_NAME 'yes' create_site_certificate "$FRIENDICA_DOMAIN_NAME" 'yes'
if [ ! -d $FRIENDICA_PATH/view/tpl/smarty3 ]; then if [ ! -d "$FRIENDICA_PATH/view/tpl/smarty3" ]; then
mkdir $FRIENDICA_PATH/view/tpl/smarty3 mkdir "$FRIENDICA_PATH/view/tpl/smarty3"
fi fi
if [ ! -d "$FRIENDICA_PATH/store" ]; then if [ ! -d "$FRIENDICA_PATH/store" ]; then
mkdir "$FRIENDICA_PATH/store" mkdir "$FRIENDICA_PATH/store"
@ -563,9 +565,9 @@ function install_friendica {
mkdir "$FRIENDICA_PATH/store/[data]/smarty3" mkdir "$FRIENDICA_PATH/store/[data]/smarty3"
chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3" chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3"
fi fi
chmod 1777 $FRIENDICA_PATH/view/tpl chmod 1777 "$FRIENDICA_PATH/view/tpl"
chown -R www-data:www-data "$FRIENDICA_PATH/store" chown -R www-data:www-data "$FRIENDICA_PATH/store"
chmod 1777 $FRIENDICA_PATH/view/tpl/smarty3 chmod 1777 "$FRIENDICA_PATH/view/tpl/smarty3"
# Ensure that the database gets backed up locally, if remote # Ensure that the database gets backed up locally, if remote
# backups are not being used # backups are not being used
@ -575,55 +577,55 @@ function install_friendica {
function_check backup_database_local function_check backup_database_local
backup_database_local friendica backup_database_local friendica
chown -R www-data:www-data $FRIENDICA_PATH chown -R www-data:www-data "$FRIENDICA_PATH"
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $FRIENDICA_DOMAIN_NAME nginx_ensite "$FRIENDICA_DOMAIN_NAME"
# initialize the database # initialize the database
if [ ! -f $FRIENDICA_PATH/database.sql ]; then if [ ! -f "$FRIENDICA_PATH/database.sql" ]; then
echo $'No database schema found for friendica' echo $'No database schema found for friendica'
exit 252782 exit 252782
fi fi
function_check initialise_database function_check initialise_database
initialise_database friendica $FRIENDICA_PATH/database.sql initialise_database friendica "$FRIENDICA_PATH/database.sql"
# create the config file # create the config file
echo '<?php' > $FRIENDICA_PATH/.htconfig.php { echo '<?php';
echo "\$db_host = 'localhost';" >> $FRIENDICA_PATH/.htconfig.php echo "\$db_host = 'localhost';";
echo "\$db_user = 'root';" >> $FRIENDICA_PATH/.htconfig.php echo "\$db_user = 'root';";
echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $FRIENDICA_PATH/.htconfig.php echo "\$db_pass = '${MARIADB_PASSWORD}';";
echo "\$db_data = 'friendica';" >> $FRIENDICA_PATH/.htconfig.php echo "\$db_data = 'friendica';";
echo "\$default_timezone = 'Europe/London';" >> $FRIENDICA_PATH/.htconfig.php echo "\$default_timezone = 'Europe/London';"; } > "$FRIENDICA_PATH/.htconfig.php"
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
else else
echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
fi fi
echo "\$a->config['sitename'] = \"Friendica\";" >> $FRIENDICA_PATH/.htconfig.php { echo "\$a->config['sitename'] = \"Friendica\";";
echo "\$a->config['register_policy'] = REGISTER_OPEN;" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['register_policy'] = REGISTER_OPEN;";
echo "\$a->config['register_text'] = '';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['register_text'] = '';";
echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';";
echo "\$a->config['system']['no_regfullname'] = true;" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['no_regfullname'] = true;";
echo "\$a->config['max_import_size'] = 200000;" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['max_import_size'] = 200000;";
echo "\$a->config['system']['maximagesize'] = 800000;" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['maximagesize'] = 800000;";
echo "\$a->config['php_path'] = '/usr/bin/php';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['php_path'] = '/usr/bin/php';";
echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';";
echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';";
echo "\$a->config['system']['theme'] = 'vier';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['theme'] = 'vier';";
echo "\$a->config['system']['huburl'] = '[internal]';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['huburl'] = '[internal]';";
echo "\$a->config['system']['language'] = 'en';" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['language'] = 'en';";
echo "\$a->config['system']['rino_encrypt'] = 2;" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['rino_encrypt'] = 2;";
echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');" >> $FRIENDICA_PATH/.htconfig.php echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');"; } >> "$FRIENDICA_PATH/.htconfig.php"
chown www-data:www-data $FRIENDICA_PATH/.htconfig.php chown www-data:www-data "$FRIENDICA_PATH/.htconfig.php"
chmod 755 $FRIENDICA_PATH/.htconfig.php chmod 755 "$FRIENDICA_PATH/.htconfig.php"
systemctl restart mariadb systemctl restart mariadb
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
systemctl restart cron systemctl restart cron
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}" set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}"
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -48,14 +48,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
function ghost_bust { function ghost_bust {
# kill the started ghost process # kill the started ghost process
kill_pid=$(ps aux | grep "ghost run" | awk -F ' ' '{print $2}' | head -n 1) kill_pid=$(pgrep "ghost run" | head -n 1)
kill -9 $kill_pid kill -9 "$kill_pid"
kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1) kill_pid=$(pgrep "ghost" | head -n 1)
kill -9 $kill_pid kill -9 "$kill_pid"
kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1) kill_pid=$(pgrep "ghost" | head -n 1)
kill -9 $kill_pid kill -9 "$kill_pid"
} }
function logging_on_ghost { function logging_on_ghost {
@ -77,9 +77,9 @@ function ghost_replace_jquery {
sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
cd /var/www/${GHOST_DOMAIN_NAME}/htdocs/current cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368
find ./ -type f -exec sed -i -e 's|https://code.jquery.com|$curr_domain|g' {} \; find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \;
find ./ -type f -exec sed -i -e 's|http://code.jquery.com|$curr_domain|g' {} \; find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \;
} }
function ghost_rss_button { function ghost_rss_button {
@ -98,14 +98,14 @@ function ghost_remove_offsite_links {
ghost_rss_button ghost_rss_button
# remove google font links # remove google font links
cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424
find ./ -type f -exec sed -i -e 's/fonts.googleapis.com/$curr_domain/g' {} \; find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \;
# copy jquery locally # copy jquery locally
previous_jquery_version='1.12.0' previous_jquery_version='1.12.0'
jquery_version='1.12.4' jquery_version='1.12.4'
if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
cd /var/www/$GHOST_DOMAIN_NAME/htdocs cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824
wget https://code.jquery.com/jquery-${jquery_version}.js wget https://code.jquery.com/jquery-${jquery_version}.js
jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@ -119,27 +119,27 @@ function ghost_remove_offsite_links {
} }
function ghost_replace_proprietary_services { function ghost_replace_proprietary_services {
replace_file=$1 replace_file="$1"
sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file"
sed -i 's|Twitter profile|GNU Social Profile|g' $replace_file sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file"
sed -i 's|Twitter Username|GNU Social Username|g' $replace_file sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file"
sed -i 's|twitter.com|quitter.se|g' $replace_file sed -i 's|twitter.com|quitter.se|g' "$replace_file"
sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file"
sed -i 's|Facebook Profile|Hubzilla Channel|g' $replace_file sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file"
sed -i 's|Facebook profile|Hubzilla Channel|g' $replace_file sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file"
sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file"
sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file"
sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file"
sed -i 's|facebook value|hubzilla value|g' $replace_file sed -i 's|facebook value|hubzilla value|g' "$replace_file"
sed -i '/<section class="share">/,/<\/section>/d' $replace_file sed -i '/<section class="share">/,/<\/section>/d' "$replace_file"
} }
function ghost_replace_services { function ghost_replace_services {
@ -163,7 +163,7 @@ function add_user_ghost {
} }
function install_interactive_ghost { function install_interactive_ghost {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -178,13 +178,13 @@ function install_interactive_ghost {
} }
function change_password_ghost { function change_password_ghost {
GHOST_USERNAME="$1" #GHOST_USERNAME="$1"
GHOST_PASSWORD="$2" GHOST_PASSWORD="$2"
if [ ${#GHOST_PASSWORD} -lt 8 ]; then if [ ${#GHOST_PASSWORD} -lt 8 ]; then
echo $'Ghost password is too short' echo $'Ghost password is too short'
return return
fi fi
#${PROJECT_NAME}-pass -u $GHOST_USERNAME -a ghost -p "$GHOST_PASSWORD" #"${PROJECT_NAME}-pass" -u "$GHOST_USERNAME" -a ghost -p "$GHOST_PASSWORD"
} }
function reconfigure_ghost { function reconfigure_ghost {
@ -206,7 +206,7 @@ function upgrade_ghost {
systemctl stop ghost systemctl stop ghost
ghost_bust ghost_bust
cd /var/www/$GHOST_DOMAIN_NAME/htdocs cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468463
npm i -g ghost-cli npm i -g ghost-cli
/usr/local/bin/ghost update & /usr/local/bin/ghost update &
@ -220,26 +220,26 @@ function upgrade_ghost {
chown -R root:root /usr/local/lib chown -R root:root /usr/local/lib
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
systemctl restart ghost systemctl restart ghost
sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE} sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
} }
function backup_local_ghost { function backup_local_ghost {
GHOST_DOMAIN_NAME='ghost.local' GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain") GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi fi
suspend_site ${GHOST_DOMAIN_NAME} suspend_site "${GHOST_DOMAIN_NAME}"
systemctl stop ghost systemctl stop ghost
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $ghost_path ]; then if [ -d "$ghost_path" ]; then
backup_directory_to_usb $ghost_path ghostcontent backup_directory_to_usb "$ghost_path" ghostcontent
fi fi
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $ghost_path ]; then if [ -d "$ghost_path" ]; then
backup_directory_to_usb $ghost_path ghostcurrent backup_directory_to_usb "$ghost_path" ghostcurrent
fi fi
systemctl start ghost systemctl start ghost
@ -248,26 +248,26 @@ function backup_local_ghost {
function restore_local_ghost { function restore_local_ghost {
GHOST_DOMAIN_NAME='ghost.local' GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain") GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi fi
if [ $GHOST_DOMAIN_NAME ]; then if [ "$GHOST_DOMAIN_NAME" ]; then
suspend_site ${GHOST_DOMAIN_NAME} suspend_site "${GHOST_DOMAIN_NAME}"
systemctl stop ghost systemctl stop ghost
temp_restore_dir=/root/tempghostcontent temp_restore_dir=/root/tempghostcontent
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ghostcontent restore_directory_from_usb $temp_restore_dir ghostcontent
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
else else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
fi fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
fi fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -275,15 +275,15 @@ function restore_local_ghost {
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ghostcurrent restore_directory_from_usb $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/ cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
else else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
fi fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/ cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
fi fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -294,15 +294,15 @@ function restore_local_ghost {
function backup_remote_ghost { function backup_remote_ghost {
GHOST_DOMAIN_NAME='ghost.local' GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain") GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi fi
suspend_site ${GHOST_DOMAIN_NAME} suspend_site "${GHOST_DOMAIN_NAME}"
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
backup_directory_to_friend $temp_backup_dir ghostcontent backup_directory_to_friend "$temp_backup_dir" ghostcontent
else else
restart_site restart_site
echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}" echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
@ -310,8 +310,8 @@ function backup_remote_ghost {
fi fi
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
backup_directory_to_friend $temp_backup_dir ghostcurrent backup_directory_to_friend "$temp_backup_dir" ghostcurrent
else else
restart_site restart_site
echo $"Ghost domain specified but not found in $temp_backup_dir" echo $"Ghost domain specified but not found in $temp_backup_dir"
@ -323,10 +323,10 @@ function backup_remote_ghost {
function restore_remote_ghost { function restore_remote_ghost {
GHOST_DOMAIN_NAME='ghost.local' GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain") GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi fi
suspend_site ${GHOST_DOMAIN_NAME} suspend_site "${GHOST_DOMAIN_NAME}"
systemctl stop ghost systemctl stop ghost
@ -334,15 +334,15 @@ function restore_remote_ghost {
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ghostcontent restore_directory_from_friend $temp_restore_dir ghostcontent
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
else else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
fi fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
fi fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -350,15 +350,15 @@ function restore_remote_ghost {
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ghostcurrent restore_directory_from_friend $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/ cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
else else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
fi fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/ cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
fi fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -382,27 +382,27 @@ function remove_ghost {
remove_nodejs ghost remove_nodejs ghost
read_config_param "GHOST_DOMAIN_NAME" read_config_param "GHOST_DOMAIN_NAME"
nginx_dissite $GHOST_DOMAIN_NAME nginx_dissite "$GHOST_DOMAIN_NAME"
remove_certs ${GHOST_DOMAIN_NAME} remove_certs "${GHOST_DOMAIN_NAME}"
if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME"
fi fi
if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then if [ -d "/var/www/$GHOST_DOMAIN_NAME" ]; then
rm -rf /var/www/$GHOST_DOMAIN_NAME rm -rf "/var/www/$GHOST_DOMAIN_NAME"
fi fi
remove_config_param GHOST_DOMAIN_NAME remove_config_param GHOST_DOMAIN_NAME
remove_config_param GHOST_CODE remove_config_param GHOST_CODE
function_check remove_onion_service function_check remove_onion_service
remove_onion_service ghost ${GHOST_ONION_PORT} remove_onion_service ghost ${GHOST_ONION_PORT}
remove_completion_param "install_ghost" remove_completion_param "install_ghost"
sed -i '/Ghost/d' $COMPLETION_FILE sed -i '/Ghost/d' "$COMPLETION_FILE"
sed -i '/ghost/d' $COMPLETION_FILE sed -i '/ghost/d' "$COMPLETION_FILE"
groupdel -f ghost groupdel -f ghost
userdel -r ghost userdel -r ghost
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $GHOST_DOMAIN_NAME remove_ddns_domain "$GHOST_DOMAIN_NAME"
} }
function install_ghost { function install_ghost {
@ -412,7 +412,7 @@ function install_ghost {
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $GHOST_DOMAIN_NAME ]; then if [ ! "$GHOST_DOMAIN_NAME" ]; then
echo $'The ghost domain name was not specified' echo $'The ghost domain name was not specified'
exit 5062 exit 5062
fi fi
@ -420,10 +420,10 @@ function install_ghost {
# for the avatar changing command # for the avatar changing command
apt-get -yq install unzip wget apt-get -yq install unzip wget
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs" ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs"
fi fi
cd /var/www/$GHOST_DOMAIN_NAME/htdocs cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 26422842
function_check install_nodejs function_check install_nodejs
install_nodejs ghost install_nodejs ghost
@ -440,66 +440,66 @@ function install_ghost {
npm install -g yarn npm install -g yarn
yarn install --no-emoji --no-progress yarn install --no-emoji --no-progress
yarn cache clean yarn cache clean
adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost adduser --system --home="/var/www/${GHOST_DOMAIN_NAME}/htdocs/" --group ghost
rm -rf /var/www/$GHOST_DOMAIN_NAME/htdocs/* rm -rf "/var/www/$GHOST_DOMAIN_NAME/htdocs/*"
printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/versions ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions" ]; then
echo $'versions directory was not found' echo $'versions directory was not found'
exit 782523462 exit 782523462
fi fi
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
echo $'content directory was not found' echo $'content directory was not found'
exit 68352682 exit 68352682
fi fi
npm install -g knex-migrator npm install -g knex-migrator
if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js ]; then if [ ! -f "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" ]; then
echo $'MigratorConfig.js was not found' echo $'MigratorConfig.js was not found'
exit 62783538 exit 62783538
fi fi
cp /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js /var/www/$GHOST_DOMAIN_NAME/htdocs cp "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" "/var/www/$GHOST_DOMAIN_NAME/htdocs"
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 783452464
knex-migrator init knex-migrator init
ghost_bust ghost_bust
echo '{' > /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json echo '{' > "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
if [[ "$ONION_ONLY" == 'no' ]]; then if [[ "$ONION_ONLY" == 'no' ]]; then
# NOTE: url must be http, not https # NOTE: url must be http, not https
echo " \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json echo " \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
else else
echo " \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json echo " \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
fi fi
echo ' "paths": {' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json { echo ' "paths": {';
echo " \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"" >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json echo " \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"";
echo ' }' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json echo ' }';
echo '}' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json echo '}'; } >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
echo '[Unit]' > /etc/systemd/system/ghost.service { echo '[Unit]';
echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service echo 'Description=Ghost Blog';
echo 'After=syslog.target' >> /etc/systemd/system/ghost.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/ghost.service echo 'After=network.target';
echo '' >> /etc/systemd/system/ghost.service echo '';
echo '[Service]' >> /etc/systemd/system/ghost.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/ghost.service echo 'Type=simple';
echo 'User=ghost' >> /etc/systemd/system/ghost.service echo 'User=ghost';
echo 'Group=ghost' >> /etc/systemd/system/ghost.service echo 'Group=ghost';
echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs";
echo "ExecStart=/usr/local/bin/ghost run -D" >> /etc/systemd/system/ghost.service echo "ExecStart=/usr/local/bin/ghost run -D";
echo "ExecStop=/usr/local/bin/ghost stop" >> /etc/systemd/system/ghost.service echo "ExecStop=/usr/local/bin/ghost stop";
echo "ExecRestart=/usr/local/bin/ghost restart" >> /etc/systemd/system/ghost.service echo "ExecRestart=/usr/local/bin/ghost restart";
echo 'Restart=always' >> /etc/systemd/system/ghost.service echo 'Restart=always';
echo 'RestartSec=60' >> /etc/systemd/system/ghost.service echo 'RestartSec=60';
echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}";
echo '' >> /etc/systemd/system/ghost.service echo '';
echo '[Install]' >> /etc/systemd/system/ghost.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ghost.service
ghost_remove_offsite_links ghost_remove_offsite_links
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
systemctl enable ghost systemctl enable ghost
systemctl daemon-reload systemctl daemon-reload
@ -507,94 +507,94 @@ function install_ghost {
if [[ ${ONION_ONLY} == "no" ]]; then if [[ ${ONION_ONLY} == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect ${GHOST_DOMAIN_NAME} nginx_http_redirect "${GHOST_DOMAIN_NAME}"
echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' #listen [::]:443 ssl;';
echo " root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " root /var/www/${GHOST_DOMAIN_NAME}/htdocs;";
echo " server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " server_name ${GHOST_DOMAIN_NAME};";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " error_log /dev/null;";
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl ${GHOST_DOMAIN_NAME} nginx_ssl "${GHOST_DOMAIN_NAME}"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${GHOST_DOMAIN_NAME} nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} { echo ' add_header Strict-Transport-Security max-age=0;';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_limits function_check nginx_limits
nginx_limits ${GHOST_DOMAIN_NAME} '10G' nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
echo " proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} { echo " proxy_pass http://localhost:${GHOST_PORT};";
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' fastcgi_buffers 64 4K;';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' error_page 404 /core/templates/404.php;';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' location = /robots.txt {';
echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' allow all;';
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' log_not_found off;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;';
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }';
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '}';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
else else
echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo -n '' > "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
fi fi
echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} { echo 'server {';
echo " listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " listen 127.0.0.1:${GHOST_ONION_PORT} default_server;";
echo " root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " root /var/www/$GHOST_DOMAIN_NAME/htdocs;";
echo " server_name $GHOST_ONION_HOSTNAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " server_name $GHOST_ONION_HOSTNAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo " error_log /dev/null;";
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${GHOST_DOMAIN_NAME} nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} { echo ' add_header Strict-Transport-Security max-age=0;';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_limits function_check nginx_limits
nginx_limits ${GHOST_DOMAIN_NAME} '10G' nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
echo " proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} { echo " proxy_pass http://localhost:${GHOST_PORT};";
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' fastcgi_buffers 64 4K;';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' error_page 404 /core/templates/404.php;';
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '';
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' location = /robots.txt {';
echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' allow all;';
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' log_not_found off;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;';
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }';
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '}'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $GHOST_DOMAIN_NAME 'yes' create_site_certificate "$GHOST_DOMAIN_NAME" 'yes'
ghost_replace_services ghost_replace_services
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $GHOST_DOMAIN_NAME nginx_ensite "$GHOST_DOMAIN_NAME"
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a ghost -p "$GHOST_ADMIN_PASSWORD"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $GHOST_DOMAIN_NAME add_ddns_domain "$GHOST_DOMAIN_NAME"
chown root:root /usr/local/bin/ghost chown root:root /usr/local/bin/ghost
chown -R root:root /usr/local/lib chown -R root:root /usr/local/lib
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME" set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
if ! grep -q "ghost version:" ${COMPLETION_FILE}; then if ! grep -q "ghost version:" "${COMPLETION_FILE}"; then
echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE} echo "ghost version:${GHOST_VERSION}" >> "${COMPLETION_FILE}"
else else
sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE} sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
fi fi
APP_INSTALLED=1 APP_INSTALLED=1

File diff suppressed because it is too large Load Diff

View File

@ -127,14 +127,14 @@ function gogs_parameters {
} }
function gogs_create_database { function gogs_create_database {
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" GIT_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! ${GIT_ADMIN_PASSWORD} ]; then if [ ! "${GIT_ADMIN_PASSWORD}" ]; then
GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" GIT_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $GIT_ADMIN_PASSWORD ]; then if [ ! "$GIT_ADMIN_PASSWORD" ]; then
return return
fi fi
@ -147,7 +147,7 @@ function reconfigure_gogs {
} }
function upgrade_gogs { function upgrade_gogs {
if ! grep -q 'gogs version:' $COMPLETION_FILE; then if ! grep -q 'gogs version:' "$COMPLETION_FILE"; then
return return
fi fi
@ -160,24 +160,24 @@ function upgrade_gogs {
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
cp $GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"
if [ -d $INSTALL_DIR/gogs-repositories ]; then if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
rm -rf $INSTALL_DIR/gogs-repositories rm -rf "$INSTALL_DIR/gogs-repositories"
fi fi
if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
mv /home/${GOGS_USERNAME}/gogs-repositories $INSTALL_DIR mv "/home/${GOGS_USERNAME}/gogs-repositories" "$INSTALL_DIR"
fi fi
gogs_parameters gogs_parameters
echo "gogs binary upgrade: ${GOGS_BIN}" echo "gogs binary upgrade: ${GOGS_BIN}"
if [ ! -d ${INSTALL_DIR} ]; then if [ ! -d "${INSTALL_DIR}" ]; then
mkdir -p ${INSTALL_DIR} mkdir -p "${INSTALL_DIR}"
fi fi
cd ${INSTALL_DIR} cd "${INSTALL_DIR}" || exit 26784427
if [ -d ${INSTALL_DIR}/gogs ]; then if [ -d "${INSTALL_DIR}/gogs" ]; then
rm -rf ${INSTALL_DIR}/gogs rm -rf "${INSTALL_DIR}/gogs"
fi fi
GOGS_FILE=linux_${CURR_ARCH}.tar.gz GOGS_FILE=linux_${CURR_ARCH}.tar.gz
if [ ! -f ${GOGS_FILE} ]; then if [ ! -f ${GOGS_FILE} ]; then
@ -196,13 +196,13 @@ function upgrade_gogs {
unzip -o ${GOGS_FILE} unzip -o ${GOGS_FILE}
fi fi
else else
tar -xzf ${INSTALL_DIR}/${GOGS_FILE} tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
fi fi
if [ ! -d ${INSTALL_DIR}/gogs ]; then if [ ! -d "${INSTALL_DIR}/gogs" ]; then
exit 37823 exit 37823
fi fi
rm -rf /home/${GOGS_USERNAME}/* rm -rf "/home/${GOGS_USERNAME:?}/"*
cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME} cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
if [ -f ${GOGS_FILE} ]; then if [ -f ${GOGS_FILE} ]; then
rm ${GOGS_FILE} rm ${GOGS_FILE}
fi fi
@ -211,31 +211,31 @@ function upgrade_gogs {
mkdir -p ${GOGS_CONFIG_PATH} mkdir -p ${GOGS_CONFIG_PATH}
fi fi
cp $INSTALL_DIR/gogs_config.ini $GOGS_CONFIG_FILE cp "$INSTALL_DIR/gogs_config.ini" "$GOGS_CONFIG_FILE"
if [ ! -f $GOGS_CONFIG_FILE ]; then if [ ! -f $GOGS_CONFIG_FILE ]; then
echo $'Gogs ini file not upgraded' echo $'Gogs ini file not upgraded'
exit 873535 exit 873535
fi fi
rm $INSTALL_DIR/gogs_config.ini rm "$INSTALL_DIR/gogs_config.ini"
if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
rm -rf /home/${GOGS_USERNAME}/gogs-repositories rm -rf /home/${GOGS_USERNAME}/gogs-repositories
fi fi
if [ -d $INSTALL_DIR/gogs-repositories ]; then if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
mv $INSTALL_DIR/gogs-repositories /home/${GOGS_USERNAME}/gogs-repositories mv "$INSTALL_DIR/gogs-repositories" "/home/${GOGS_USERNAME}/gogs-repositories"
fi fi
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME} chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE} sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" "${COMPLETION_FILE}"
systemctl restart mariadb systemctl restart mariadb
systemctl restart gogs systemctl restart gogs
} }
function backup_local_gogs { function backup_local_gogs {
if ! grep -q "gogs domain" ${COMPLETION_FILE}; then if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
return return
fi fi
if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
return return
fi fi
@ -245,15 +245,15 @@ function backup_local_gogs {
backup_database_to_usb gogs backup_database_to_usb gogs
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb /home/${GOGS_USERNAME}/custom gogs backup_directory_to_usb "/home/${GOGS_USERNAME}/custom" gogs
backup_directory_to_usb /home/${GOGS_USERNAME}/gogs-repositories gogsrepos backup_directory_to_usb "/home/${GOGS_USERNAME}/gogs-repositories" gogsrepos
backup_directory_to_usb /home/${GOGS_USERNAME}/.ssh gogsssh backup_directory_to_usb "/home/${GOGS_USERNAME}/.ssh" gogsssh
echo $"Gogs backup complete" echo $"Gogs backup complete"
} }
function restore_local_gogs { function restore_local_gogs {
if ! grep -q "gogs domain" ${COMPLETION_FILE}; then if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
return return
fi fi
@ -261,22 +261,23 @@ function restore_local_gogs {
function_check gogs_create_database function_check gogs_create_database
gogs_create_database gogs_create_database
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"
function_check restore_database function_check restore_database
restore_database gogs ${GIT_DOMAIN_NAME} restore_database gogs "${GIT_DOMAIN_NAME}"
temp_restore_dir=/root/tempgogs temp_restore_dir=/root/tempgogs
if [ -d ${USB_MOUNT}/backup/gogs ]; then if [ -d "${USB_MOUNT}/backup/gogs" ]; then
echo $"Restoring Gogs settings" echo $"Restoring Gogs settings"
if [ ! -d $GOGS_CONFIG_PATH ]; then if [ ! -d $GOGS_CONFIG_PATH ]; then
mkdir -p $GOGS_CONFIG_PATH mkdir -p $GOGS_CONFIG_PATH
fi fi
if [ -d /root/tempgogs/home/${GOGS_USERNAME}/custom ]; then if [ -d "/root/tempgogs/home/${GOGS_USERNAME}/custom" ]; then
cp -r /root/tempgogs/home/${GOGS_USERNAME}/custom/* /home/${GOGS_USERNAME}/custom/ cp -r "/root/tempgogs/home/${GOGS_USERNAME}/custom/*" "/home/${GOGS_USERNAME}/custom/"
else else
cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/ cp -r "/root/tempgogs/*" "/home/${GOGS_USERNAME}/custom/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -286,15 +287,16 @@ function restore_local_gogs {
fi fi
echo $"Restoring Gogs repos" echo $"Restoring Gogs repos"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir}repos gogsrepos restore_directory_from_usb "${temp_restore_dir}repos" gogsrepos
if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
mkdir /home/${GOGS_USERNAME}/gogs-repositories mkdir "/home/${GOGS_USERNAME}/gogs-repositories"
fi fi
if [ -d ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories ]; then if [ -d "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories" ]; then
cp -r ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/* /home/${GOGS_USERNAME}/gogs-repositories/ cp -r "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
else else
cp -r ${temp_restore_dir}repos/* /home/${GOGS_USERNAME}/gogs-repositories/ cp -r "${temp_restore_dir}repos/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -313,6 +315,7 @@ function restore_local_gogs {
else else
cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/ cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -326,7 +329,7 @@ function restore_local_gogs {
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME} chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE} sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
MARIADB_PASSWORD= MARIADB_PASSWORD=
systemctl restart gogs systemctl restart gogs
@ -363,7 +366,7 @@ function backup_remote_gogs {
} }
function restore_remote_gogs { function restore_remote_gogs {
if grep -q "gogs domain" $COMPLETION_FILE; then if grep -q "gogs domain" "$COMPLETION_FILE"; then
GIT_DOMAIN_NAME=$(get_completion_param "gogs domain") GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
function_check gogs_create_database function_check gogs_create_database
@ -373,8 +376,8 @@ function restore_remote_gogs {
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
function_check restore_database_from_friend function_check restore_database_from_friend
restore_database_from_friend gogs ${GIT_DOMAIN_NAME} restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
if [ -d ${SERVER_DIRECTORY}/backup/gogs ]; then if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
if [ ! -d $GOGS_CONFIG_PATH ]; then if [ ! -d $GOGS_CONFIG_PATH ]; then
mkdir -p $GOGS_CONFIG_PATH mkdir -p $GOGS_CONFIG_PATH
fi fi
@ -383,6 +386,7 @@ function restore_remote_gogs {
else else
cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/ cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 58852 exit 58852
fi fi
@ -396,6 +400,7 @@ function restore_remote_gogs {
else else
cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/ cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 7649 exit 7649
fi fi
@ -409,6 +414,7 @@ function restore_remote_gogs {
else else
cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/ cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 74239 exit 74239
fi fi
@ -419,7 +425,7 @@ function restore_remote_gogs {
echo $"Restore of Gogs complete" echo $"Restore of Gogs complete"
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE} sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
MARIADB_PASSWORD= MARIADB_PASSWORD=
systemctl restart gogs systemctl restart gogs
@ -433,33 +439,33 @@ function remove_gogs {
systemctl stop gogs systemctl stop gogs
systemctl disable gogs systemctl disable gogs
nginx_dissite ${GIT_DOMAIN_NAME} nginx_dissite "${GIT_DOMAIN_NAME}"
remove_certs ${GIT_DOMAIN_NAME} remove_certs "${GIT_DOMAIN_NAME}"
if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
rm -rf /var/www/${GIT_DOMAIN_NAME} rm -rf "/var/www/${GIT_DOMAIN_NAME}"
fi fi
if [ -f /etc/nginx/sites-available/${GIT_DOMAIN_NAME} ]; then if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
rm /etc/nginx/sites-available/${GIT_DOMAIN_NAME} rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
fi fi
function_check drop_database function_check drop_database
drop_database gogs drop_database gogs
rm /etc/systemd/system/gogs.service rm /etc/systemd/system/gogs.service
systemctl daemon-reload systemctl daemon-reload
rm -rf /home/${GOGS_USERNAME}/* rm -rf "/home/${GOGS_USERNAME:?}/"*
remove_onion_service gogs ${GIT_ONION_PORT} 9418 remove_onion_service gogs ${GIT_ONION_PORT} 9418
remove_completion_param "install_gogs" remove_completion_param "install_gogs"
sed -i '/gogs /d' $COMPLETION_FILE sed -i '/gogs /d' "$COMPLETION_FILE"
remove_backup_database_local gogs remove_backup_database_local gogs
groupdel -f gogs groupdel -f gogs
userdel -r gogs userdel -r gogs
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $GIT_DOMAIN_NAME remove_ddns_domain "$GIT_DOMAIN_NAME"
} }
function install_gogs { function install_gogs {
if [ ! $GIT_DOMAIN_NAME ]; then if [ ! "$GIT_DOMAIN_NAME" ]; then
return return
fi fi
@ -474,14 +480,14 @@ function install_gogs {
gogs_parameters gogs_parameters
if [ ! -d ${INSTALL_DIR} ]; then if [ ! -d "${INSTALL_DIR}" ]; then
mkdir -p ${INSTALL_DIR} mkdir -p "${INSTALL_DIR}"
fi fi
cd ${INSTALL_DIR} cd "${INSTALL_DIR}" || exit 24682467284
if [ -d $INSTALL_DIR/gogs ]; then if [ -d "$INSTALL_DIR/gogs" ]; then
rm -rf $INSTALL_DIR/gogs rm -rf "$INSTALL_DIR/gogs"
fi fi
GOGS_FILE=linux_${CURR_ARCH}.tar.gz GOGS_FILE="linux_${CURR_ARCH}.tar.gz"
if [ ! -f ${GOGS_FILE} ]; then if [ ! -f ${GOGS_FILE} ]; then
wget ${GOGS_BIN} wget ${GOGS_BIN}
fi fi
@ -496,13 +502,13 @@ function install_gogs {
unzip -o ${GOGS_FILE} unzip -o ${GOGS_FILE}
fi fi
else else
tar -xzf ${INSTALL_DIR}/${GOGS_FILE} tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
fi fi
if [ ! -d ${INSTALL_DIR}/gogs ]; then if [ ! -d "${INSTALL_DIR}/gogs" ]; then
exit 37823 exit 37823
fi fi
rm -rf /home/${GOGS_USERNAME}/* rm -rf "/home/${GOGS_USERNAME:?}/"*
cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME} cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
if [ -f ${GOGS_FILE} ]; then if [ -f ${GOGS_FILE} ]; then
rm ${GOGS_FILE} rm ${GOGS_FILE}
fi fi
@ -512,9 +518,10 @@ function install_gogs {
exit 345562 exit 345562
fi fi
echo "export GOROOT=/home/go" >> /home/${GOGS_USERNAME}/.bashrc { echo "export GOROOT=/home/go";
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> /home/${GOGS_USERNAME}/.bashrc # shellcheck disable=SC2153
echo 'export PATH=$PATH:$GOPATH' >> /home/${GOGS_USERNAME}/.bashrc echo "export GOPATH=\${GOROOT}/go${GO_VERSION}/bin";
echo "export PATH=\$PATH:\$GOPATH"; } >> "/home/${GOGS_USERNAME}/.bashrc"
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME} chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
function_check install_mariadb function_check install_mariadb
@ -536,122 +543,122 @@ function install_gogs {
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME} chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
echo '[Unit]' > /etc/systemd/system/gogs.service { echo '[Unit]';
echo 'Description=Gogs (Go Git Service)' >> /etc/systemd/system/gogs.service echo 'Description=Gogs (Go Git Service)';
echo 'After=syslog.target' >> /etc/systemd/system/gogs.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/gogs.service echo 'After=network.target';
echo 'After=mysqld.service' >> /etc/systemd/system/gogs.service echo 'After=mysqld.service';
echo '' >> /etc/systemd/system/gogs.service echo '';
echo '[Service]' >> /etc/systemd/system/gogs.service echo '[Service]';
echo '#LimitMEMLOCK=infinity' >> /etc/systemd/system/gogs.service echo '#LimitMEMLOCK=infinity';
echo '#LimitNOFILE=65535' >> /etc/systemd/system/gogs.service echo '#LimitNOFILE=65535';
echo 'Type=simple' >> /etc/systemd/system/gogs.service echo 'Type=simple';
echo 'User=gogs' >> /etc/systemd/system/gogs.service echo 'User=gogs';
echo 'Group=gogs' >> /etc/systemd/system/gogs.service echo 'Group=gogs';
echo "WorkingDirectory=/home/${GOGS_USERNAME}" >> /etc/systemd/system/gogs.service echo "WorkingDirectory=/home/${GOGS_USERNAME}";
echo "ExecStart=/home/${GOGS_USERNAME}/gogs web" >> /etc/systemd/system/gogs.service echo "ExecStart=/home/${GOGS_USERNAME}/gogs web";
echo 'Restart=always' >> /etc/systemd/system/gogs.service echo 'Restart=always';
echo 'RestartSec=10' >> /etc/systemd/system/gogs.service echo 'RestartSec=10';
echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"" >> /etc/systemd/system/gogs.service echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"";
echo '' >> /etc/systemd/system/gogs.service echo '';
echo '[Install]' >> /etc/systemd/system/gogs.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gogs.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/gogs.service
systemctl enable gogs systemctl enable gogs
systemctl daemon-reload systemctl daemon-reload
systemctl start gogs systemctl start gogs
if [ ! -d /var/www/${GIT_DOMAIN_NAME} ]; then if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
mkdir /var/www/${GIT_DOMAIN_NAME} mkdir "/var/www/${GIT_DOMAIN_NAME}"
fi fi
if [ -d /var/www/${GIT_DOMAIN_NAME}/htdocs ]; then if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
rm -rf /var/www/${GIT_DOMAIN_NAME}/htdocs rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
fi fi
if [[ ${ONION_ONLY} == "no" ]]; then if [[ "${ONION_ONLY}" == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect ${GIT_DOMAIN_NAME} nginx_http_redirect "${GIT_DOMAIN_NAME}"
echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' #listen [::]:443 ssl;';
echo " root /var/www/${GIT_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
echo " server_name ${GIT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " server_name ${GIT_DOMAIN_NAME};";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " error_log /dev/null;";
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl ${GIT_DOMAIN_NAME} nginx_ssl "${GIT_DOMAIN_NAME}"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${GIT_DOMAIN_NAME} nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} { echo ' add_header Strict-Transport-Security max-age=0;';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_limits function_check nginx_limits
nginx_limits ${GIT_DOMAIN_NAME} '10G' nginx_limits "${GIT_DOMAIN_NAME}" '10G'
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} { echo ' proxy_pass http://localhost:3000;';
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' fastcgi_buffers 64 4K;';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' error_page 404 /core/templates/404.php;';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' location = /robots.txt {';
echo ' allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' allow all;';
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' log_not_found off;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;';
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }';
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '}';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
else else
echo -n '' > /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
fi fi
echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} { echo 'server {';
echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;";
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " server_name $GIT_DOMAIN_NAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo " error_log /dev/null;";
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${GIT_DOMAIN_NAME} nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} { echo ' add_header Strict-Transport-Security max-age=0;';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_limits function_check nginx_limits
nginx_limits ${GIT_DOMAIN_NAME} '10G' nginx_limits "${GIT_DOMAIN_NAME}" '10G'
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} { echo ' proxy_pass http://localhost:3000;';
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' fastcgi_buffers 64 4K;';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' error_page 404 /core/templates/404.php;';
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '';
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' location = /robots.txt {';
echo ' allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' allow all;';
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' log_not_found off;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;';
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }';
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate ${GIT_DOMAIN_NAME} 'yes' create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
nginx_ensite ${GIT_DOMAIN_NAME} nginx_ensite "${GIT_DOMAIN_NAME}"
if [ ! -d /var/lib/tor ]; then if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. Gogs onion site cannot be configured.' echo $'No Tor installation found. Gogs onion site cannot be configured.'
exit 877367 exit 877367
fi fi
if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
echo 'HiddenServiceVersion 3' >> /etc/tor/torrc echo 'HiddenServiceVersion 3';
echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
echo $'Added onion site for Gogs' echo $'Added onion site for Gogs'
fi fi
@ -670,34 +677,34 @@ function install_gogs {
set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME" set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain ${GIT_DOMAIN_NAME} add_ddns_domain "${GIT_DOMAIN_NAME}"
# obtain the secret key # obtain the secret key
GOGS_SECRET_KEY="$(create_password ${MINIMUM_PASSWORD_LENGTH})" GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
${PROJECT_NAME}-pass -u $MY_USERNAME -a gogs -p "*" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gogs -p "*"
# create the configuration # create the configuration
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
if [ ! -d ${GOGS_CONFIG_PATH} ]; then if [ ! -d ${GOGS_CONFIG_PATH} ]; then
mkdir -p ${GOGS_CONFIG_PATH} mkdir -p ${GOGS_CONFIG_PATH}
fi fi
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
echo "RUN_USER = $GOGS_USERNAME" > ${GOGS_CONFIG_FILE} { echo "RUN_USER = $GOGS_USERNAME";
echo 'RUN_MODE = prod' >> ${GOGS_CONFIG_FILE} echo 'RUN_MODE = prod';
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[database]' >> ${GOGS_CONFIG_FILE} echo '[database]';
echo 'DB_TYPE = mysql' >> ${GOGS_CONFIG_FILE} echo 'DB_TYPE = mysql';
echo 'HOST = 127.0.0.1:3306' >> ${GOGS_CONFIG_FILE} echo 'HOST = 127.0.0.1:3306';
echo 'NAME = gogs' >> ${GOGS_CONFIG_FILE} echo 'NAME = gogs';
echo 'USER = root' >> ${GOGS_CONFIG_FILE} echo 'USER = root';
echo "PASSWD = $MARIADB_PASSWORD" >> ${GOGS_CONFIG_FILE} echo "PASSWD = $MARIADB_PASSWORD";
echo 'SSL_MODE = disable' >> ${GOGS_CONFIG_FILE} echo 'SSL_MODE = disable';
echo 'PATH = data/gogs.db' >> ${GOGS_CONFIG_FILE} echo 'PATH = data/gogs.db';
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[repository]' >> ${GOGS_CONFIG_FILE} echo '[repository]';
echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories" >> ${GOGS_CONFIG_FILE} echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories";
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[server]' >> ${GOGS_CONFIG_FILE} echo '[server]'; } >> ${GOGS_CONFIG_FILE}
if [[ ${ONION_ONLY} == 'no' ]]; then if [[ ${ONION_ONLY} == 'no' ]]; then
echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE} echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE} echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
@ -705,51 +712,51 @@ function install_gogs {
echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE} echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE} echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
fi fi
echo 'HTTP_PORT = 3000' >> ${GOGS_CONFIG_FILE} { echo 'HTTP_PORT = 3000';
echo "SSH_PORT = $SSH_PORT" >> ${GOGS_CONFIG_FILE} echo "SSH_PORT = $SSH_PORT";
echo 'SSH_DOMAIN = %(DOMAIN)s' >> ${GOGS_CONFIG_FILE} echo 'SSH_DOMAIN = %(DOMAIN)s';
echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem" >> ${GOGS_CONFIG_FILE} echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key" >> ${GOGS_CONFIG_FILE} echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
echo 'DISABLE_ROUTER_LOG = true' >> ${GOGS_CONFIG_FILE} echo 'DISABLE_ROUTER_LOG = true';
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[session]' >> ${GOGS_CONFIG_FILE} echo '[session]';
echo 'PROVIDER = file' >> ${GOGS_CONFIG_FILE} echo 'PROVIDER = file';
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[log]' >> ${GOGS_CONFIG_FILE} echo '[log]';
echo 'MODE = file' >> ${GOGS_CONFIG_FILE} echo 'MODE = file';
echo 'LEVEL = Info' >> ${GOGS_CONFIG_FILE} echo 'LEVEL = Info';
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[security]' >> ${GOGS_CONFIG_FILE} echo '[security]';
echo 'INSTALL_LOCK = true' >> ${GOGS_CONFIG_FILE} echo 'INSTALL_LOCK = true';
echo "SECRET_KEY = $GOGS_SECRET_KEY" >> ${GOGS_CONFIG_FILE} echo "SECRET_KEY = $GOGS_SECRET_KEY";
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[service]' >> ${GOGS_CONFIG_FILE} echo '[service]';
echo 'DISABLE_REGISTRATION = false' >> ${GOGS_CONFIG_FILE} echo 'DISABLE_REGISTRATION = false';
echo 'SHOW_REGISTRATION_BUTTON = true' >> ${GOGS_CONFIG_FILE} echo 'SHOW_REGISTRATION_BUTTON = true';
echo 'REQUIRE_SIGNIN_VIEW = false' >> ${GOGS_CONFIG_FILE} echo 'REQUIRE_SIGNIN_VIEW = false';
echo 'ENABLE_CAPTCHA = false' >> ${GOGS_CONFIG_FILE} echo 'ENABLE_CAPTCHA = false';
echo '' >> ${GOGS_CONFIG_FILE} echo '';
echo '[other]' >> ${GOGS_CONFIG_FILE} echo '[other]';
echo 'SHOW_FOOTER_BRANDING = false' >> ${GOGS_CONFIG_FILE} echo 'SHOW_FOOTER_BRANDING = false';
echo 'SHOW_FOOTER_VERSION = false' >> ${GOGS_CONFIG_FILE} echo 'SHOW_FOOTER_VERSION = false'; } >> ${GOGS_CONFIG_FILE}
chmod 750 ${GOGS_CONFIG_FILE} chmod 750 ${GOGS_CONFIG_FILE}
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME} chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
systemctl restart gogs systemctl restart gogs
if ! grep -q "gogs domain:" ${COMPLETION_FILE}; then if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
echo "gogs domain:${GIT_DOMAIN_NAME}" >> ${COMPLETION_FILE} echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
else else
sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" ${COMPLETION_FILE} sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
fi fi
function_check configure_firewall_for_git function_check configure_firewall_for_git
configure_firewall_for_git configure_firewall_for_git
if ! grep -q "gogs version:" ${COMPLETION_FILE}; then if ! grep -q "gogs version:" "${COMPLETION_FILE}"; then
echo "gogs version:${GOGS_VERSION}" >> ${COMPLETION_FILE} echo "gogs version:${GOGS_VERSION}" >> "${COMPLETION_FILE}"
else else
sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" ${COMPLETION_FILE} sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" "${COMPLETION_FILE}"
fi fi
APP_INSTALLED=1 APP_INSTALLED=1
} }

View File

@ -69,18 +69,18 @@ function set_avatar_from_url {
fi fi
# download the image # download the image
cd $BASE_DIR/customimages cd "$BASE_DIR/customimages" || exit 2468246
# convert to png # convert to png
wget $AVATAR -O avatar wget "$AVATAR" -O avatar
if [[ $AVATAR == *".gif" ]]; then if [[ "$AVATAR" == *".gif" ]]; then
mv avatar avatar.gif mv avatar avatar.gif
mogrify -format png avatar.gif mogrify -format png avatar.gif
fi fi
if [[ $AVATAR == *".jpg" ]]; then if [[ "$AVATAR" == *".jpg" ]]; then
mv avatar avatar.jpg mv avatar avatar.jpg
mogrify -format png avatar.jpg mogrify -format png avatar.jpg
fi fi
if [[ $AVATAR == *".jpeg" ]]; then if [[ "$AVATAR" == *".jpeg" ]]; then
mv avatar avatar.jpeg mv avatar avatar.jpeg
mogrify -format png avatar.jpeg mogrify -format png avatar.jpeg
fi fi
@ -101,10 +101,10 @@ function set_avatar_from_url {
function remove_user_htmly { function remove_user_htmly {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp htmly "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp htmly
if [ -f /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then if [ -f "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini" ]; then
rm /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini rm "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini"
fi fi
} }
@ -117,39 +117,38 @@ function add_user_htmly {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a htmly -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a htmly -p "$new_user_password"
if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then
echo '2' echo '2'
return return
fi fi
NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$new_user_password") NEW_USER_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$new_user_password")
if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
echo '3' echo '3'
return return
fi fi
echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini { echo ';Password';
echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini echo "password = $NEW_USER_PASSWORD_HASH";
echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini echo 'encryption = password_hash';
echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini echo ';Role';
echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini"
echo '0' echo '0'
} }
function configure_interactive_htmly { function configure_interactive_htmly {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Change htmly avatar" \ dialog --title $"Change htmly avatar" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
IMAGE_URL=$(<$data) IMAGE_URL=$(<"$data")
if [ ${#IMAGE_URL} -gt 5 ]; then if [ ${#IMAGE_URL} -gt 5 ]; then
clear clear
AVATAR_SET= AVATAR_SET=
set_avatar_from_url $IMAGE_URL set_avatar_from_url "$IMAGE_URL"
if [ $AVATAR_SET ]; then if [ $AVATAR_SET ]; then
dialog --title $"Change htmly avatar" \ dialog --title $"Change htmly avatar" \
--msgbox $"Your htmly avatar has been changed" 6 40 --msgbox $"Your htmly avatar has been changed" 6 40
@ -157,10 +156,11 @@ function configure_interactive_htmly {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function install_interactive_htmly { function install_interactive_htmly {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -186,13 +186,13 @@ function change_password_htmly {
echo $'Htmly password is too short' echo $'Htmly password is too short'
return return
fi fi
${PROJECT_NAME}-pass -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD" "${PROJECT_NAME}-pass" -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
HTMLY_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_PASSWORD") HTMLY_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_PASSWORD")
if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then
echo $'Htmly admin password could not be hashed' echo $'Htmly admin password could not be hashed'
exit 625728 exit 625728
fi fi
sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini"
} }
function reconfigure_htmly { function reconfigure_htmly {
@ -208,23 +208,23 @@ function upgrade_htmly {
read_config_param "HTMLY_DOMAIN_NAME" read_config_param "HTMLY_DOMAIN_NAME"
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$HTMLY_DOMAIN_NAME/htdocs "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO set_repo_commit "/var/www/$HTMLY_DOMAIN_NAME/htdocs" "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
} }
function backup_local_htmly { function backup_local_htmly {
HTMLY_DOMAIN_NAME='htmly.local' HTMLY_DOMAIN_NAME='htmly.local'
if grep -q "htmly domain" $COMPLETION_FILE; then if grep -q "htmly domain" "$COMPLETION_FILE"; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain") HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
fi fi
source_directory=/var/www/${HTMLY_DOMAIN_NAME}/htdocs source_directory="/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=htmly dest_directory=htmly
function_check suspend_site function_check suspend_site
suspend_site ${HTMLY_DOMAIN_NAME} suspend_site "${HTMLY_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
@ -233,73 +233,74 @@ function backup_local_htmly {
function restore_local_htmly { function restore_local_htmly {
HTMLY_DOMAIN_NAME='htmly.local' HTMLY_DOMAIN_NAME='htmly.local'
if grep -q "htmly domain" $COMPLETION_FILE; then if grep -q "htmly domain" "$COMPLETION_FILE"; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain") HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
fi fi
if [ $HTMLY_DOMAIN_NAME ]; then if [ "$HTMLY_DOMAIN_NAME" ]; then
temp_restore_dir=/root/temphtmly temp_restore_dir=/root/temphtmly
if [ -d $USB_MOUNT/backup/htmly ]; then if [ -d "$USB_MOUNT/backup/htmly" ]; then
restore_directory_from_usb $temp_restore_dir htmly restore_directory_from_usb $temp_restore_dir htmly
else else
restore_directory_from_usb $temp_restore_dir blog restore_directory_from_usb $temp_restore_dir blog
fi fi
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi fi
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi fi
if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
temp_source_dir=$(find ${temp_restore_dir} -name htdocs) temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/ cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
else else
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi fi
cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/ cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi fi
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
exit 54675 exit 54675
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
echo $"No content directory found after restoring htmly" echo $"No content directory found after restoring htmly"
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
exit 34578 exit 34578
fi fi
chown -R www-data:www-data /var/www/${HTMLY_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
# Ensure that the bundled SSL cert is being used # Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME} sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
fi fi
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
fi fi
fi fi
done done
if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
fi fi
fi fi
} }
function backup_remote_htmly { function backup_remote_htmly {
if grep -q "htmly domain" $COMPLETION_FILE; then if grep -q "htmly domain" "$COMPLETION_FILE"; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain") HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
echo $"Backing up htmly" echo $"Backing up htmly"
backup_directory_to_friend $temp_backup_dir htmly backup_directory_to_friend "$temp_backup_dir" htmly
echo $"Backup of htmly complete" echo $"Backup of htmly complete"
else else
echo $"Htmly domain specified but not found in $temp_backup_dir" echo $"Htmly domain specified but not found in $temp_backup_dir"
@ -309,56 +310,57 @@ function backup_remote_htmly {
} }
function restore_remote_htmly { function restore_remote_htmly {
if [ -d $SERVER_DIRECTORY/backup/htmly ]; then if [ -d "$SERVER_DIRECTORY/backup/htmly" ]; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain") HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME" echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME"
temp_restore_dir=/root/temphtmly temp_restore_dir=/root/temphtmly
mkdir $temp_restore_dir mkdir $temp_restore_dir
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir htmly restore_directory_from_friend $temp_restore_dir htmly
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi fi
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi fi
if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
temp_source_dir=$(find ${temp_restore_dir} -name htdocs) temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/ cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
else else
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi fi
cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/ cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi fi
exit 593 exit 593
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
echo $"No content directory found after restoring htmly" echo $"No content directory found after restoring htmly"
exit 287 exit 287
fi fi
# Ensure that the bundled SSL cert is being used # Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME} sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
fi fi
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
fi fi
fi fi
done done
if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
fi fi
echo $"Restore of htmly complete" echo $"Restore of htmly complete"
fi fi
@ -370,258 +372,264 @@ function remove_htmly {
fi fi
read_config_param "HTMLY_DOMAIN_NAME" read_config_param "HTMLY_DOMAIN_NAME"
nginx_dissite $HTMLY_DOMAIN_NAME nginx_dissite "$HTMLY_DOMAIN_NAME"
remove_certs ${HTMLY_DOMAIN_NAME} remove_certs "${HTMLY_DOMAIN_NAME}"
if [ -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
fi fi
if [ -d /var/www/$HTMLY_DOMAIN_NAME ]; then if [ -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
rm -rf /var/www/$HTMLY_DOMAIN_NAME rm -rf "/var/www/$HTMLY_DOMAIN_NAME"
fi fi
remove_config_param HTMLY_DOMAIN_NAME remove_config_param HTMLY_DOMAIN_NAME
remove_config_param HTMLY_CODE remove_config_param HTMLY_CODE
function_check remove_onion_service function_check remove_onion_service
remove_onion_service htmly ${HTMLY_ONION_PORT} remove_onion_service htmly ${HTMLY_ONION_PORT}
remove_completion_param "install_htmly" remove_completion_param "install_htmly"
sed -i '/Htmly/d' $COMPLETION_FILE sed -i '/Htmly/d' "$COMPLETION_FILE"
sed -i '/htmly/d' $COMPLETION_FILE sed -i '/htmly/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $HTMLY_DOMAIN_NAME remove_ddns_domain "$HTMLY_DOMAIN_NAME"
} }
function install_htmly_social_networks { function install_htmly_social_networks {
# set social networks # set social networks
if grep -q "social.hubzilla" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then if grep -q "social.hubzilla" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|;social.hubzilla|social.hubzilla|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
fi fi
if grep -q "social.gnusocial" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then if grep -q "social.gnusocial" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|;social.gnusocial|social.gnusocial|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
fi fi
# clear proprietary social network strings # clear proprietary social network strings
sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|social.facebook.*|social.facebook = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|social.twitter.*|social.twitter = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i 's|social.google.*|social.google = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|social.google.*|social.google = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
} }
function install_htmly_user { function install_htmly_user {
# create a user password # create a user password
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
HTMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" HTMLY_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
HTMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" HTMLY_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
# create a user # create a user
HTMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_ADMIN_PASSWORD") HTMLY_ADMIN_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_ADMIN_PASSWORD")
if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
echo $'Htmly admin password could not be hashed' echo $'Htmly admin password could not be hashed'
exit 625728 exit 625728
fi fi
echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini { echo ';Password';
echo "password = $HTMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo "password = $HTMLY_ADMIN_PASSWORD_HASH";
echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo 'encryption = password_hash';
echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo ';Role';
echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini"
} }
function install_htmly_settings { function install_htmly_settings {
cp /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini cp "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|site.url.*|site.url = '/'|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|timezone.*|timezone = "Europe/London"|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|Your name|$MY_NAME|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|Your name|$MY_NAME|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
} }
function install_htmly_website { function install_htmly_website {
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $HTMLY_DOMAIN_NAME nginx_http_redirect "$HTMLY_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;";
echo " server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " server_name $HTMLY_DOMAIN_NAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $HTMLY_DOMAIN_NAME nginx_ssl "$HTMLY_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $HTMLY_DOMAIN_NAME nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $HTMLY_DOMAIN_NAME nginx_limits "$HTMLY_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~* \.php$ {';
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
} }
function install_htmly_website_onion { function install_htmly_website_onion {
echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;";
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;"; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
echo " server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME if [[ "$ONION_ONLY" != 'yes' ]]; then
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " server_name $HTMLY_DOMAIN_NAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
echo ' index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME else
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " server_name $HTMLY_ONION_HOSTNAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME fi
{ echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $HTMLY_DOMAIN_NAME nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $HTMLY_DOMAIN_NAME nginx_limits "$HTMLY_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $HTMLY_DOMAIN_NAME nginx_limits "$HTMLY_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
} }
function install_htmly_from_repo { function install_htmly_from_repo {
if [ ! -d /var/www/$HTMLY_DOMAIN_NAME ]; then if [ ! -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
mkdir /var/www/$HTMLY_DOMAIN_NAME mkdir "/var/www/$HTMLY_DOMAIN_NAME"
fi fi
cd /var/www/$HTMLY_DOMAIN_NAME cd "/var/www/$HTMLY_DOMAIN_NAME" || exit 34684682
if [ -d /repos/htmly ]; then if [ -d /repos/htmly ]; then
mkdir htdocs mkdir htdocs
cp -r -p /repos/htmly/. htdocs cp -r -p /repos/htmly/. htdocs
cd htdocs cd htdocs || exit 3468735
git pull git pull
else else
git_clone $HTMLY_REPO htdocs git_clone $HTMLY_REPO htdocs
fi fi
cd htdocs cd htdocs || exit 3479835
git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
set_completion_param "htmly commit" "$HTMLY_COMMIT" set_completion_param "htmly commit" "$HTMLY_COMMIT"
} }
function install_htmly { function install_htmly {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $HTMLY_DOMAIN_NAME ]; then if [ ! "$HTMLY_DOMAIN_NAME" ]; then
echo $'The htmly domain name was not specified' echo $'The htmly domain name was not specified'
exit 5062 exit 5062
fi fi
@ -636,13 +644,14 @@ function install_htmly {
function_check install_htmly_website function_check install_htmly_website
install_htmly_website install_htmly_website
else else
echo -n '' > /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo -n '' > "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
fi fi
HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
function_check install_htmly_website_onion function_check install_htmly_website_onion
install_htmly_website_onion install_htmly_website_onion
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $HTMLY_DOMAIN_NAME 'yes' create_site_certificate "$HTMLY_DOMAIN_NAME" 'yes'
function_check configure_php function_check configure_php
configure_php configure_php
@ -656,20 +665,18 @@ function install_htmly {
function_check install_htmly_user function_check install_htmly_user
install_htmly_user install_htmly_user
chown -R www-data:www-data /var/www/$HTMLY_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$HTMLY_DOMAIN_NAME/htdocs"
HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $HTMLY_DOMAIN_NAME nginx_ensite "$HTMLY_DOMAIN_NAME"
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a htmly -p "$HTMLY_ADMIN_PASSWORD"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $HTMLY_DOMAIN_NAME add_ddns_domain "$HTMLY_DOMAIN_NAME"
set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME" set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -60,7 +60,7 @@ function logging_off_hubzilla {
function remove_user_hubzilla { function remove_user_hubzilla {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hubzilla
} }
function add_user_hubzilla { function add_user_hubzilla {
@ -71,27 +71,26 @@ function add_user_hubzilla {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a hubzilla -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a hubzilla -p "$new_user_password"
echo '0' echo '0'
} }
function hubzilla_renew_cert { function hubzilla_renew_cert {
dialog --title $"Renew SSL certificate" \ dialog --title $"Renew SSL certificate" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60 --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
255) return;; 255) return;;
esac esac
HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain") HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Renew SSL certificate" \ dialog --title $"Renew SSL certificate" \
--msgbox $"Hubzilla install directory not found" 6 40 --msgbox $"Hubzilla install directory not found" 6 40
return return
fi fi
${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt' if ! "${PROJECT_NAME}-renew-cert" -h "$HUBZILLA_DOMAIN_NAME" -p 'letsencrypt'; then
if [ ! "$?" = "0" ]; then
any_key any_key
else else
dialog --title $"Renew SSL certificate" \ dialog --title $"Renew SSL certificate" \
@ -100,68 +99,71 @@ function hubzilla_renew_cert {
} }
function hubzilla_channel_directory_server { function hubzilla_channel_directory_server {
if ! grep -q "hubzilla domain" $COMPLETION_FILE; then if ! grep -q "hubzilla domain" "$COMPLETION_FILE"; then
dialog --title $"Hubzilla channel directory server" \ dialog --title $"Hubzilla channel directory server" \
--msgbox $"Hubzilla is not installed on this system" 6 40 --msgbox $"Hubzilla is not installed on this system" 6 40
return return
fi fi
HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain") HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Hubzilla channel directory server" \ dialog --title $"Hubzilla channel directory server" \
--msgbox $"Hubzilla install directory not found" 6 40 --msgbox $"Hubzilla install directory not found" 6 40
return return
fi fi
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Hubzilla channel directory server" \ dialog --title $"Hubzilla channel directory server" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
hubzilla_domain_server=$(<$data) hubzilla_domain_server=$(<"$data")
if [[ $hubzilla_domain_server != *"."* ]]; then if [[ $hubzilla_domain_server != *"."* ]]; then
rm -f "$data"
return return
fi fi
if [[ $hubzilla_domain_server != "https"* ]]; then if [[ $hubzilla_domain_server != "https"* ]]; then
dialog --title $"Hubzilla channel directory server" \ dialog --title $"Hubzilla channel directory server" \
--msgbox $"\nInvalid domain - include the https://" 7 60 --msgbox $"\\nInvalid domain - include the https://" 7 60
rm -f "$data"
return return
fi fi
./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server "./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config" system directory_server "$hubzilla_domain_server"
dialog --title $"Hubzilla channel directory server" \ dialog --title $"Hubzilla channel directory server" \
--msgbox $"\nDomain channel directory server changed to\n\n $hubzilla_domain_server" 10 60 --msgbox $"\\nDomain channel directory server changed to\\n\\n $hubzilla_domain_server" 10 60
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_hubzilla { function configure_interactive_hubzilla {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Hubzilla" \ --title $"Hubzilla" \
--radiolist $"Choose an operation:" 13 70 4 \ --radiolist $"Choose an operation:" 13 70 4 \
1 $"Set channel directory server" off \ 1 $"Set channel directory server" off \
2 $"Renew SSL certificate" off \ 2 $"Renew SSL certificate" off \
3 $"Back to main menu" on 2> $data 3 $"Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) break;;
255) break;; 255) break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) hubzilla_channel_directory_server;; 1) hubzilla_channel_directory_server;;
2) hubzilla_renew_cert;; 2) hubzilla_renew_cert;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
function install_interactive_hubzilla { function install_interactive_hubzilla {
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
return return
fi fi
@ -172,7 +174,7 @@ function install_interactive_hubzilla {
} }
function change_password_hubzilla { function change_password_hubzilla {
HUBZILLA_USERNAME="$1" # HUBZILLA_USERNAME="$1"
HUBZILLA_PASSWORD="$2" HUBZILLA_PASSWORD="$2"
if [ ${#HUBZILLA_PASSWORD} -lt 8 ]; then if [ ${#HUBZILLA_PASSWORD} -lt 8 ]; then
echo $'Hubzilla password is too short' echo $'Hubzilla password is too short'
@ -183,14 +185,14 @@ function change_password_hubzilla {
} }
function hubzilla_create_database { function hubzilla_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" HUBZILLA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
fi fi
if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" HUBZILLA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
return return
fi fi
@ -211,25 +213,25 @@ function upgrade_hubzilla {
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $HUBZILLA_PATH "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO set_repo_commit "$HUBZILLA_PATH" "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
set_repo_commit $HUBZILLA_PATH/addon "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO set_repo_commit "$HUBZILLA_PATH/addon" "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then if [ -d "$HUBZILLA_PATH/redmatrix-themes1" ]; then
cd $HUBZILLA_PATH/redmatrix-themes1 cd "$HUBZILLA_PATH/redmatrix-themes1" || exit 246782456
git merge --abort git merge --abort
git stash git stash
git pull git pull
cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/ cp -r "$HUBZILLA_PATH/redmatrix-themes1/*" "$HUBZILLA_PATH/view/theme/"
chown -R www-data:www-data $HUBZILLA_PATH chown -R www-data:www-data "$HUBZILLA_PATH"
fi fi
} }
function backup_local_hubzilla { function backup_local_hubzilla {
hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
if [ -d $hubzilla_path ]; then if [ -d "$hubzilla_path" ]; then
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb hubzilla backup_database_to_usb hubzilla
backup_directory_to_usb $hubzilla_path hubzilla backup_directory_to_usb "$hubzilla_path" hubzilla
fi fi
} }
@ -240,31 +242,31 @@ function restore_local_hubzilla {
function_check hubzilla_create_database function_check hubzilla_create_database
hubzilla_create_database hubzilla_create_database
restore_database hubzilla ${HUBZILLA_DOMAIN_NAME} restore_database hubzilla "${HUBZILLA_DOMAIN_NAME}"
if [ -d $USB_MOUNT/backup/hubzilla ]; then if [ -d "$USB_MOUNT/backup/hubzilla" ]; then
if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then if [ ! -d "$hubzilla_dir/store/[data]/smarty3" ]; then
mkdir -p $hubzilla_dir/store/[data]/smarty3 mkdir -p "$hubzilla_dir/store/[data]/smarty3"
fi fi
chmod 1777 $hubzilla_dir/store/[data]/smarty3 chmod 1777 "$hubzilla_dir/store/[data]/smarty3"
chown -R www-data:www-data $hubzilla_dir/* chown -R www-data:www-data "$hubzilla_dir/*"
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
MARIADB_PASSWORD= MARIADB_PASSWORD=
fi fi
} }
function backup_remote_hubzilla { function backup_remote_hubzilla {
temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs temp_backup_dir="/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs"
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
suspend_site ${HUBZILLA_DOMAIN_NAME} suspend_site "${HUBZILLA_DOMAIN_NAME}"
backup_database_to_friend hubzilla backup_database_to_friend hubzilla
echo "Backing up Hubzilla installation" echo "Backing up Hubzilla installation"
backup_directory_to_friend $temp_backup_dir hubzilla backup_directory_to_friend "$temp_backup_dir" hubzilla
restart_site restart_site
echo "Backup of Hubzilla complete" echo "Backup of Hubzilla complete"
else else
@ -279,21 +281,21 @@ function restore_remote_hubzilla {
function_check hubzilla_create_database function_check hubzilla_create_database
hubzilla_create_database hubzilla_create_database
restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME} restore_database_from_friend hubzilla "${HUBZILLA_DOMAIN_NAME}"
if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then if [ -d "$SERVER_DIRECTORY/backup/hubzilla" ]; then
if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then if [ ! -d "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 mkdir -p "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
fi fi
chmod 1777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 chmod 1777 "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/* chown -R www-data:www-data "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*"
fi fi
if [ -d /root/temphubzilla ]; then if [ -d /root/temphubzilla ]; then
rm -rf /root/temphubzilla rm -rf /root/temphubzilla
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
MARIADB_PASSWORD= MARIADB_PASSWORD=
} }
@ -301,41 +303,41 @@ function remove_hubzilla {
if [ ${#HUBZILLA_DOMAIN_NAME} -eq 0 ]; then if [ ${#HUBZILLA_DOMAIN_NAME} -eq 0 ]; then
return return
fi fi
nginx_dissite $HUBZILLA_DOMAIN_NAME nginx_dissite "$HUBZILLA_DOMAIN_NAME"
remove_certs ${HUBZILLA_DOMAIN_NAME} remove_certs "${HUBZILLA_DOMAIN_NAME}"
if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
rm -rf /var/www/$HUBZILLA_DOMAIN_NAME rm -rf "/var/www/$HUBZILLA_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME rm "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database hubzilla drop_database hubzilla
function_check remove_onion_service function_check remove_onion_service
remove_onion_service hubzilla ${HUBZILLA_ONION_PORT} remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
sed -i '/hubzilla/d' $COMPLETION_FILE sed -i '/hubzilla/d' "$COMPLETION_FILE"
sed -i '/poller.php/d' /etc/crontab sed -i '/poller.php/d' /etc/crontab
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $HUBZILLA_DOMAIN_NAME remove_ddns_domain "$HUBZILLA_DOMAIN_NAME"
} }
function install_hubzilla { function install_hubzilla {
if [ ! $HUBZILLA_DOMAIN_NAME ]; then if [ ! "$HUBZILLA_DOMAIN_NAME" ]; then
return return
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
echo $"Hubzilla won't work on an onion address" echo $"Hubzilla won't work on an onion address"
exit 529925 exit 529925
fi fi
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
function_check install_mariadb function_check install_mariadb
install_mariadb install_mariadb
if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
remove_hubzilla remove_hubzilla
fi fi
@ -349,44 +351,44 @@ function install_hubzilla {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
mkdir /var/www/$HUBZILLA_DOMAIN_NAME mkdir "/var/www/$HUBZILLA_DOMAIN_NAME"
fi fi
if [ ! -d $HUBZILLA_PATH ]; then if [ ! -d "$HUBZILLA_PATH" ]; then
mkdir -p $HUBZILLA_PATH mkdir -p "$HUBZILLA_PATH"
fi fi
if [ ! -f $HUBZILLA_PATH/index.php ]; then if [ ! -f "$HUBZILLA_PATH/index.php" ]; then
if [ -d /repos/hubzilla ]; then if [ -d /repos/hubzilla ]; then
mkdir $HUBZILLA_PATH mkdir "$HUBZILLA_PATH"
cp -r -p /repos/hubzilla/. $HUBZILLA_PATH cp -r -p /repos/hubzilla/. "$HUBZILLA_PATH"
cd $HUBZILLA_PATH cd "$HUBZILLA_PATH" || exit 245672478
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $HUBZILLA_REPO $HUBZILLA_PATH git_clone "$HUBZILLA_REPO" "$HUBZILLA_PATH"
fi fi
git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT git checkout "$HUBZILLA_COMMIT" -b "$HUBZILLA_COMMIT"
set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT" set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
if [ -d /repos/hubzilla-addons ]; then if [ -d /repos/hubzilla-addons ]; then
mkdir $HUBZILLA_PATH/addon mkdir "$HUBZILLA_PATH/addon"
cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon cp -r -p /repos/hubzilla-addons/. "$HUBZILLA_PATH/addon"
cd $HUBZILLA_PATH/addon cd "$HUBZILLA_PATH/addon" || exit 24682464
git pull git pull
else else
git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon git_clone "$HUBZILLA_ADDONS_REPO" "$HUBZILLA_PATH/addon"
fi fi
cd $HUBZILLA_PATH/addon cd "$HUBZILLA_PATH/addon" || exit 24982468
git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT git checkout "$HUBZILLA_ADDONS_COMMIT" -b "$HUBZILLA_ADDONS_COMMIT"
set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
chown -R www-data:www-data $HUBZILLA_PATH chown -R www-data:www-data "$HUBZILLA_PATH"
fi fi
if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then if [ ! -f "$HUBZILLA_PATH/install/schema_mysql.sql" ]; then
echo $'No database schema found for hubzilla' echo $'No database schema found for hubzilla'
exit 252782 exit 252782
fi fi
@ -403,156 +405,156 @@ function install_hubzilla {
fi fi
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $HUBZILLA_DOMAIN_NAME add_ddns_domain "$HUBZILLA_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $HUBZILLA_DOMAIN_NAME nginx_http_redirect "$HUBZILLA_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " root $HUBZILLA_PATH;";
echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " server_name $HUBZILLA_DOMAIN_NAME;";
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' charset utf-8;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $HUBZILLA_DOMAIN_NAME nginx_ssl "$HUBZILLA_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $HUBZILLA_DOMAIN_NAME nginx_limits "$HUBZILLA_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $HUBZILLA_DOMAIN_NAME nginx_limits "$HUBZILLA_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_read_timeout 300;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
else else
echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;";
echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " root $HUBZILLA_PATH;";
echo " server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " server_name $HUBZILLA_ONION_HOSTNAME;";
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' index index.php;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' charset utf-8;';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' access_log /dev/null;';
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
nginx_limits $HUBZILLA_DOMAIN_NAME nginx_limits "$HUBZILLA_DOMAIN_NAME"
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' expires 30d;';
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
nginx_limits $HUBZILLA_DOMAIN_NAME nginx_limits "$HUBZILLA_DOMAIN_NAME"
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_index index.php;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_read_timeout 300;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
fi fi
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes' create_site_certificate "$HUBZILLA_DOMAIN_NAME" 'yes'
if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then if [ ! -d "$HUBZILLA_PATH/view/tpl/smarty3" ]; then
mkdir $HUBZILLA_PATH/view/tpl/smarty3 mkdir "$HUBZILLA_PATH/view/tpl/smarty3"
fi fi
if [ ! -d "$HUBZILLA_PATH/store" ]; then if [ ! -d "$HUBZILLA_PATH/store" ]; then
mkdir "$HUBZILLA_PATH/store" mkdir "$HUBZILLA_PATH/store"
@ -564,9 +566,9 @@ function install_hubzilla {
mkdir "$HUBZILLA_PATH/store/[data]/smarty3" mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
chmod 1777 "$HUBZILLA_PATH/store/[data]/smarty3" chmod 1777 "$HUBZILLA_PATH/store/[data]/smarty3"
fi fi
chmod 1777 $HUBZILLA_PATH/view/tpl chmod 1777 "$HUBZILLA_PATH/view/tpl"
chown -R www-data:www-data "$HUBZILLA_PATH/store" chown -R www-data:www-data "$HUBZILLA_PATH/store"
chmod 1777 $HUBZILLA_PATH/view/tpl/smarty3 chmod 1777 "$HUBZILLA_PATH/view/tpl/smarty3"
# Ensure that the database gets backed up locally, if remote # Ensure that the database gets backed up locally, if remote
# backups are not being used # backups are not being used
@ -576,50 +578,50 @@ function install_hubzilla {
function_check backup_database_local function_check backup_database_local
backup_database_local hubzilla backup_database_local hubzilla
chown -R www-data:www-data $HUBZILLA_PATH chown -R www-data:www-data "$HUBZILLA_PATH"
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $HUBZILLA_DOMAIN_NAME nginx_ensite "$HUBZILLA_DOMAIN_NAME"
function_check initialise_database function_check initialise_database
initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql initialise_database hubzilla "$HUBZILLA_PATH/install/schema_mysql.sql"
# create the config file # create the config file
echo '<?php' > $HUBZILLA_PATH/.htconfig.php { echo '<?php';
echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php echo "\$db_host = 'localhost';";
echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php echo "\$db_port = '0';";
echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php echo "\$db_user = 'root';";
echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php echo "\$db_pass = '${MARIADB_PASSWORD}';";
echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php echo "\$db_data = 'hubzilla';";
echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php echo "\$db_type = '0';";
echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php echo "\$default_timezone = 'Europe/London';"; } > "$HUBZILLA_PATH/.htconfig.php"
if [[ $ONION_ONLY == 'no' ]]; then if [[ "$ONION_ONLY" == 'no' ]]; then
echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
else else
echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
fi fi
echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$HUBZILLA_PATH/.htconfig.php"
HUBZILLA_LOCATION_HASH="$(create_password 30)" HUBZILLA_LOCATION_HASH="$(create_password 30)"
echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php { echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';";
echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['register_text'] = '';";
echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['verify_email'] = 1;";
echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['sellpage'] = '';";
echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['max_import_size'] = 200000;";
echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;";
echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$HUBZILLA_PATH/.htconfig.php"
chown www-data:www-data $HUBZILLA_PATH/.htconfig.php chown www-data:www-data "$HUBZILLA_PATH/.htconfig.php"
chmod 755 $HUBZILLA_PATH/.htconfig.php chmod 755 "$HUBZILLA_PATH/.htconfig.php"
systemctl restart mariadb systemctl restart mariadb
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
systemctl restart cron systemctl restart cron
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}" set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}"
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -68,36 +68,36 @@ function icecast_update_daemon {
rm /etc/init.d/icecast2 rm /etc/init.d/icecast2
fi fi
echo '#!/bin/sh' > /usr/bin/stop_icecast { echo '#!/bin/sh';
echo 'kill $(pidof ices2)' >> /usr/bin/stop_icecast echo "kill \$(pidof ices2)";
echo 'systemctl stop icecast2' >> /usr/bin/stop_icecast echo 'systemctl stop icecast2'; } > /usr/bin/stop_icecast
chmod +x /usr/bin/stop_icecast chmod +x /usr/bin/stop_icecast
# Note that the sleep here actually is important # Note that the sleep here actually is important
echo '#!/bin/bash' > /usr/bin/start_icecast { echo '#!/bin/bash';
echo 'isrunning=$(ps aux | grep ices2)' >> /usr/bin/start_icecast echo "isrunning=\$(ps aux | grep ices2)";
echo 'if [[ "$isrunning" != *"ices-playlist"* ]]; then' >> /usr/bin/start_icecast echo "if [[ \"\$isrunning\" != *\"ices-playlist\"* ]]; then";
echo ' systemctl start icecast2' >> /usr/bin/start_icecast echo ' systemctl start icecast2';
echo ' sleep 3' >> /usr/bin/start_icecast echo ' sleep 3';
echo ' cd /etc/ices2' >> /usr/bin/start_icecast echo ' cd /etc/ices2';
echo ' ices2 ices-playlist.xml' >> /usr/bin/start_icecast echo ' ices2 ices-playlist.xml';
echo 'fi' >> /usr/bin/start_icecast echo 'fi'; } > /usr/bin/start_icecast
chmod +x /usr/bin/start_icecast chmod +x /usr/bin/start_icecast
echo '[Unit]' > /etc/systemd/system/icecast2.service { echo '[Unit]';
echo 'Description=Icecast' >> /etc/systemd/system/icecast2.service echo 'Description=Icecast';
echo 'After=network.target' >> /etc/systemd/system/icecast2.service echo 'After=network.target';
echo 'After=tor.service' >> /etc/systemd/system/icecast2.service echo 'After=tor.service';
echo '' >> /etc/systemd/system/icecast2.service echo '';
echo '[Service]' >> /etc/systemd/system/icecast2.service echo '[Service]';
echo 'User=icecast2' >> /etc/systemd/system/icecast2.service echo 'User=icecast2';
echo 'Group=icecast' >> /etc/systemd/system/icecast2.service echo 'Group=icecast';
echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml' >> /etc/systemd/system/icecast2.service echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml';
echo 'Restart=on-failure' >> /etc/systemd/system/icecast2.service echo 'Restart=on-failure';
echo 'RestartSec=10' >> /etc/systemd/system/icecast2.service echo 'RestartSec=10';
echo '' >> /etc/systemd/system/icecast2.service echo '';
echo '[Install]' >> /etc/systemd/system/icecast2.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/icecast2.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/icecast2.service
chown -R icecast2:icecast /etc/ices2 chown -R icecast2:icecast /etc/ices2
chown -R icecast2:icecast /etc/icecast2 chown -R icecast2:icecast /etc/icecast2
@ -121,7 +121,7 @@ function change_password_icecast {
/etc/icecast2/icecast.xml /etc/icecast2/icecast.xml
sed -i "s|<password>.*|<password>${new_user_password}</password>|g" /etc/ices2/ices-playlist.xml sed -i "s|<password>.*|<password>${new_user_password}</password>|g" /etc/ices2/ices-playlist.xml
${PROJECT_NAME}-pass -u "$curr_username" -a icecast -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a icecast -p "$new_user_password"
start_icecast start_icecast
} }
@ -139,7 +139,7 @@ function reconfigure_icecast {
function icecast_convert_files { function icecast_convert_files {
clear clear
cd ${1} cd "${1}" || exit 2346824648
echo $'Converting any mp3 files to ogg format' echo $'Converting any mp3 files to ogg format'
find . -type f -name '*.mp3' -exec bash -c 'ffmpeg -i "$0" -c:a libvorbis -q:a 4 "${0/%mp3/ogg}"' '{}' \; find . -type f -name '*.mp3' -exec bash -c 'ffmpeg -i "$0" -c:a libvorbis -q:a 4 "${0/%mp3/ogg}"' '{}' \;
@ -153,20 +153,20 @@ function icecast_convert_files {
} }
function icecast_add_file_to_playlist { function icecast_add_file_to_playlist {
files_dir=${1} files_dir="${1}"
if [ ! -d $files_dir ]; then if [ ! -d "$files_dir" ]; then
return return
fi fi
echo $'Adding ogg files to playlist' echo $'Adding ogg files to playlist'
find $files_dir -type f -name '*.ogg' -print0 | while read -d $'\0' file; do find "$files_dir" -type f -name '*.ogg' -print0 | while read -r -d $'\0' file; do
if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
echo "$file" >> $ICECAST_PLAYLIST_FILE echo "$file" >> $ICECAST_PLAYLIST_FILE
fi fi
done done
echo $'Adding ogv files to playlist' echo $'Adding ogv files to playlist'
find $files_dir -type f -name '*.ogv' -print0 | while read -d $'\0' file; do find "$files_dir" -type f -name '*.ogv' -print0 | while read -r -d $'\0' file; do
if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
echo "$file" >> $ICECAST_PLAYLIST_FILE echo "$file" >> $ICECAST_PLAYLIST_FILE
fi fi
@ -178,14 +178,14 @@ function icecast_add_file_to_playlist {
} }
function icecast_import_from_directory { function icecast_import_from_directory {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
dialog --title "Choose a directory containing stream files" --dselect /home/$MY_USERNAME/ 30 60 2> $data dialog --title "Choose a directory containing stream files" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
selected_dir=$(cat $data) selected_dir=$(cat "$data")
rm $data rm -f "$data"
if [[ "$selected_dir" == "$ICECAST_DIR" ]]; then if [[ "$selected_dir" == "$ICECAST_DIR" ]]; then
return return
fi fi
if [ ! -d $selected_dir ]; then if [ ! -d "$selected_dir" ]; then
return return
fi fi
if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@ -201,7 +201,7 @@ function icecast_import_from_directory {
dialog --title $"Import stream files directory into Icecast" \ dialog --title $"Import stream files directory into Icecast" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nImport the directory:\n\n $selected_dir" 12 75 --yesno $"\\nImport the directory:\\n\\n $selected_dir" 12 75
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
@ -215,8 +215,8 @@ function icecast_import_from_directory {
dest_dir=$(basename "$selected_dir") dest_dir=$(basename "$selected_dir")
mv "$selected_dir" $ICECAST_DIR mv "$selected_dir" $ICECAST_DIR
icecast_convert_files $ICECAST_DIR/$dest_dir icecast_convert_files "$ICECAST_DIR/$dest_dir"
icecast_add_file_to_playlist $ICECAST_DIR/$dest_dir icecast_add_file_to_playlist "$ICECAST_DIR/$dest_dir"
dialog --title $"Import stream files directory into Icecast" \ dialog --title $"Import stream files directory into Icecast" \
--msgbox $"Import success" 6 40 --msgbox $"Import success" 6 40
@ -226,18 +226,18 @@ function icecast_import_from_usb {
clear clear
detect_usb_drive detect_usb_drive
if [ ! -b $USB_DRIVE ]; then if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Import stream files from USB drive" --msgbox $'No USB drive found' 6 50 dialog --title $"Import stream files from USB drive" --msgbox $'No USB drive found' 6 50
return return
fi fi
backup_mount_drive ${USB_DRIVE} backup_mount_drive "${USB_DRIVE}"
if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
dialog --title $"Import stream files from USB drive" --msgbox $'No stream files directory found on USB drive' 6 50 dialog --title $"Import stream files from USB drive" --msgbox $'No stream files directory found on USB drive' 6 50
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
fi fi
cp -ru $USB_MOUNT$ICECAST_DIR/* $ICECAST_DIR cp -ru "$USB_MOUNT$ICECAST_DIR/*" $ICECAST_DIR
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
icecast_convert_files $ICECAST_DIR icecast_convert_files $ICECAST_DIR
dialog --title $"Import stream files from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50 dialog --title $"Import stream files from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
} }
@ -246,40 +246,41 @@ function icecast_export_to_usb {
clear clear
detect_usb_drive detect_usb_drive
if [ ! -b $USB_DRIVE ]; then if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Export stream files to USB drive" --msgbox $'No USB drive found' 6 50 dialog --title $"Export stream files to USB drive" --msgbox $'No USB drive found' 6 50
return return
fi fi
backup_mount_drive ${USB_DRIVE} backup_mount_drive "${USB_DRIVE}"
if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
mkdir -p $USB_MOUNT$ICECAST_DIR mkdir -p "$USB_MOUNT$ICECAST_DIR"
fi fi
cp -ru $ICECAST_DIR/* $USB_MOUNT$ICECAST_DIR cp -ru "$ICECAST_DIR/*" "$USB_MOUNT$ICECAST_DIR"
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
dialog --title $"Export stream files to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50 dialog --title $"Export stream files to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
} }
function icecast_format_drive { function icecast_format_drive {
detect_usb_drive detect_usb_drive
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Format USB drive $USB_DRIVE for stream file storage" \ dialog --title $"Format USB drive $USB_DRIVE for stream file storage" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nPlease confirm that you wish to format drive\n\n ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60 --yesno $"\\nPlease confirm that you wish to format drive\\n\\n ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
rm $data rm -f "$data"
clear clear
echo '' echo ''
echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST." echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
echo '' echo ''
${PROJECT_NAME}-format $USB_DRIVE "${PROJECT_NAME}-format" "$USB_DRIVE"
dialog --title $"Format USB drive $USB_DRIVE for stream file storage" --msgbox $'Format complete. You may now export stream files or remove the USB drive' 6 50 dialog --title $"Format USB drive $USB_DRIVE for stream file storage" --msgbox $'Format complete. You may now export stream files or remove the USB drive' 6 50
} }
@ -290,42 +291,41 @@ function icecast_edit_playlist {
} }
function icecast_change_login { function icecast_change_login {
read_config_param $MY_USERNAME read_config_param "$MY_USERNAME"
ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser) ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Change Icecast stream visitor login" \ dialog --title $"Change Icecast stream visitor login" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>$data --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) ICECAST_USER_PASSWORD=$(<$data) 0) ICECAST_USER_PASSWORD=$(<"$data")
if [[ "$ICECAST_USER_PASSWORD" != *' '* ]]; then if [[ "$ICECAST_USER_PASSWORD" != *' '* ]]; then
if [ ${#ICECAST_USER_PASSWORD} -gt 8 ]; then if [ ${#ICECAST_USER_PASSWORD} -gt 8 ]; then
${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p $ICECAST_USER_PASSWORD "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
dialog --title $"Change Icecast stream visitor login" \ dialog --title $"Change Icecast stream visitor login" \
--msgbox $"Password changed to $ICECAST_USER_PASSWORD" 6 75 --msgbox $"Password changed to $ICECAST_USER_PASSWORD" 6 75
fi fi
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function icecast_enable_login { function icecast_enable_login {
dialog --title $"Enable Icecast login" \ dialog --title $"Enable Icecast login" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nDo you want to add a login so that random web users can't access your stream?" 10 60 --yesno $"\\nDo you want to add a login so that random web users can't access your stream?" 10 60
sel=$? sel=$?
case $sel in case $sel in
0) if grep -q '#auth_basic' /etc/nginx/sites-available/icecast; then 0) if grep -q '#auth_basic' /etc/nginx/sites-available/icecast; then
sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/icecast sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/icecast
systemctl restart nginx systemctl restart nginx
fi fi
read_config_param $MY_USERNAME read_config_param "$MY_USERNAME"
ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser) ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
dialog --title $"Enable Icecast login" \ dialog --title $"Enable Icecast login" \
--msgbox $"Icecast logins are now enabled with the password $ICECAST_USER_PASSWORD" 6 65 --msgbox $"Icecast logins are now enabled with the password $ICECAST_USER_PASSWORD" 6 65
ICECAST_USER_PASSWORD= ICECAST_USER_PASSWORD=
@ -341,23 +341,24 @@ function icecast_enable_login {
} }
function icecast_set_stream_name { function icecast_set_stream_name {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Change Icecast stream details" \ --title $"Change Icecast stream details" \
--form "\n" 8 60 4 \ --form "\\n" 8 60 4 \
$"Stream name:" 1 1 "Example stream name" 1 18 40 1000 \ $"Stream name:" 1 1 "Example stream name" 1 18 40 1000 \
$"Description:" 2 1 "A short description of your stream" 2 18 40 1000 \ $"Description:" 2 1 "A short description of your stream" 2 18 40 1000 \
$"Genre:" 3 1 "Example genre" 3 18 40 1000 \ $"Genre:" 3 1 "Example genre" 3 18 40 1000 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
stream_name=$(cat $data | sed -n 1p) stream_name=$(sed -n 1p < "$data")
stream_description=$(cat $data | sed -n 2p) stream_description=$(sed -n 2p < "$data")
stream_genre=$(cat $data | sed -n 3p) stream_genre=$(sed -n 3p < "$data")
if [ ${#stream_name} -gt 2 ]; then if [ ${#stream_name} -gt 2 ]; then
sed -i "s|<name>.*|<name>${stream_name}</name>|g" /etc/ices2/ices-playlist.xml sed -i "s|<name>.*|<name>${stream_name}</name>|g" /etc/ices2/ices-playlist.xml
fi fi
@ -367,42 +368,41 @@ function icecast_set_stream_name {
if [ ${#stream_genre} -gt 2 ]; then if [ ${#stream_genre} -gt 2 ]; then
sed -i "s|<genre>.*|<genre>${stream_genre}</genre>|g" /etc/ices2/ices-playlist.xml sed -i "s|<genre>.*|<genre>${stream_genre}</genre>|g" /etc/ices2/ices-playlist.xml
fi fi
rm $data rm -f "$data"
stop_icecast stop_icecast
start_icecast start_icecast
} }
function icecast_set_maximum_streams { function icecast_set_maximum_streams {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Set the maximum clients" \ dialog --title $"Set the maximum clients" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Maximum number of clients" 8 40 "10" 2>$data --inputbox $"Maximum number of clients" 8 40 "10" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
max_clients=$(<$data) max_clients=$(<"$data")
if [ ${#max_clients} -gt 0 ]; then if [ ${#max_clients} -gt 0 ]; then
if [[ "$max_clients" != *' '* ]]; then if [[ "$max_clients" != *' '* ]]; then
if [[ $max_clients =~ '^[0-9]+$' ]] ; then # shellcheck disable=SC2076
if [[ "$max_clients" =~ '^[0-9]+$' ]] ; then
sed -i "s|<clients>.*|<clients>${max_clients}</clients>|g" /etc/icecast2/icecast.xml sed -i "s|<clients>.*|<clients>${max_clients}</clients>|g" /etc/icecast2/icecast.xml
stop_icecast stop_icecast
start_icecast start_icecast
dialog --title $"Set the maximum clients" \ dialog --title $"Set the maximum clients" \
--msgbox $"\nMaximum Icecast clients was set to ${max_clients}" 8 50 --msgbox $"\\nMaximum Icecast clients was set to ${max_clients}" 8 50
fi fi
fi fi
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function configure_interactive_icecast { function configure_interactive_icecast {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Icecast" \ --title $"Icecast" \
--radiolist $"Choose an operation:" 19 70 12 \ --radiolist $"Choose an operation:" 19 70 12 \
@ -417,13 +417,15 @@ function configure_interactive_icecast {
9 $"Restart stream" off \ 9 $"Restart stream" off \
10 $"Set Stream Name/Description/Genre" off \ 10 $"Set Stream Name/Description/Genre" off \
11 $"Set maximum number of clients/streams" off \ 11 $"Set maximum number of clients/streams" off \
12 $"Exit" on 2> $data 12 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) icecast_import_from_directory;; 1) icecast_import_from_directory;;
2) icecast_import_from_usb;; 2) icecast_import_from_usb;;
3) icecast_format_drive;; 3) icecast_format_drive;;
@ -440,8 +442,10 @@ function configure_interactive_icecast {
start_icecast;; start_icecast;;
10) icecast_set_stream_name;; 10) icecast_set_stream_name;;
11) icecast_set_maximum_streams;; 11) icecast_set_maximum_streams;;
12) break;; 12) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -556,7 +560,7 @@ function remove_icecast {
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service icecast ${ICECAST_ONION_PORT} remove_onion_service icecast ${ICECAST_ONION_PORT}
sed -i '/icecast/d' $COMPLETION_FILE sed -i '/icecast/d' "$COMPLETION_FILE"
} }
function install_icecast { function install_icecast {
@ -572,11 +576,11 @@ function install_icecast {
exit 7923528 exit 7923528
fi fi
if [ ! ${ICECAST_PASSWORD} ]; then if [ ! "${ICECAST_PASSWORD}" ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
ICECAST_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" ICECAST_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
ICECAST_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" ICECAST_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
@ -600,22 +604,22 @@ function install_icecast {
fi fi
icecast_nginx_site=/etc/nginx/sites-available/icecast icecast_nginx_site=/etc/nginx/sites-available/icecast
echo 'server {' > $icecast_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$ICECAST_ONION_PORT default_server;" >> $icecast_nginx_site echo " listen 127.0.0.1:$ICECAST_ONION_PORT default_server;";
echo " server_name $ICECAST_ONION_HOSTNAME;" >> $icecast_nginx_site echo " server_name $ICECAST_ONION_HOSTNAME;";
echo '' >> $icecast_nginx_site echo '';
echo ' # Logs' >> $icecast_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $icecast_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $icecast_nginx_site echo ' error_log /dev/null;';
echo '' >> $icecast_nginx_site echo '';
echo ' location / {' >> $icecast_nginx_site echo ' location / {'; } > $icecast_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $ICECAST_ONION_HOSTNAME '15m' nginx_limits "$ICECAST_ONION_HOSTNAME" '15m'
echo " proxy_pass http://localhost:$ICECAST_PORT;" >> $icecast_nginx_site { echo " proxy_pass http://localhost:$ICECAST_PORT;";
echo " #auth_basic \"${ICECAST_LOGIN_TEXT}\";" >> $icecast_nginx_site echo " #auth_basic \"${ICECAST_LOGIN_TEXT}\";";
echo ' #auth_basic_user_file /etc/nginx/.icepasswd;' >> $icecast_nginx_site echo ' #auth_basic_user_file /etc/nginx/.icepasswd;';
echo ' }' >> $icecast_nginx_site echo ' }';
echo '}' >> $icecast_nginx_site echo '}'; } >> $icecast_nginx_site
if [ ! -d /var/log/ices ]; then if [ ! -d /var/log/ices ]; then
mkdir -p /var/log/ices mkdir -p /var/log/ices
@ -624,105 +628,105 @@ function install_icecast {
mkdir -p /etc/ices2 mkdir -p /etc/ices2
fi fi
echo '<?xml version="1.0"?>' > /etc/ices2/ices-playlist.xml { echo '<?xml version="1.0"?>';
echo '<ices>' >> /etc/ices2/ices-playlist.xml echo '<ices>';
echo ' <!-- run in background -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- run in background -->';
echo ' <background>1</background>' >> /etc/ices2/ices-playlist.xml echo ' <background>1</background>';
echo ' <!-- where logs, etc go. -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- where logs, etc go. -->';
echo ' <logpath>/var/log/ices</logpath>' >> /etc/ices2/ices-playlist.xml echo ' <logpath>/var/log/ices</logpath>';
echo ' <logfile>ices.log</logfile>' >> /etc/ices2/ices-playlist.xml echo ' <logfile>ices.log</logfile>';
echo ' <!-- 1=error,2=warn,3=info,4=debug -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- 1=error,2=warn,3=info,4=debug -->';
echo ' <loglevel>1</loglevel>' >> /etc/ices2/ices-playlist.xml echo ' <loglevel>1</loglevel>';
echo ' <!-- set this to 1 to log to the console instead of to the file above -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- set this to 1 to log to the console instead of to the file above -->';
echo ' <consolelog>0</consolelog>' >> /etc/ices2/ices-playlist.xml echo ' <consolelog>0</consolelog>';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <!-- optional filename to write process id to -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- optional filename to write process id to -->';
echo ' <!-- <pidfile>/home/ices/ices.pid</pidfile> -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- <pidfile>/home/ices/ices.pid</pidfile> -->';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <stream>' >> /etc/ices2/ices-playlist.xml echo ' <stream>';
echo ' <!-- metadata used for stream listing (not currently used) -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- metadata used for stream listing (not currently used) -->';
echo ' <metadata>' >> /etc/ices2/ices-playlist.xml echo ' <metadata>';
echo ' <name>Example stream name</name>' >> /etc/ices2/ices-playlist.xml echo ' <name>Example stream name</name>';
echo ' <genre>Example genre</genre>' >> /etc/ices2/ices-playlist.xml echo ' <genre>Example genre</genre>';
echo ' <description>A short description of your stream</description>' >> /etc/ices2/ices-playlist.xml echo ' <description>A short description of your stream</description>';
echo ' </metadata>' >> /etc/ices2/ices-playlist.xml echo ' </metadata>';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <!-- input module' >> /etc/ices2/ices-playlist.xml echo ' <!-- input module';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' The module used here is the playlist module - it has ' >> /etc/ices2/ices-playlist.xml echo ' The module used here is the playlist module - it has ';
echo ' "submodules" for different types of playlist. There are' >> /etc/ices2/ices-playlist.xml echo ' "submodules" for different types of playlist. There are';
echo ' two currently implemented, "basic", which is a simple' >> /etc/ices2/ices-playlist.xml echo ' two currently implemented, "basic", which is a simple';
echo ' file-based playlist, and "script" which invokes a command' >> /etc/ices2/ices-playlist.xml echo ' file-based playlist, and "script" which invokes a command';
echo ' to returns a filename to start playing. -->' >> /etc/ices2/ices-playlist.xml echo ' to returns a filename to start playing. -->';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <input>' >> /etc/ices2/ices-playlist.xml echo ' <input>';
echo ' <module>playlist</module>' >> /etc/ices2/ices-playlist.xml echo ' <module>playlist</module>';
echo ' <param name="type">basic</param>' >> /etc/ices2/ices-playlist.xml echo ' <param name="type">basic</param>';
echo " <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>" >> /etc/ices2/ices-playlist.xml echo " <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>";
echo ' <!-- random play -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- random play -->';
echo ' <param name="random">0</param>' >> /etc/ices2/ices-playlist.xml echo ' <param name="random">0</param>';
echo ' <!-- if the playlist get updated that start at the beginning -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- if the playlist get updated that start at the beginning -->';
echo ' <param name="restart-after-reread">0</param>' >> /etc/ices2/ices-playlist.xml echo ' <param name="restart-after-reread">0</param>';
echo ' <!-- if set to 1 , plays once through, then exits. -->' >> /etc/ices2/ices-playlist.xml echo ' <!-- if set to 1 , plays once through, then exits. -->';
echo ' <param name="once">0</param>' >> /etc/ices2/ices-playlist.xml echo ' <param name="once">0</param>';
echo ' </input>' >> /etc/ices2/ices-playlist.xml echo ' </input>';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <!-- Stream instance' >> /etc/ices2/ices-playlist.xml echo ' <!-- Stream instance';
echo ' You may have one or more instances here. This allows you to ' >> /etc/ices2/ices-playlist.xml echo ' You may have one or more instances here. This allows you to ';
echo ' send the same input data to one or more servers (or to different' >> /etc/ices2/ices-playlist.xml echo ' send the same input data to one or more servers (or to different';
echo ' mountpoints on the same server). Each of them can have different' >> /etc/ices2/ices-playlist.xml echo ' mountpoints on the same server). Each of them can have different';
echo ' parameters. This is primarily useful for a) relaying to multiple' >> /etc/ices2/ices-playlist.xml echo ' parameters. This is primarily useful for a) relaying to multiple';
echo ' independent servers, and b) encoding/reencoding to multiple' >> /etc/ices2/ices-playlist.xml echo ' independent servers, and b) encoding/reencoding to multiple';
echo ' bitrates.' >> /etc/ices2/ices-playlist.xml echo ' bitrates.';
echo ' If one instance fails (for example, the associated server goes' >> /etc/ices2/ices-playlist.xml echo ' If one instance fails (for example, the associated server goes';
echo ' down, etc), the others will continue to function correctly.' >> /etc/ices2/ices-playlist.xml echo ' down, etc), the others will continue to function correctly.';
echo ' This example defines two instances as two mountpoints on the' >> /etc/ices2/ices-playlist.xml echo ' This example defines two instances as two mountpoints on the';
echo ' same server. -->' >> /etc/ices2/ices-playlist.xml echo ' same server. -->';
echo ' <instance>' >> /etc/ices2/ices-playlist.xml echo ' <instance>';
echo ' <!-- Server details:' >> /etc/ices2/ices-playlist.xml echo ' <!-- Server details:';
echo ' You define hostname and port for the server here, along with' >> /etc/ices2/ices-playlist.xml echo ' You define hostname and port for the server here, along with';
echo ' the source password and mountpoint. -->' >> /etc/ices2/ices-playlist.xml echo ' the source password and mountpoint. -->';
echo ' <hostname>localhost</hostname>' >> /etc/ices2/ices-playlist.xml echo ' <hostname>localhost</hostname>';
echo " <port>$ICECAST_PORT</port>" >> /etc/ices2/ices-playlist.xml echo " <port>$ICECAST_PORT</port>";
echo " <password>$ICECAST_PASSWORD</password>" >> /etc/ices2/ices-playlist.xml echo " <password>$ICECAST_PASSWORD</password>";
echo ' <mount>/example1.ogg</mount>' >> /etc/ices2/ices-playlist.xml echo ' <mount>/example1.ogg</mount>';
echo ' <!-- Reconnect parameters:' >> /etc/ices2/ices-playlist.xml echo ' <!-- Reconnect parameters:';
echo ' When something goes wrong (e.g. the server crashes, or the' >> /etc/ices2/ices-playlist.xml echo ' When something goes wrong (e.g. the server crashes, or the';
echo ' network drops) and ices disconnects from the server, these' >> /etc/ices2/ices-playlist.xml echo ' network drops) and ices disconnects from the server, these';
echo ' control how often it tries to reconnect, and how many times' >> /etc/ices2/ices-playlist.xml echo ' control how often it tries to reconnect, and how many times';
echo ' it tries to reconnect. Delay is in seconds.' >> /etc/ices2/ices-playlist.xml echo ' it tries to reconnect. Delay is in seconds.';
echo ' If you set reconnectattempts to -1, it will continue ' >> /etc/ices2/ices-playlist.xml echo ' If you set reconnectattempts to -1, it will continue ';
echo ' indefinately. Suggest setting reconnectdelay to a large value' >> /etc/ices2/ices-playlist.xml echo ' indefinately. Suggest setting reconnectdelay to a large value';
echo ' if you do this.' >> /etc/ices2/ices-playlist.xml echo ' if you do this.';
echo ' -->' >> /etc/ices2/ices-playlist.xml echo ' -->';
echo ' <reconnectdelay>2</reconnectdelay>' >> /etc/ices2/ices-playlist.xml echo ' <reconnectdelay>2</reconnectdelay>';
echo ' <reconnectattempts>5</reconnectattempts> ' >> /etc/ices2/ices-playlist.xml echo ' <reconnectattempts>5</reconnectattempts> ';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <!-- maxqueuelength:' >> /etc/ices2/ices-playlist.xml echo ' <!-- maxqueuelength:';
echo ' This describes how long the internal data queues may be. This' >> /etc/ices2/ices-playlist.xml echo ' This describes how long the internal data queues may be. This';
echo ' basically lets you control how much data gets buffered before' >> /etc/ices2/ices-playlist.xml echo ' basically lets you control how much data gets buffered before';
echo ' ices decides it cant send to the server fast enough, and ' >> /etc/ices2/ices-playlist.xml echo ' ices decides it cant send to the server fast enough, and ';
echo ' either shuts down or flushes the queue (dropping the data)' >> /etc/ices2/ices-playlist.xml echo ' either shuts down or flushes the queue (dropping the data)';
echo ' and continues. ' >> /etc/ices2/ices-playlist.xml echo ' and continues. ';
echo ' For advanced users only.' >> /etc/ices2/ices-playlist.xml echo ' For advanced users only.';
echo ' -->' >> /etc/ices2/ices-playlist.xml echo ' -->';
echo ' <maxqueuelength>80</maxqueuelength>' >> /etc/ices2/ices-playlist.xml echo ' <maxqueuelength>80</maxqueuelength>';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' <!-- Live encoding/reencoding:' >> /etc/ices2/ices-playlist.xml echo ' <!-- Live encoding/reencoding:';
echo ' Currrently, the parameters given here for encoding MUST' >> /etc/ices2/ices-playlist.xml echo ' Currrently, the parameters given here for encoding MUST';
echo ' match the input data for channels and sample rate. That ' >> /etc/ices2/ices-playlist.xml echo ' match the input data for channels and sample rate. That ';
echo ' restriction will be relaxed in the future.' >> /etc/ices2/ices-playlist.xml echo ' restriction will be relaxed in the future.';
echo ' Remove this section if you dont want your files getting reencoded.' >> /etc/ices2/ices-playlist.xml echo ' Remove this section if you dont want your files getting reencoded.';
echo ' -->' >> /etc/ices2/ices-playlist.xml echo ' -->';
echo ' <encode> ' >> /etc/ices2/ices-playlist.xml echo ' <encode> ';
echo ' <nominal-bitrate>64000</nominal-bitrate>' >> /etc/ices2/ices-playlist.xml echo ' <nominal-bitrate>64000</nominal-bitrate>';
echo ' <samplerate>22050</samplerate>' >> /etc/ices2/ices-playlist.xml echo ' <samplerate>22050</samplerate>';
echo ' <channels>1</channels>' >> /etc/ices2/ices-playlist.xml echo ' <channels>1</channels>';
echo ' </encode>' >> /etc/ices2/ices-playlist.xml echo ' </encode>';
echo ' </instance>' >> /etc/ices2/ices-playlist.xml echo ' </instance>';
echo '' >> /etc/ices2/ices-playlist.xml echo '';
echo ' </stream>' >> /etc/ices2/ices-playlist.xml echo ' </stream>';
echo '</ices>' >> /etc/ices2/ices-playlist.xml echo '</ices>'; } > /etc/ices2/ices-playlist.xml
sed -i 's|ENABLE=.*|ENABLE=true|g' /etc/default/icecast2 sed -i 's|ENABLE=.*|ENABLE=true|g' /etc/default/icecast2
@ -733,18 +737,18 @@ function install_icecast {
# create a password for users # create a password for users
ICECAST_USER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" ICECAST_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
if grep -q "$MY_USERNAME:" /etc/nginx/.icepasswd; then if grep -q "$MY_USERNAME:" /etc/nginx/.icepasswd; then
sed -i "/$MY_USERNAME:/d" /etc/nginx/.icepasswd sed -i "/$MY_USERNAME:/d" /etc/nginx/.icepasswd
fi fi
echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd $MY_USERNAME echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd "$MY_USERNAME"
if [ ! -f /etc/nginx/.icepasswd ]; then if [ ! -f /etc/nginx/.icepasswd ]; then
echo $'/etc/nginx/.icepasswd not found' echo $'/etc/nginx/.icepasswd not found'
exit 73528235 exit 73528235
fi fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a icecast -p "$ICECAST_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecast -p "$ICECAST_PASSWORD"
${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p "$ICECAST_USER_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
groupadd icecast groupadd icecast
useradd -c "Icecast system account" -d /etc/icecast2 -m -r -g icecast icecast2 useradd -c "Icecast system account" -d /etc/icecast2 -m -r -g icecast icecast2

View File

@ -76,7 +76,7 @@ function upgrade_ipfs_go {
fi fi
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO set_repo_commit "$GOPATH/src/github.com/ipfs/go-ipfs" "ipfs commit" "$IPFS_COMMIT" "$IPFS_REPO"
} }
function upgrade_ipfs_js { function upgrade_ipfs_js {
@ -97,33 +97,34 @@ function upgrade_ipfs {
} }
function backup_local_ipfs { function backup_local_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then if ! grep -q "Admin user" "$COMPLETION_FILE"; then
return return
fi fi
ADMIN_USERNAME=$(get_completion_param "Admin user") ADMIN_USERNAME=$(get_completion_param "Admin user")
source_directory=/home/$ADMIN_USERNAME/.ipfs source_directory="/home/$ADMIN_USERNAME/.ipfs"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=ipfs dest_directory=ipfs
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
fi fi
} }
function restore_local_ipfs { function restore_local_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then if ! grep -q "Admin user" "$COMPLETION_FILE"; then
return return
fi fi
if [ -d $USB_MOUNT/backup/ipfs ]; then if [ -d "$USB_MOUNT/backup/ipfs" ]; then
echo $"Restoring IPFS" echo $"Restoring IPFS"
temp_restore_dir=/root/tempipfs temp_restore_dir=/root/tempipfs
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ipfs restore_directory_from_usb $temp_restore_dir ipfs
ADMIN_USERNAME=$(get_completion_param "Admin user") ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
else else
cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -138,28 +139,29 @@ function restore_local_ipfs {
} }
function backup_remote_ipfs { function backup_remote_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then if ! grep -q "Admin user" "$COMPLETION_FILE"; then
return return
fi fi
ADMIN_USERNAME=$(get_completion_param "Admin user") ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then if [ -d "/home/$ADMIN_USERNAME/.ipfs" ]; then
echo $"Backing up IPFS" echo $"Backing up IPFS"
backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs backup_directory_to_friend "/home/$ADMIN_USERNAME/.ipfs" ipfs
echo $"Backup of IPFS complete" echo $"Backup of IPFS complete"
fi fi
} }
function restore_remote_ipfs { function restore_remote_ipfs {
if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then if [ -d "$SERVER_DIRECTORY/backup/ipfs" ]; then
echo $"Restoring IPFS" echo $"Restoring IPFS"
temp_restore_dir=/root/tempipfs temp_restore_dir=/root/tempipfs
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ipfs restore_directory_from_friend $temp_restore_dir ipfs
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
else else
cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -177,11 +179,11 @@ function remove_ipfs_go {
systemctl daemon-reload systemctl daemon-reload
rm /etc/systemd/system/ipfs.service rm /etc/systemd/system/ipfs.service
systemctl daemon-reload systemctl daemon-reload
rm -rf $GOPATH/src/github.com/ipfs rm -rf "$GOPATH/src/github.com/ipfs"
firewall_remove $IPFS_PORT tcp firewall_remove $IPFS_PORT tcp
remove_completion_param install_ipfs remove_completion_param install_ipfs
remove_completion_param configure_firewall_for_ipfs remove_completion_param configure_firewall_for_ipfs
sed -i '/ipfs/d' $COMPLETION_FILE sed -i '/ipfs/d' "$COMPLETION_FILE"
} }
function remove_ipfs_js { function remove_ipfs_js {
@ -194,9 +196,9 @@ function remove_ipfs_js {
npm uninstall ronin --global npm uninstall ronin --global
firewall_remove $IPFS_PORT tcp firewall_remove $IPFS_PORT tcp
sed -i '/install_ipfs/d' $COMPLETION_FILE sed -i '/install_ipfs/d' "$COMPLETION_FILE"
sed -i '/ipfs/d' $COMPLETION_FILE sed -i '/ipfs/d' "$COMPLETION_FILE"
sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE sed -i '/configure_firewall_for_ipfs/d' "$COMPLETION_FILE"
} }
function remove_ipfs { function remove_ipfs {
@ -205,7 +207,7 @@ function remove_ipfs {
} }
function configure_firewall_for_ipfs { function configure_firewall_for_ipfs {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ $ONION_ONLY != "no" ]]; then
@ -213,22 +215,23 @@ function configure_firewall_for_ipfs {
fi fi
firewall_add IPFS $IPFS_PORT tcp firewall_add IPFS $IPFS_PORT tcp
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function mesh_install_ipfs_js { function mesh_install_ipfs_js {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
chroot ${rootdir} apt-get -yq install libpam0g-dev fuse # shellcheck disable=SC2154
chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse
if [ ! -f ${rootdir}/usr/bin/nodejs ]; then if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
echo $'nodejs was not installed' echo $'nodejs was not installed'
exit 63962 exit 63962
fi fi
cat <<EOF > ${rootdir}/root/install-ipfs.sh cat <<EOF > "${rootdir}/root/install-ipfs.sh"
#!/bin/bash #!/bin/bash
PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin" PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin"
NODE_PATH="/usr/lib/node_modules" NODE_PATH="/usr/lib/node_modules"
@ -241,57 +244,57 @@ npm install -g ronin@${IPFS_JS_RONIN_VERSION} --save
npm install -g ipfs@${IPFS_JS_VERSION} --save npm install -g ipfs@${IPFS_JS_VERSION} --save
exit 0 exit 0
EOF EOF
chroot ${rootdir} /bin/chmod +x /root/install-ipfs.sh chroot "${rootdir}" /bin/chmod +x /root/install-ipfs.sh
chroot ${rootdir} /root/install-ipfs.sh chroot "${rootdir}" /root/install-ipfs.sh
rm -f ${rootdir}/root/install-ipfs.sh rm -f "${rootdir}/root/install-ipfs.sh"
IPFS_PATH=/usr/bin IPFS_PATH=/usr/bin
if [ ! -f ${rootdir}$IPFS_PATH/jsipfs ]; then if [ ! -f "${rootdir}$IPFS_PATH/jsipfs" ]; then
exit 637292 exit 637292
fi fi
# directories to mount to # directories to mount to
if [ ! -d ${rootdir}/ipfs ]; then if [ ! -d "${rootdir}/ipfs" ]; then
chroot ${rootdir} /bin/mkdir /ipfs chroot "${rootdir}" /bin/mkdir /ipfs
chroot ${rootdir} /bin/mkdir /ipns chroot "${rootdir}" /bin/mkdir /ipns
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipfs chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipns chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipns
fi fi
if [ -f ${rootdir}/etc/fuse.conf ]; then if [ -f "${rootdir}/etc/fuse.conf" ]; then
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
fi fi
if [ -f ${rootdir}/dev/fuse ]; then if [ -f "${rootdir}/dev/fuse" ]; then
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /dev/fuse chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
fi fi
IPFS_DAEMON_NAME=ipfs IPFS_DAEMON_NAME=ipfs
IPFS_DAEMON_FILE=${rootdir}/etc/systemd/system/${IPFS_DAEMON_NAME}.service IPFS_DAEMON_FILE=${rootdir}/etc/systemd/system/${IPFS_DAEMON_NAME}.service
echo '[Unit]' > $IPFS_DAEMON_FILE { echo '[Unit]';
echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE echo 'Description=IPFS javascript daemon';
echo 'After=syslog.target' >> $IPFS_DAEMON_FILE echo 'After=syslog.target';
echo 'After=network.target' >> $IPFS_DAEMON_FILE echo 'After=network.target';
echo '' >> $IPFS_DAEMON_FILE echo '';
echo '[Service]' >> $IPFS_DAEMON_FILE echo '[Service]';
echo 'Type=simple' >> $IPFS_DAEMON_FILE echo 'Type=simple';
echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE echo "User=$MY_USERNAME";
echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE echo "Group=$MY_USERNAME";
echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE echo "WorkingDirectory=/home/$MY_USERNAME";
echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE echo 'Restart=on-failure';
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
echo '' >> $IPFS_DAEMON_FILE echo '';
echo '[Install]' >> $IPFS_DAEMON_FILE echo '[Install]';
echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE echo 'WantedBy=multi-user.target'; } > "$IPFS_DAEMON_FILE"
chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME} chroot "${rootdir}" systemctl enable ${IPFS_DAEMON_NAME}
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function install_ipfs_js { function install_ipfs_js {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_install_ipfs_js mesh_install_ipfs_js
return return
fi fi
@ -321,8 +324,8 @@ function install_ipfs_js {
fi fi
# initialise # initialise
su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - $MY_USERNAME su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - "$MY_USERNAME"
if [ ! -d /home/$MY_USERNAME/.ipfs ]; then if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
echo "IPFS could not be initialised for user $MY_USERNAME" echo "IPFS could not be initialised for user $MY_USERNAME"
exit 7358 exit 7358
fi fi
@ -331,42 +334,42 @@ function install_ipfs_js {
if [ ! -d /ipfs ]; then if [ ! -d /ipfs ]; then
mkdir /ipfs mkdir /ipfs
mkdir /ipns mkdir /ipns
chown $MY_USERNAME:$MY_USERNAME /ipfs chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
chown $MY_USERNAME:$MY_USERNAME /ipns chown "$MY_USERNAME":"$MY_USERNAME" /ipns
fi fi
if [ -f /etc/fuse.conf ]; then if [ -f /etc/fuse.conf ]; then
chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
fi fi
if [ -f /dev/fuse ]; then if [ -f /dev/fuse ]; then
chown $MY_USERNAME:$MY_USERNAME /dev/fuse chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
fi fi
IPFS_DAEMON_NAME=ipfs IPFS_DAEMON_NAME=ipfs
IPFS_DAEMON_FILE=/etc/systemd/system/${IPFS_DAEMON_NAME}.service IPFS_DAEMON_FILE=/etc/systemd/system/${IPFS_DAEMON_NAME}.service
echo '[Unit]' > $IPFS_DAEMON_FILE { echo '[Unit]';
echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE echo 'Description=IPFS javascript daemon';
echo 'After=syslog.target' >> $IPFS_DAEMON_FILE echo 'After=syslog.target';
echo 'After=network.target' >> $IPFS_DAEMON_FILE echo 'After=network.target';
echo '' >> $IPFS_DAEMON_FILE echo '';
echo '[Service]' >> $IPFS_DAEMON_FILE echo '[Service]';
echo 'Type=simple' >> $IPFS_DAEMON_FILE echo 'Type=simple';
echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE echo "User=$MY_USERNAME";
echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE echo "Group=$MY_USERNAME";
echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE echo "WorkingDirectory=/home/$MY_USERNAME";
echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE echo 'Restart=on-failure';
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
echo '' >> $IPFS_DAEMON_FILE echo '';
echo '[Install]' >> $IPFS_DAEMON_FILE echo '[Install]';
echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE echo 'WantedBy=multi-user.target'; } > $IPFS_DAEMON_FILE
systemctl enable ${IPFS_DAEMON_NAME} systemctl enable ${IPFS_DAEMON_NAME}
systemctl daemon-reload systemctl daemon-reload
systemctl restart ${IPFS_DAEMON_NAME} systemctl restart ${IPFS_DAEMON_NAME}
if [ -d /etc/avahi ]; then if [ -d /etc/avahi ]; then
su -c "echo $($IPFS_PATH/jsipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME su -c "echo $($IPFS_PATH/jsipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - "$MY_USERNAME"
if [ ! -f /tmp/ipfsid ]; then if [ ! -f /tmp/ipfsid ]; then
echo 'No IPFS identity was created' echo 'No IPFS identity was created'
exit 37895 exit 37895
@ -387,17 +390,17 @@ function install_ipfs_js {
} }
function mesh_install_ipfs_go { function mesh_install_ipfs_go {
chroot ${rootdir} apt-get -yq install libpam0g-dev fuse wget chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse wget
mesh_upgrade_golang mesh_upgrade_golang
IPFS_ARCH= IPFS_ARCH=
IPFS_PATH=/usr/bin IPFS_PATH=/usr/bin
if [ ! -d $rootdir$INSTALL_DIR/ipfs ]; then if [ ! -d "$rootdir$INSTALL_DIR/ipfs" ]; then
mkdir -p $rootdir$INSTALL_DIR/ipfs mkdir -p "$rootdir$INSTALL_DIR/ipfs"
fi fi
cd $rootdir$INSTALL_DIR/ipfs cd "$rootdir$INSTALL_DIR/ipfs" || exit 23468264
if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
IPFS_ARCH=386 IPFS_ARCH=386
@ -431,42 +434,42 @@ function mesh_install_ipfs_go {
IPFS_FILE=go-ipfs_v${IPFS_GO_VERSION}_linux-${IPFS_ARCH}.tar.gz IPFS_FILE=go-ipfs_v${IPFS_GO_VERSION}_linux-${IPFS_ARCH}.tar.gz
wget https://ipfs.io/ipns/dist.ipfs.io/go-ipfs/v${IPFS_GO_VERSION}/${IPFS_FILE} wget https://ipfs.io/ipns/dist.ipfs.io/go-ipfs/v${IPFS_GO_VERSION}/${IPFS_FILE}
if [ ! -f $rootdir$INSTALL_DIR/ipfs/${IPFS_FILE} ]; then if [ ! -f "$rootdir$INSTALL_DIR/ipfs/${IPFS_FILE}" ]; then
echo $'IPFS package could not be downloaded' echo $'IPFS package could not be downloaded'
exit 63725 exit 63725
fi fi
tar -xzvf ${IPFS_FILE} tar -xzvf ${IPFS_FILE}
if [ ! -f $rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs ]; then if [ ! -f "$rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs" ]; then
echo $"ipfs was not found in downloaded package" echo $"ipfs was not found in downloaded package"
exit 638235 exit 638235
fi fi
chroot "$rootdir" /bin/cp $INSTALL_DIR/ipfs/go-ipfs/ipfs $IPFS_PATH chroot "$rootdir" /bin/cp "$INSTALL_DIR/ipfs/go-ipfs/ipfs" $IPFS_PATH
if [ ! -f $rootdir$IPFS_PATH/ipfs ]; then if [ ! -f "$rootdir$IPFS_PATH/ipfs" ]; then
echo $'IPFS was not installed' echo $'IPFS was not installed'
exit 63722 exit 63722
fi fi
IPFS_USER_DAEMON=${rootdir}/home/${MY_USERNAME}/.config/systemd/user/ipfs.service IPFS_USER_DAEMON=${rootdir}/home/${MY_USERNAME}/.config/systemd/user/ipfs.service
mkdir -p ${rootdir}/home/${MY_USERNAME}/.config/systemd/user mkdir -p "${rootdir}/home/${MY_USERNAME}/.config/systemd/user"
echo '[Unit]' > $IPFS_USER_DAEMON { echo '[Unit]';
echo 'Description=IPFS go daemon' >> $IPFS_USER_DAEMON echo 'Description=IPFS go daemon';
echo 'After=syslog.target' >> $IPFS_USER_DAEMON echo 'After=syslog.target';
echo 'After=network.target' >> $IPFS_USER_DAEMON echo 'After=network.target';
echo '' >> $IPFS_USER_DAEMON echo '';
echo '[Service]' >> $IPFS_USER_DAEMON echo '[Service]';
echo 'Type=simple' >> $IPFS_USER_DAEMON echo 'Type=simple';
echo "ExecStart=$IPFS_PATH/ipfs daemon" >> $IPFS_USER_DAEMON echo "ExecStart=$IPFS_PATH/ipfs daemon";
echo 'Restart=on-failure' >> $IPFS_USER_DAEMON echo 'Restart=on-failure';
echo 'RestartSec=60' >> $IPFS_USER_DAEMON echo 'RestartSec=60';
echo '' >> $IPFS_USER_DAEMON echo '';
echo '[Install]' >> $IPFS_USER_DAEMON echo '[Install]';
echo 'WantedBy=default.target' >> $IPFS_USER_DAEMON echo 'WantedBy=default.target'; } > "$IPFS_USER_DAEMON"
chroot ${rootdir} /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/${MY_USERNAME}/.config chroot "${rootdir}" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/${MY_USERNAME}/.config"
} }
function install_ipfs_go { function install_ipfs_go {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_install_ipfs_go mesh_install_ipfs_go
return return
fi fi
@ -490,61 +493,58 @@ function install_ipfs_go {
else else
sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
fi fi
systemctl set-environment GOPATH=$GOPATH systemctl set-environment GOPATH="$GOPATH"
if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
else else
sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
fi fi
if [ ! -d $GOPATH ]; then if [ ! -d "$GOPATH" ]; then
mkdir -p $GOPATH mkdir -p "$GOPATH"
fi fi
fi fi
IPFS_PATH=$GOPATH/bin IPFS_PATH=$GOPATH/bin
export PATH="$GOPATH/bin:$PATH:" export PATH="$GOPATH/bin:$PATH:"
if ! grep -q 'GOPATH/bin' ~/.bashrc; then if ! grep -q 'GOPATH/bin' ~/.bashrc; then
echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> ~/.bashrc
else else
sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
fi fi
# set gopath for the user # set gopath for the user
if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then if ! grep -q "GOPATH=" "/home/$MY_USERNAME/.bashrc"; then
echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc echo "export GOPATH=$GOPATH" >> "/home/$MY_USERNAME/.bashrc"
echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> "/home/$MY_USERNAME/.bashrc"
else else
sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" "/home/$MY_USERNAME/.bashrc"
fi fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.bashrc"
go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs if ! go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs; then
if [ ! "$?" = "0" ]; then
exit 8242 exit 8242
fi fi
if [ ! -d $GOPATH/src/$IPFS_GO_REPO_BASE ]; then if [ ! -d "$GOPATH/src/$IPFS_GO_REPO_BASE" ]; then
echo $'go get failed to get ipfs' echo $'go get failed to get ipfs'
exit 63923 exit 63923
fi fi
cd $GOPATH/src/$IPFS_GO_REPO_BASE cd "$GOPATH/src/$IPFS_GO_REPO_BASE" || exit 346824
git checkout $IPFS_COMMIT -b $IPFS_COMMIT if ! git checkout $IPFS_COMMIT -b $IPFS_COMMIT; then
if [ ! "$?" = "0" ]; then
exit 735639 exit 735639
fi fi
set_completion_param "ipfs commit" "$IPFS_COMMIT" set_completion_param "ipfs commit" "$IPFS_COMMIT"
make install if ! make install; then
if [ ! "$?" = "0" ]; then
exit 547242 exit 547242
fi fi
# initialise # initialise
chmod 755 $IPFS_PATH/ipfs chmod 755 "$IPFS_PATH/ipfs"
su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME su -c "$IPFS_PATH/ipfs init -b 2048" - "$MY_USERNAME"
if [ ! -d /home/$MY_USERNAME/.ipfs ]; then if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
echo "IPFS could not be initialised for user $MY_USERNAME" echo "IPFS could not be initialised for user $MY_USERNAME"
exit 7358 exit 7358
fi fi
@ -553,40 +553,40 @@ function install_ipfs_go {
if [ ! -d /ipfs ]; then if [ ! -d /ipfs ]; then
mkdir /ipfs mkdir /ipfs
mkdir /ipns mkdir /ipns
chown $MY_USERNAME:$MY_USERNAME /ipfs chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
chown $MY_USERNAME:$MY_USERNAME /ipns chown "$MY_USERNAME":"$MY_USERNAME" /ipns
fi fi
if [ -f /etc/fuse.conf ]; then if [ -f /etc/fuse.conf ]; then
chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
fi fi
if [ -f /dev/fuse ]; then if [ -f /dev/fuse ]; then
chown $MY_USERNAME:$MY_USERNAME /dev/fuse chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
fi fi
echo '[Unit]' > /etc/systemd/system/ipfs.service { echo '[Unit]';
echo 'Description=IPFS go daemon' >> /etc/systemd/system/ipfs.service echo 'Description=IPFS go daemon';
echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/ipfs.service echo 'After=network.target';
echo '' >> /etc/systemd/system/ipfs.service echo '';
echo '[Service]' >> /etc/systemd/system/ipfs.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/ipfs.service echo 'Type=simple';
echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service echo "User=$MY_USERNAME";
echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service echo "Group=$MY_USERNAME";
echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service echo "WorkingDirectory=/home/$MY_USERNAME";
echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service echo "ExecStart=$IPFS_PATH/ipfs daemon --mount";
echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service echo 'Restart=on-failure';
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"";
echo '' >> /etc/systemd/system/ipfs.service echo '';
echo '[Install]' >> /etc/systemd/system/ipfs.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ipfs.service
systemctl enable ipfs systemctl enable ipfs
systemctl daemon-reload systemctl daemon-reload
systemctl restart ipfs systemctl restart ipfs
if [ -d /etc/avahi ]; then if [ -d /etc/avahi ]; then
su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME su -c "echo $("$IPFS_PATH/ipfs" id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - "$MY_USERNAME"
if [ ! -f /tmp/ipfsid ]; then if [ ! -f /tmp/ipfsid ]; then
echo 'No IPFS identity was created' echo 'No IPFS identity was created'
exit 37895 exit 37895

View File

@ -63,7 +63,7 @@ function logging_off_irc {
} }
function irc_get_global_password { function irc_get_global_password {
echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') grep "Password =" /etc/ngircd/ngircd.conf | head -n 1 | awk -F '=' '{print $2}'
} }
function start_irc_bouncer { function start_irc_bouncer {
@ -93,70 +93,70 @@ function create_irssi_config {
new_name="$new_username" new_name="$new_username"
fi fi
echo 'servers = (' > /home/${new_username}/.irssi/config { echo 'servers = (';
echo ' {' >> /home/${new_username}/.irssi/config echo ' {';
echo ' address = "chat.freenode.net";' >> /home/${new_username}/.irssi/config echo ' address = "chat.freenode.net";';
echo ' chatnet = "Freenode";' >> /home/${new_username}/.irssi/config echo ' chatnet = "Freenode";';
echo ' port = "6667";' >> /home/${new_username}/.irssi/config echo ' port = "6667";';
echo ' autoconnect = "no";' >> /home/${new_username}/.irssi/config echo ' autoconnect = "no";';
echo ' },' >> /home/${new_username}/.irssi/config echo ' },';
echo ' {' >> /home/${new_username}/.irssi/config echo ' {';
echo ' address = "irc.oftc.net";' >> /home/${new_username}/.irssi/config echo ' address = "irc.oftc.net";';
echo ' chatnet = "OFTC";' >> /home/${new_username}/.irssi/config echo ' chatnet = "OFTC";';
echo ' port = "6667";' >> /home/${new_username}/.irssi/config echo ' port = "6667";';
echo ' autoconnect = "no";' >> /home/${new_username}/.irssi/config echo ' autoconnect = "no";';
echo ' },' >> /home/${new_username}/.irssi/config echo ' },';
echo ' {' >> /home/${new_username}/.irssi/config echo ' {';
echo " address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config echo " address = \"127.0.0.1\";";
echo ' ssl_verify = "no";' >> /home/${new_username}/.irssi/config echo ' ssl_verify = "no";'; } > "/home/${new_username}/.irssi/config"
if [[ ${ONION_ONLY} == 'no' ]]; then if [[ ${ONION_ONLY} == 'no' ]]; then
echo ' use_ssl = "yes";' >> /home/${new_username}/.irssi/config echo ' use_ssl = "yes";' >> "/home/${new_username}/.irssi/config"
echo " port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config echo " port = \"${IRC_BOUNCER_PORT}\";" >> "/home/${new_username}/.irssi/config"
else else
echo ' use_ssl = "no";' >> /home/${new_username}/.irssi/config echo ' use_ssl = "no";' >> "/home/${new_username}/.irssi/config"
IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}') IRC_ONION_HOSTNAME=$(grep "irc onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}')
echo " port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config echo " port = \"${IRC_ONION_PORT}\";" >> "/home/${new_username}/.irssi/config"
fi fi
echo ' chatnet = "Freedombone";' >> /home/${new_username}/.irssi/config echo ' chatnet = "Freedombone";' >> "/home/${new_username}/.irssi/config"
echo ' autoconnect = "yes";' >> /home/${new_username}/.irssi/config echo ' autoconnect = "yes";' >> "/home/${new_username}/.irssi/config"
if [ ${IRC_PASSWORD} ]; then if [ "${IRC_PASSWORD}" ]; then
echo " password = \"${IRC_PASSWORD}\";" >> /home/${new_username}/.irssi/config echo " password = \"${IRC_PASSWORD}\";" >> "/home/${new_username}/.irssi/config"
fi fi
echo ' }' >> /home/${new_username}/.irssi/config { echo ' }';
echo ');' >> /home/${new_username}/.irssi/config echo ');';
echo '' >> /home/${new_username}/.irssi/config echo '';
echo 'chatnets = {' >> /home/${new_username}/.irssi/config echo 'chatnets = {';
echo ' Freedombone = {' >> /home/${new_username}/.irssi/config echo ' Freedombone = {';
echo ' type = "IRC";' >> /home/${new_username}/.irssi/config echo ' type = "IRC";';
echo ' max_kicks = "1";' >> /home/${new_username}/.irssi/config echo ' max_kicks = "1";';
echo ' max_msgs = "4";' >> /home/${new_username}/.irssi/config echo ' max_msgs = "4";';
echo ' max_whois = "1";' >> /home/${new_username}/.irssi/config echo ' max_whois = "1";';
echo ' };' >> /home/${new_username}/.irssi/config echo ' };';
echo ' Freenode = {' >> /home/${new_username}/.irssi/config echo ' Freenode = {';
echo ' type = "IRC";' >> /home/${new_username}/.irssi/config echo ' type = "IRC";';
echo ' max_kicks = "1";' >> /home/${new_username}/.irssi/config echo ' max_kicks = "1";';
echo ' max_msgs = "4";' >> /home/${new_username}/.irssi/config echo ' max_msgs = "4";';
echo ' max_whois = "1";' >> /home/${new_username}/.irssi/config echo ' max_whois = "1";';
echo ' };' >> /home/${new_username}/.irssi/config echo ' };';
echo ' OFTC = {' >> /home/${new_username}/.irssi/config echo ' OFTC = {';
echo ' type = "IRC";' >> /home/${new_username}/.irssi/config echo ' type = "IRC";';
echo ' max_kicks = "1";' >> /home/${new_username}/.irssi/config echo ' max_kicks = "1";';
echo ' max_msgs = "1";' >> /home/${new_username}/.irssi/config echo ' max_msgs = "1";';
echo ' max_whois = "1";' >> /home/${new_username}/.irssi/config echo ' max_whois = "1";';
echo ' };' >> /home/${new_username}/.irssi/config echo ' };';
echo '};' >> /home/${new_username}/.irssi/config echo '};';
echo '' >> /home/${new_username}/.irssi/config echo '';
echo 'channels = (' >> /home/${new_username}/.irssi/config echo 'channels = (';
echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/${new_username}/.irssi/config echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },';
echo ');' >> /home/${new_username}/.irssi/config echo ');';
echo '' >> /home/${new_username}/.irssi/config echo '';
echo 'settings = {' >> /home/${new_username}/.irssi/config echo 'settings = {';
echo " core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };" >> /home/${new_username}/.irssi/config echo " core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };";
echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/${new_username}/.irssi/config echo ' "fe-text" = { actlist_sort = "refnum"; };';
echo '};' >> /home/${new_username}/.irssi/config echo '};';
echo 'ignores = ( { level = "CTCPS"; } );' >> /home/${new_username}/.irssi/config echo 'ignores = ( { level = "CTCPS"; } );'; } >> "/home/${new_username}/.irssi/config"
chown -R ${new_username}:${new_username} /home/${new_username}/.irssi chown -R "${new_username}":"${new_username}" "/home/${new_username}/.irssi"
} }
function remove_user_irc_bouncer { function remove_user_irc_bouncer {
@ -172,14 +172,14 @@ function remove_user_irc_bouncer {
function remove_user_irc { function remove_user_irc {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp irc "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp irc
remove_user_irc_bouncer ${remove_username} remove_user_irc_bouncer "${remove_username}"
if [ -d /home/${remove_username}/.irssi ]; then if [ -d "/home/${remove_username}/.irssi" ]; then
rm -rf /home/${remove_username}/.irssi rm -rf "/home/${remove_username}/.irssi"
fi fi
if [ -d /home/${remove_username}/irclogs ]; then if [ -d "/home/${remove_username}/irclogs" ]; then
rm -rf /home/${remove_username}/irclogs rm -rf "/home/${remove_username}/irclogs"
fi fi
} }
@ -192,9 +192,9 @@ function irc_set_global_password_base {
for d in /home/*/ ; do for d in /home/*/ ; do
IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}') IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$IRC_USERNAME") == "1" ]]; then if [[ $(is_valid_user "$IRC_USERNAME") == "1" ]]; then
if [ -f /home/${IRC_USERNAME}/.irssi/config ]; then if [ -f "/home/${IRC_USERNAME}/.irssi/config" ]; then
sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/${IRC_USERNAME}/.irssi/config sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" "/home/${IRC_USERNAME}/.irssi/config"
chown -R ${IRC_USERNAME}:${IRC_USERNAME} /home/${IRC_USERNAME}/.irssi chown -R "${IRC_USERNAME}":"${IRC_USERNAME}" "/home/${IRC_USERNAME}/.irssi"
fi fi
fi fi
done done
@ -217,11 +217,11 @@ function irc_set_global_password_base {
sed -i "s|Server = 127.0.0.1.*|Server = 127.0.0.1 ${IRC_PORT} ${NEW_IRC_PASSWORD}|g" /home/znc/.znc/configs/znc.conf sed -i "s|Server = 127.0.0.1.*|Server = 127.0.0.1 ${IRC_PORT} ${NEW_IRC_PASSWORD}|g" /home/znc/.znc/configs/znc.conf
# Update the password # Update the password
${PROJECT_NAME}-pass -u $MY_USERNAME -a irc -p "$NEW_IRC_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a irc -p "$NEW_IRC_PASSWORD"
# matrix bridge to irc # matrix bridge to irc
if [ -f $INSTALL_DIR/matrix_irc_bridge/config.yaml ]; then if [ -f "$INSTALL_DIR/matrix_irc_bridge/config.yaml" ]; then
sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" $INSTALL_DIR/matrix_irc_bridge/config.yaml sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" "$INSTALL_DIR/matrix_irc_bridge/config.yaml"
systemctl restart matrix_irc_bridge systemctl restart matrix_irc_bridge
fi fi
@ -244,7 +244,7 @@ function add_user_irc_bouncer {
new_user_password=$(irc_get_global_password) new_user_password=$(irc_get_global_password)
IRC_PASSWORD="$new_user_password" IRC_PASSWORD="$new_user_password"
is_admin='true' is_admin='true'
if [ ! $3 ]; then if [ ! "$3" ]; then
is_admin='false' is_admin='false'
fi fi
@ -255,7 +255,7 @@ function add_user_irc_bouncer {
read_config_param IRC_PORT read_config_param IRC_PORT
read_config_param DEFAULT_DOMAIN_NAME read_config_param DEFAULT_DOMAIN_NAME
${PROJECT_NAME}-pass -u $new_username -a irc -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a irc -p "$new_user_password"
stop_irc_bouncer stop_irc_bouncer
@ -269,73 +269,73 @@ function add_user_irc_bouncer {
return return
fi fi
echo "<User ${new_username}>" >> /home/znc/.znc/configs/znc.conf { echo "<User ${new_username}>";
echo " Admin = ${is_admin}" >> /home/znc/.znc/configs/znc.conf echo " Admin = ${is_admin}";
echo " AltNick = ${new_username}_" >> /home/znc/.znc/configs/znc.conf echo " AltNick = ${new_username}_";
echo ' AppendTimestamp = false' >> /home/znc/.znc/configs/znc.conf echo ' AppendTimestamp = false';
echo ' AutoClearChanBuffer = true' >> /home/znc/.znc/configs/znc.conf echo ' AutoClearChanBuffer = true';
echo ' AutoClearQueryBuffer = true' >> /home/znc/.znc/configs/znc.conf echo ' AutoClearQueryBuffer = true';
echo " Buffer = ${IRC_BUFFER_LENGTH}" >> /home/znc/.znc/configs/znc.conf echo " Buffer = ${IRC_BUFFER_LENGTH}";
echo ' DenyLoadMod = false' >> /home/znc/.znc/configs/znc.conf echo ' DenyLoadMod = false';
echo ' DenySetBindHost = false' >> /home/znc/.znc/configs/znc.conf echo ' DenySetBindHost = false';
echo " Ident = ${new_username}" >> /home/znc/.znc/configs/znc.conf echo " Ident = ${new_username}";
echo ' JoinTries = 10' >> /home/znc/.znc/configs/znc.conf echo ' JoinTries = 10';
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = chansaver';
echo ' LoadModule = controlpanel' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = controlpanel';
echo ' MaxJoins = 10' >> /home/znc/.znc/configs/znc.conf echo ' MaxJoins = 10';
echo ' MaxNetworks = 10' >> /home/znc/.znc/configs/znc.conf echo ' MaxNetworks = 10';
echo ' MaxQueryBuffers = 50' >> /home/znc/.znc/configs/znc.conf echo ' MaxQueryBuffers = 50';
echo ' MultiClients = true' >> /home/znc/.znc/configs/znc.conf echo ' MultiClients = true';
echo " Nick = ${new_username}" >> /home/znc/.znc/configs/znc.conf echo " Nick = ${new_username}";
echo ' PrependTimestamp = true' >> /home/znc/.znc/configs/znc.conf echo ' PrependTimestamp = true';
echo ' QuitMsg = Bye' >> /home/znc/.znc/configs/znc.conf echo ' QuitMsg = Bye';
echo " RealName = ${new_username}" >> /home/znc/.znc/configs/znc.conf echo " RealName = ${new_username}";
echo ' StatusPrefix = *' >> /home/znc/.znc/configs/znc.conf echo ' StatusPrefix = *';
echo ' TimestampFormat = [%H:%M:%S]' >> /home/znc/.znc/configs/znc.conf echo ' TimestampFormat = [%H:%M:%S]';
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo " <Network ${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf echo " <Network ${PROJECT_NAME}>";
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = chansaver';
echo ' LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = simple_away';
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo " Server = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}" >> /home/znc/.znc/configs/znc.conf echo " Server = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}";
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo " <Chan #${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf echo " <Chan #${PROJECT_NAME}>";
echo ' </Chan>' >> /home/znc/.znc/configs/znc.conf echo ' </Chan>';
echo ' </Network>' >> /home/znc/.znc/configs/znc.conf echo ' </Network>';
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo ' <Network oftc>' >> /home/znc/.znc/configs/znc.conf echo ' <Network oftc>';
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = chansaver';
echo ' LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = simple_away';
echo ' FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf echo ' FloodBurst = 4';
echo ' FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf echo ' FloodRate = 1.00';
echo ' IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf echo ' IRCConnectEnabled = true';
echo ' Server = irc.oftc.net 6697' >> /home/znc/.znc/configs/znc.conf echo ' Server = irc.oftc.net 6697';
echo ' </Network>' >> /home/znc/.znc/configs/znc.conf echo ' </Network>';
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo ' <Network freenode>' >> /home/znc/.znc/configs/znc.conf echo ' <Network freenode>';
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = chansaver';
echo ' LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf echo ' LoadModule = simple_away';
echo ' FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf echo ' FloodBurst = 4';
echo ' FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf echo ' FloodRate = 1.00';
echo ' IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf echo ' IRCConnectEnabled = true';
echo ' Server = irc.freenode.net 6697' >> /home/znc/.znc/configs/znc.conf echo ' Server = irc.freenode.net 6697';
echo ' </Network>' >> /home/znc/.znc/configs/znc.conf echo ' </Network>';
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo ' <Pass password>' >> /home/znc/.znc/configs/znc.conf echo ' <Pass password>';
echo " Hash = ${new_user_hash}" >> /home/znc/.znc/configs/znc.conf echo " Hash = ${new_user_hash}";
echo ' Method = sha256' >> /home/znc/.znc/configs/znc.conf echo ' Method = sha256';
echo " Salt = ${ZNC_SALT}" >> /home/znc/.znc/configs/znc.conf echo " Salt = ${ZNC_SALT}";
echo ' </Pass>' >> /home/znc/.znc/configs/znc.conf echo ' </Pass>';
echo '</User>' >> /home/znc/.znc/configs/znc.conf echo '</User>'; } >> /home/znc/.znc/configs/znc.conf
mkdir -p /home/znc/.znc/users/${new_username}/moddata mkdir -p "/home/znc/.znc/users/${new_username}/moddata"
mkdir -p /home/znc/.znc/users/${new_username}/networks mkdir -p "/home/znc/.znc/users/${new_username}/networks"
mkdir /home/znc/.znc/users/${new_username}/moddata/chanserver mkdir "/home/znc/.znc/users/${new_username}/moddata/chanserver"
mkdir /home/znc/.znc/users/${new_username}/moddata/controlpanel mkdir "/home/znc/.znc/users/${new_username}/moddata/controlpanel"
mkdir /home/znc/.znc/users/${new_username}/moddata/perform mkdir "/home/znc/.znc/users/${new_username}/moddata/perform"
mkdir /home/znc/.znc/users/${new_username}/moddata/webadmin mkdir "/home/znc/.znc/users/${new_username}/moddata/webadmin"
mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver"
mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away"
mkdir -p /home/znc/.znc/moddata/webadmin mkdir -p /home/znc/.znc/moddata/webadmin
@ -353,8 +353,8 @@ function add_user_irc {
IRC_PASSWORD= IRC_PASSWORD=
fi fi
if [ ! -d /home/${new_username}/.irssi ]; then if [ ! -d "/home/${new_username}/.irssi" ]; then
mkdir /home/${new_username}/.irssi mkdir "/home/${new_username}/.irssi"
fi fi
create_irssi_config "${new_username}" create_irssi_config "${new_username}"
@ -374,19 +374,21 @@ function irc_show_password {
function irc_set_global_password { function irc_set_global_password {
EXISTING_IRC_PASSWORD=$(irc_get_global_password) EXISTING_IRC_PASSWORD=$(irc_get_global_password)
data=$(mktemp 2>/dev/null)
dialog --title $"IRC Password" \ dialog --title $"IRC Password" \
--clear \ --clear \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> $data --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
NEW_IRC_PASSWORD=$(<$data) NEW_IRC_PASSWORD=$(<"$data")
irc_set_global_password_base "$NEW_IRC_PASSWORD" irc_set_global_password_base "$NEW_IRC_PASSWORD"
dialog --title $"IRC Password" \ dialog --title $"IRC Password" \
--msgbox $"The IRC password was changed" 6 40 --msgbox $"The IRC password was changed" 6 40
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_irc { function configure_interactive_irc {
@ -398,24 +400,26 @@ function configure_interactive_irc {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"IRC Menu" \ --title $"IRC Menu" \
--radiolist $"Choose an operation:" 14 70 4 \ --radiolist $"Choose an operation:" 14 70 4 \
1 $"Set a password for all IRC users" off \ 1 $"Set a password for all IRC users" off \
2 $"Show current IRC login password" off \ 2 $"Show current IRC login password" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) irc_set_global_password;; 1) irc_set_global_password;;
2) irc_show_password;; 2) irc_show_password;;
3) break;; 3) break;;
esac esac
rm -f "$data"
done done
} }
@ -466,7 +470,7 @@ function remove_irc {
remove_onion_service irc ${IRC_ONION_PORT} remove_onion_service irc ${IRC_ONION_PORT}
remove_completion_param install_irc remove_completion_param install_irc
remove_completion_param configure_firewall_for_irc remove_completion_param configure_firewall_for_irc
sed -i '/IRC /d' ${COMPLETION_FILE} sed -i '/IRC /d' "${COMPLETION_FILE}"
sed -i '/znc 2> /d' /etc/crontab sed -i '/znc 2> /d' /etc/crontab
stop_irc_bouncer stop_irc_bouncer
if [ -d /home/znc ]; then if [ -d /home/znc ]; then
@ -481,7 +485,7 @@ function configure_firewall_for_irc {
if [ ! -d /etc/ngircd ]; then if [ ! -d /etc/ngircd ]; then
return return
fi fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
if [[ ${INSTALLED_WITHIN_DOCKER} == "yes" ]]; then if [[ ${INSTALLED_WITHIN_DOCKER} == "yes" ]]; then
@ -496,7 +500,7 @@ function configure_firewall_for_irc {
save_firewall_settings save_firewall_settings
firewall_add IRC ${IRC_BOUNCER_PORT} tcp firewall_add IRC ${IRC_BOUNCER_PORT} tcp
echo 'configure_firewall_for_irc' >> ${COMPLETION_FILE} echo 'configure_firewall_for_irc' >> "${COMPLETION_FILE}"
} }
function install_irc_server { function install_irc_server {
@ -511,29 +515,29 @@ function install_irc_server {
fi fi
# obtain a cert for the default domain # obtain a cert for the default domain
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
echo $'Obtaining certificate for the main domain' echo $'Obtaining certificate for the main domain'
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
fi fi
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "0" ]]; then if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
${PROJECT_NAME}-addcert -h ngircd --dhkey ${DH_KEYLENGTH} "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
function_check check_certificates function_check check_certificates
check_certificates ngircd check_certificates ngircd
fi fi
DEFAULTDOMAIN=${DEFAULT_DOMAIN_NAME} DEFAULTDOMAIN=${DEFAULT_DOMAIN_NAME}
IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" IRC_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
set_password_for_all_users irc "$IRC_PASSWORD" set_password_for_all_users irc "$IRC_PASSWORD"
echo '**************************************************' > /etc/ngircd/motd { echo '**************************************************';
echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd echo $'* F R E E D O M B O N E I R C *';
echo '* *' >> /etc/ngircd/motd echo '* *';
echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd echo $'* Freedom in the Cloud *';
echo '**************************************************' >> /etc/ngircd/motd echo '**************************************************'; } > /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
@ -541,7 +545,7 @@ function install_irc_server {
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/g" /etc/ngircd/ngircd.conf sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/g" /etc/ngircd/ngircd.conf
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
else else
sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
@ -562,10 +566,10 @@ function install_irc_server {
sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
IRC_SALT="$(create_password 30)" IRC_SALT="$(create_password 30)"
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" IRC_OPERATOR_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" IRC_OPERATOR_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
@ -574,7 +578,7 @@ function install_irc_server {
sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
if [ ${IRC_PASSWORD} ]; then if [ "${IRC_PASSWORD}" ]; then
sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
fi fi
# upgrade a cypher # upgrade a cypher
@ -585,7 +589,8 @@ function install_irc_server {
touch /var/run/ngircd/ngircd.pid touch /var/run/ngircd/ngircd.pid
chown -R irc:irc /var/run/ngircd chown -R irc:irc /var/run/ngircd
IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_BOUNCER_PORT} ${IRC_ONION_PORT}) # shellcheck disable=SC2034
IRC_ONION_HOSTNAME=$(add_onion_service irc "${IRC_BOUNCER_PORT}" "${IRC_ONION_PORT}")
if [ ! -d /var/run/ircd ]; then if [ ! -d /var/run/ircd ]; then
mkdir /var/run/ircd mkdir /var/run/ircd
@ -608,8 +613,8 @@ function install_irc_client {
fi fi
apt-get -yq install irssi apt-get -yq install irssi
if [ ! -d /home/${MY_USERNAME}/.irssi ]; then if [ ! -d "/home/${MY_USERNAME}/.irssi" ]; then
mkdir /home/${MY_USERNAME}/.irssi mkdir "/home/${MY_USERNAME}/.irssi"
fi fi
create_irssi_config "${MY_USERNAME}" "$MY_NAME" create_irssi_config "${MY_USERNAME}" "$MY_NAME"
@ -632,41 +637,41 @@ function install_irc_bouncer {
mkdir -p /home/znc/.znc/configs mkdir -p /home/znc/.znc/configs
mkdir -p /home/znc/.znc/users mkdir -p /home/znc/.znc/users
echo 'AnonIPLimit = 10' > /home/znc/.znc/configs/znc.conf { echo 'AnonIPLimit = 10';
echo 'ConnectDelay = 5' >> /home/znc/.znc/configs/znc.conf echo 'ConnectDelay = 5';
echo 'HideVersion = false' >> /home/znc/.znc/configs/znc.conf echo 'HideVersion = false';
echo 'MaxBufferSize = 500' >> /home/znc/.znc/configs/znc.conf echo 'MaxBufferSize = 500';
echo 'ProtectWebSessions = true' >> /home/znc/.znc/configs/znc.conf echo 'ProtectWebSessions = true';
echo 'SSLCertFile = /home/znc/.znc/znc.pem' >> /home/znc/.znc/configs/znc.conf echo 'SSLCertFile = /home/znc/.znc/znc.pem';
echo 'ServerThrottle = 30' >> /home/znc/.znc/configs/znc.conf echo 'ServerThrottle = 30';
echo 'Version = 1.6.2' >> /home/znc/.znc/configs/znc.conf echo 'Version = 1.6.2';
echo '' >> /home/znc/.znc/configs/znc.conf echo '';
echo '<Listener listener0>' >> /home/znc/.znc/configs/znc.conf echo '<Listener listener0>';
echo ' AllowIRC = true' >> /home/znc/.znc/configs/znc.conf echo ' AllowIRC = true';
echo ' AllowWeb = false' >> /home/znc/.znc/configs/znc.conf echo ' AllowWeb = false';
echo ' IPv4 = true' >> /home/znc/.znc/configs/znc.conf echo ' IPv4 = true';
echo ' IPv6 = true' >> /home/znc/.znc/configs/znc.conf echo ' IPv6 = true';
echo ' Port = 6697' >> /home/znc/.znc/configs/znc.conf echo ' Port = 6697'; } > /home/znc/.znc/configs/znc.conf
if [[ ${ONION_ONLY} == 'no' ]]; then if [[ "${ONION_ONLY}" == 'no' ]]; then
echo ' SSL = true' >> /home/znc/.znc/configs/znc.conf echo ' SSL = true' >> /home/znc/.znc/configs/znc.conf
else else
echo ' SSL = false' >> /home/znc/.znc/configs/znc.conf echo ' SSL = false' >> /home/znc/.znc/configs/znc.conf
fi fi
echo ' URIPrefix = /' >> /home/znc/.znc/configs/znc.conf { echo ' URIPrefix = /';
echo '</Listener>' >> /home/znc/.znc/configs/znc.conf echo '</Listener>';
echo '' >> /home/znc/.znc/configs/znc.conf echo ''; } >> /home/znc/.znc/configs/znc.conf
if [ $IRC_PORT -ne $IRC_ONION_PORT ]; then if [ $IRC_PORT -ne $IRC_ONION_PORT ]; then
echo '<Listener listener1>' >> /home/znc/.znc/configs/znc.conf { echo '<Listener listener1>';
echo ' AllowIRC = true' >> /home/znc/.znc/configs/znc.conf echo ' AllowIRC = true';
echo ' AllowWeb = false' >> /home/znc/.znc/configs/znc.conf echo ' AllowWeb = false';
echo ' IPv4 = true' >> /home/znc/.znc/configs/znc.conf echo ' IPv4 = true';
echo ' IPv6 = true' >> /home/znc/.znc/configs/znc.conf echo ' IPv6 = true';
echo " Port = ${IRC_ONION_PORT}" >> /home/znc/.znc/configs/znc.conf echo " Port = ${IRC_ONION_PORT}";
echo ' SSL = false' >> /home/znc/.znc/configs/znc.conf echo ' SSL = false';
echo ' URIPrefix = /' >> /home/znc/.znc/configs/znc.conf echo ' URIPrefix = /';
echo '</Listener>' >> /home/znc/.znc/configs/znc.conf echo '</Listener>';
echo '' >> /home/znc/.znc/configs/znc.conf echo ''; } >> /home/znc/.znc/configs/znc.conf
fi fi
chown -R znc:znc /home/znc/.znc chown -R znc:znc /home/znc/.znc

View File

@ -105,7 +105,7 @@ function add_user_jitsi {
} }
function install_interactive_jitsi { function install_interactive_jitsi {
if [ ! ${ONION_ONLY} ]; then if [ ! "${ONION_ONLY}" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -202,7 +202,7 @@ function remove_jitsi {
remove_app jitsi remove_app jitsi
remove_completion_param install_jitsi remove_completion_param install_jitsi
sed -i '/jitsi/d' ${COMPLETION_FILE} sed -i '/jitsi/d' "${COMPLETION_FILE}"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $JITSI_DOMAIN_NAME remove_ddns_domain $JITSI_DOMAIN_NAME
@ -233,8 +233,7 @@ function install_jitsi {
jitsi_deb_repo=unstable #binary jitsi_deb_repo=unstable #binary
apt-get -yq install wget debconf-utils default-jre apt-get -yq install wget debconf-utils default-jre
install_nodejs jitsi install_nodejs jitsi
npm install -g browserify@13.1.1 if ! npm install -g browserify@13.1.1; then
if [ ! "$?" = "0" ]; then
remove_nodejs jitsi remove_nodejs jitsi
exit 638352 exit 638352
fi fi
@ -272,17 +271,17 @@ function install_jitsi {
echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
echo '' >> $jitsi_nginx_site { echo '';
echo 'server {' >> $jitsi_nginx_site echo 'server {';
echo ' listen 80;' >> $jitsi_nginx_site echo ' listen 80;';
echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site echo " server_name ${JITSI_DOMAIN_NAME};";
echo ' return 301 https://$host$request_uri;' >> $jitsi_nginx_site echo " return 301 https://\$host\$request_uri;";
echo '}' >> $jitsi_nginx_site echo '}';
echo 'server {' >> $jitsi_nginx_site echo 'server {';
echo ' listen 443 ssl;' >> $jitsi_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $jitsi_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site echo " server_name ${JITSI_DOMAIN_NAME};";
echo '' >> $jitsi_nginx_site echo ''; } >> $jitsi_nginx_site
function_check nginx_ssl function_check nginx_ssl
nginx_ssl ${JITSI_DOMAIN_NAME} nginx_ssl ${JITSI_DOMAIN_NAME}
@ -290,80 +289,80 @@ function install_jitsi {
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${JITSI_DOMAIN_NAME} nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $jitsi_nginx_site echo '';
echo ' root /usr/share/jitsi-meet;' >> $jitsi_nginx_site echo ' root /usr/share/jitsi-meet;';
echo ' index index.html index.htm;' >> $jitsi_nginx_site echo ' index index.html index.htm;';
echo '' >> $jitsi_nginx_site echo '';
echo ' location /config.js {' >> $jitsi_nginx_site echo ' location /config.js {';
echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {';
echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site echo ' rewrite ^/(.*)$ / break;';
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' location / {' >> $jitsi_nginx_site echo ' location / {';
echo ' ssi on;' >> $jitsi_nginx_site echo ' ssi on;';
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' # Backward compatibility' >> $jitsi_nginx_site echo ' # Backward compatibility';
echo ' location ~ /external_api.* {' >> $jitsi_nginx_site echo ' location ~ /external_api.* {';
echo ' root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site echo ' root /usr/share/jitsi-meet/libs;';
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' # Logs' >> $jitsi_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $jitsi_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $jitsi_nginx_site echo ' error_log /dev/null;';
echo '' >> $jitsi_nginx_site echo '';
echo ' # BOSH' >> $jitsi_nginx_site echo ' # BOSH';
echo ' location /http-bind {' >> $jitsi_nginx_site echo ' location /http-bind {';
echo ' proxy_pass http://localhost:5280/http-bind;' >> $jitsi_nginx_site echo ' proxy_pass http://localhost:5280/http-bind;';
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site echo " proxy_set_header Host \$http_host;";
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '}' >> $jitsi_nginx_site echo '}'; } >> $jitsi_nginx_site
fi fi
echo '' >> $jitsi_nginx_site { echo '';
echo 'server {' >> $jitsi_nginx_site echo 'server {';
echo " listen 127.0.0.1:$JITSI_ONION_PORT default_server;" >> $jitsi_nginx_site echo " listen 127.0.0.1:$JITSI_ONION_PORT default_server;"; } >> $jitsi_nginx_site
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
else else
echo " server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site echo " server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site
fi fi
echo '' >> $jitsi_nginx_site { echo '';
echo ' root /usr/share/jitsi-meet;' >> $jitsi_nginx_site echo ' root /usr/share/jitsi-meet;';
echo ' index index.html index.htm;' >> $jitsi_nginx_site echo ' index index.html index.htm;';
echo '' >> $jitsi_nginx_site echo '';
echo ' location /config.js {' >> $jitsi_nginx_site echo ' location /config.js {';
echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {';
echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site echo ' rewrite ^/(.*)$ / break;';
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' location / {' >> $jitsi_nginx_site echo ' location / {';
echo ' ssi off;' >> $jitsi_nginx_site echo ' ssi off;';
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' # Backward compatibility' >> $jitsi_nginx_site echo ' # Backward compatibility';
echo ' location ~ /external_api.* {' >> $jitsi_nginx_site echo ' location ~ /external_api.* {';
echo ' root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site echo ' root /usr/share/jitsi-meet/libs;';
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '' >> $jitsi_nginx_site echo '';
echo ' # Logs' >> $jitsi_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $jitsi_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $jitsi_nginx_site echo ' error_log /dev/null;';
echo '' >> $jitsi_nginx_site echo '';
echo ' # BOSH' >> $jitsi_nginx_site echo ' # BOSH';
echo ' location /http-bind {' >> $jitsi_nginx_site echo ' location /http-bind {';
echo ' proxy_pass http://localhost:5280/http-bind;' >> $jitsi_nginx_site echo ' proxy_pass http://localhost:5280/http-bind;';
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site echo " proxy_set_header Host \$http_host;";
echo ' }' >> $jitsi_nginx_site echo ' }';
echo '}' >> $jitsi_nginx_site echo '}'; } >> $jitsi_nginx_site
sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
@ -376,7 +375,7 @@ function install_jitsi {
fi fi
function_check create_site_certificate function_check create_site_certificate
create_site_certificate ${JITSI_DOMAIN_NAME} 'yes' create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
exit 678363 exit 678363
fi fi

View File

@ -70,19 +70,19 @@ function logging_off_kanboard {
function remove_user_kanboard { function remove_user_kanboard {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp kanboard "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp kanboard
} }
function add_user_kanboard { function add_user_kanboard {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a kanboard -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a kanboard -p "$new_user_password"
echo '0' echo '0'
} }
function install_interactive_kanboard { function install_interactive_kanboard {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -92,42 +92,43 @@ function install_interactive_kanboard {
KANBOARD_DETAILS_COMPLETE= KANBOARD_DETAILS_COMPLETE=
while [ ! $KANBOARD_DETAILS_COMPLETE ] while [ ! $KANBOARD_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"KanBoard Configuration" \ --title $"KanBoard Configuration" \
--form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \ --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
$"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
$"Code:" 2 1 "$(grep 'KANBOARD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \ $"Code:" 2 1 "$(grep 'KANBOARD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"KanBoard Configuration" \ --title $"KanBoard Configuration" \
--form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \ --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
$"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
KANBOARD_DOMAIN_NAME=$(cat $data | sed -n 1p) KANBOARD_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $KANBOARD_DOMAIN_NAME ]; then if [ "$KANBOARD_DOMAIN_NAME" ]; then
if [[ $KANBOARD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ $KANBOARD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
KANBOARD_DOMAIN_NAME="" KANBOARD_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$KANBOARD_DOMAIN_NAME TEST_DOMAIN_NAME=$KANBOARD_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $KANBOARD_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$KANBOARD_DOMAIN_NAME" ]]; then
KANBOARD_DOMAIN_NAME= KANBOARD_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
KANBOARD_CODE=$(cat $data | sed -n 2p) KANBOARD_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$KANBOARD_CODE" validate_freedns_code "$KANBOARD_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
KANBOARD_DOMAIN_NAME= KANBOARD_DOMAIN_NAME=
fi fi
fi fi
@ -136,6 +137,7 @@ function install_interactive_kanboard {
if [ $KANBOARD_DOMAIN_NAME ]; then if [ $KANBOARD_DOMAIN_NAME ]; then
KANBOARD_DETAILS_COMPLETE="yes" KANBOARD_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file
@ -151,23 +153,23 @@ function change_password_kanboard {
read_config_param 'KANBOARD_DOMAIN_NAME' read_config_param 'KANBOARD_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a kanboard -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a kanboard -p "$new_user_password"
} }
function kanboard_create_database { function kanboard_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
KANBOARD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" KANBOARD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $KANBOARD_ADMIN_PASSWORD ]; then if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
KANBOARD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" KANBOARD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $KANBOARD_ADMIN_PASSWORD ]; then if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database kanboard "$KANBOARD_ADMIN_PASSWORD" $MY_USERNAME create_database kanboard "$KANBOARD_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_kanboard { function reconfigure_kanboard {
@ -180,40 +182,40 @@ function upgrade_kanboard {
return return
fi fi
if grep -q "kanboard domain" $COMPLETION_FILE; then if grep -q "kanboard domain" "$COMPLETION_FILE"; then
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain") KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$KANBOARD_DOMAIN_NAME/htdocs "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO set_repo_commit "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
} }
function backup_local_kanboard { function backup_local_kanboard {
KANBOARD_DOMAIN_NAME='kanboard' KANBOARD_DOMAIN_NAME='kanboard'
if grep -q "kanboard domain" $COMPLETION_FILE; then if grep -q "kanboard domain" "$COMPLETION_FILE"; then
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain") KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
fi fi
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then if [ ! -d "$source_directory" ]; then
mkdir $source_directory mkdir "$source_directory"
fi fi
cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
function_check suspend_site function_check suspend_site
suspend_site ${KANBOARD_DOMAIN_NAME} suspend_site "${KANBOARD_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
dest_directory=kanboardconfig dest_directory=kanboardconfig
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
dest_directory=kanboardfile dest_directory=kanboardfile
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb kanboard backup_database_to_usb kanboard
@ -223,11 +225,11 @@ function backup_local_kanboard {
} }
function restore_local_kanboard { function restore_local_kanboard {
if ! grep -q "kanboard domain" $COMPLETION_FILE; then if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
return return
fi fi
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain") KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
if [ $KANBOARD_DOMAIN_NAME ]; then if [ "$KANBOARD_DOMAIN_NAME" ]; then
echo $"Restoring kanboard" echo $"Restoring kanboard"
temp_restore_dir=/root/tempkanboard temp_restore_dir=/root/tempkanboard
kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@ -243,30 +245,30 @@ function restore_local_kanboard {
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir kanboardconfig restore_directory_from_usb $temp_restore_dir kanboardconfig
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/backup ]; then if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/ cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
else else
cp $temp_restore_dir/config.php $kanboard_dir/ cp "$temp_restore_dir/config.php" "$kanboard_dir/"
fi fi
chown www-data:www-data $kanboard_dir/config.php chown www-data:www-data "$kanboard_dir/config.php"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
restore_directory_from_usb $temp_restore_dir kanboardfile restore_directory_from_usb $temp_restore_dir kanboardfile
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/data ]; then if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/ cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
else else
if [ ! -d $kanboard_dir/data ]; then if [ ! -d "$kanboard_dir/data" ]; then
mkdir $kanboard_dir/data mkdir "$kanboard_dir/data"
fi fi
cp -rp $temp_restore_dir/* $kanboard_dir/data/ cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
fi fi
chown -R www-data:www-data $kanboard_dir/data chown -R www-data:www-data "$kanboard_dir/data"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME} kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
echo $"Restore of kanboard complete" echo $"Restore of kanboard complete"
fi fi
@ -274,26 +276,26 @@ function restore_local_kanboard {
function backup_remote_kanboard { function backup_remote_kanboard {
KANBOARD_DOMAIN_NAME='kanboard' KANBOARD_DOMAIN_NAME='kanboard'
if grep -q "kanboard domain" $COMPLETION_FILE; then if grep -q "kanboard domain" "$COMPLETION_FILE"; then
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain") KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
fi fi
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then if [ ! -d "$source_directory" ]; then
mkdir $source_directory mkdir "$source_directory"
fi fi
cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
function_check suspend_site function_check suspend_site
suspend_site ${KANBOARD_DOMAIN_NAME} suspend_site "${KANBOARD_DOMAIN_NAME}"
function_check backup_directory_to_friend function_check backup_directory_to_friend
dest_directory=kanboardconfig dest_directory=kanboardconfig
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
dest_directory=kanboardfile dest_directory=kanboardfile
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend kanboard backup_database_to_friend kanboard
@ -303,11 +305,11 @@ function backup_remote_kanboard {
} }
function restore_remote_kanboard { function restore_remote_kanboard {
if ! grep -q "kanboard domain" $COMPLETION_FILE; then if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
return return
fi fi
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain") KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
if [ $KANBOARD_DOMAIN_NAME ]; then if [ "$KANBOARD_DOMAIN_NAME" ]; then
echo $"Restoring kanboard" echo $"Restoring kanboard"
temp_restore_dir=/root/tempkanboard temp_restore_dir=/root/tempkanboard
kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@ -324,30 +326,30 @@ function restore_remote_kanboard {
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir kanboardconfig restore_directory_from_friend $temp_restore_dir kanboardconfig
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/backup ]; then if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/ cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
else else
cp $temp_restore_dir/config.php $kanboard_dir/ cp "$temp_restore_dir/config.php" "$kanboard_dir/"
fi fi
chown www-data:www-data $kanboard_dir/config.php chown www-data:www-data "$kanboard_dir/config.php"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
restore_directory_from_friend $temp_restore_dir kanboardfile restore_directory_from_friend $temp_restore_dir kanboardfile
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/data ]; then if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/ cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
else else
if [ ! -d $kanboard_dir/data ]; then if [ ! -d "$kanboard_dir/data" ]; then
mkdir $kanboard_dir/data mkdir "$kanboard_dir/data"
fi fi
cp -rp $temp_restore_dir/* $kanboard_dir/data/ cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
fi fi
chown -R www-data:www-data $kanboard_dir/data chown -R www-data:www-data "$kanboard_dir/data"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME} kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
echo $"Restore of kanboard complete" echo $"Restore of kanboard complete"
fi fi
@ -360,14 +362,14 @@ function remove_kanboard {
read_config_param "KANBOARD_DOMAIN_NAME" read_config_param "KANBOARD_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $KANBOARD_DOMAIN_NAME" echo "Removing $KANBOARD_DOMAIN_NAME"
nginx_dissite $KANBOARD_DOMAIN_NAME nginx_dissite "$KANBOARD_DOMAIN_NAME"
remove_certs $KANBOARD_DOMAIN_NAME remove_certs "$KANBOARD_DOMAIN_NAME"
if [ -d /var/www/$KANBOARD_DOMAIN_NAME ]; then if [ -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
rm -rf /var/www/$KANBOARD_DOMAIN_NAME rm -rf "/var/www/$KANBOARD_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME rm "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database kanboard drop_database kanboard
@ -375,11 +377,11 @@ function remove_kanboard {
remove_onion_service kanboard ${KANBOARD_ONION_PORT} remove_onion_service kanboard ${KANBOARD_ONION_PORT}
remove_app kanboard remove_app kanboard
remove_completion_param install_kanboard remove_completion_param install_kanboard
sed -i '/kanboard/d' $COMPLETION_FILE sed -i '/kanboard/d' "$COMPLETION_FILE"
remove_backup_database_local kanboard remove_backup_database_local kanboard
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $KANBOARD_DOMAIN_NAME remove_ddns_domain "$KANBOARD_DOMAIN_NAME"
} }
function install_kanboard { function install_kanboard {
@ -387,12 +389,12 @@ function install_kanboard {
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $KANBOARD_DOMAIN_NAME ]; then if [ ! "$KANBOARD_DOMAIN_NAME" ]; then
echo $'No domain name was given for kanboard' echo $'No domain name was given for kanboard'
exit 73478 exit 73478
fi fi
kanboard_hourly_script kanboard $KANBOARD_DOMAIN_NAME kanboard_hourly_script kanboard "$KANBOARD_DOMAIN_NAME"
function_check install_mariadb function_check install_mariadb
install_mariadb install_mariadb
@ -406,34 +408,34 @@ function install_kanboard {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME ]; then if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
mkdir /var/www/$KANBOARD_DOMAIN_NAME mkdir "/var/www/$KANBOARD_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/kanboard ]; then if [ -d /repos/kanboard ]; then
mkdir /var/www/$KANBOARD_DOMAIN_NAME/htdocs mkdir "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
cp -r -p /repos/kanboard/. /var/www/$KANBOARD_DOMAIN_NAME/htdocs cp -r -p /repos/kanboard/. "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 2468274
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $KANBOARD_REPO /var/www/$KANBOARD_DOMAIN_NAME/htdocs git_clone "$KANBOARD_REPO" "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone kanboard repo' echo $'Unable to clone kanboard repo'
exit 89365 exit 89365
fi fi
fi fi
cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 234682642
git checkout $KANBOARD_COMMIT -b $KANBOARD_COMMIT git checkout $KANBOARD_COMMIT -b $KANBOARD_COMMIT
set_completion_param "kanboard commit" "$KANBOARD_COMMIT" set_completion_param "kanboard commit" "$KANBOARD_COMMIT"
chmod g+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs chmod g+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
chmod a+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs/data chmod a+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs/data"
chown -R www-data:www-data /var/www/$KANBOARD_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
function_check kanboard_create_database function_check kanboard_create_database
kanboard_create_database kanboard_create_database
@ -446,118 +448,118 @@ function install_kanboard {
fi fi
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $KANBOARD_DOMAIN_NAME add_ddns_domain "$KANBOARD_DOMAIN_NAME"
KANBOARD_ONION_HOSTNAME=$(add_onion_service kanboard 80 ${KANBOARD_ONION_PORT}) KANBOARD_ONION_HOSTNAME=$(add_onion_service kanboard 80 ${KANBOARD_ONION_PORT})
kanboard_nginx_site=/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME kanboard_nginx_site=/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $KANBOARD_DOMAIN_NAME "index index.php" nginx_http_redirect "$KANBOARD_DOMAIN_NAME" "index index.php"
echo 'server {' >> $kanboard_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $kanboard_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $kanboard_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $KANBOARD_DOMAIN_NAME;" >> $kanboard_nginx_site echo " server_name $KANBOARD_DOMAIN_NAME;";
echo '' >> $kanboard_nginx_site echo ''; } >> "$kanboard_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $KANBOARD_DOMAIN_NAME nginx_compress "$KANBOARD_DOMAIN_NAME"
echo '' >> $kanboard_nginx_site echo '' >> "$kanboard_nginx_site"
echo ' # Security' >> $kanboard_nginx_site echo ' # Security' >> "$kanboard_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $KANBOARD_DOMAIN_NAME nginx_ssl "$KANBOARD_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $KANBOARD_DOMAIN_NAME nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $kanboard_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Logs' >> $kanboard_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $kanboard_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $kanboard_nginx_site echo ' error_log /dev/null;';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Root' >> $kanboard_nginx_site echo ' # Root';
echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
echo '' >> $kanboard_nginx_site echo '';
echo ' # Index' >> $kanboard_nginx_site echo ' # Index';
echo ' index index.php;' >> $kanboard_nginx_site echo ' index index.php;';
echo '' >> $kanboard_nginx_site echo '';
echo ' # PHP' >> $kanboard_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $kanboard_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $kanboard_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Location' >> $kanboard_nginx_site echo ' # Location';
echo ' location / {' >> $kanboard_nginx_site echo ' location / {'; } >> "$kanboard_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $KANBOARD_DOMAIN_NAME '15m' nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site { echo " try_files \$uri \$uri/ @kanboard;";
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Fancy URLs' >> $kanboard_nginx_site echo ' # Fancy URLs';
echo ' location @kanboard {' >> $kanboard_nginx_site echo ' location @kanboard {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $kanboard_nginx_site echo ' deny all;';
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '}' >> $kanboard_nginx_site echo '}'; } >> "$kanboard_nginx_site"
else else
echo -n '' > $kanboard_nginx_site echo -n '' > "$kanboard_nginx_site"
fi fi
echo 'server {' >> $kanboard_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;" >> $kanboard_nginx_site echo " listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;";
echo " server_name $KANBOARD_ONION_HOSTNAME;" >> $kanboard_nginx_site echo " server_name $KANBOARD_ONION_HOSTNAME;";
echo '' >> $kanboard_nginx_site echo ''; } >> "$kanboard_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $KANBOARD_DOMAIN_NAME nginx_compress "$KANBOARD_DOMAIN_NAME"
echo '' >> $kanboard_nginx_site echo '' >> "$kanboard_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $KANBOARD_DOMAIN_NAME nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
echo '' >> $kanboard_nginx_site { echo '';
echo ' # Logs' >> $kanboard_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $kanboard_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $kanboard_nginx_site echo ' error_log /dev/null;';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Root' >> $kanboard_nginx_site echo ' # Root';
echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
echo '' >> $kanboard_nginx_site echo '';
echo ' # Index' >> $kanboard_nginx_site echo ' # Index';
echo ' index index.php;' >> $kanboard_nginx_site echo ' index index.php;';
echo '' >> $kanboard_nginx_site echo '';
echo ' # PHP' >> $kanboard_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $kanboard_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $kanboard_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Location' >> $kanboard_nginx_site echo ' # Location';
echo ' location / {' >> $kanboard_nginx_site echo ' location / {'; } >> "$kanboard_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $KANBOARD_DOMAIN_NAME '15m' nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site { echo " try_files \$uri \$uri/ @kanboard;";
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Fancy URLs' >> $kanboard_nginx_site echo ' # Fancy URLs';
echo ' location @kanboard {' >> $kanboard_nginx_site echo ' location @kanboard {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '' >> $kanboard_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $kanboard_nginx_site echo ' deny all;';
echo ' }' >> $kanboard_nginx_site echo ' }';
echo '}' >> $kanboard_nginx_site echo '}'; } >> "$kanboard_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $KANBOARD_DOMAIN_NAME 'yes' create_site_certificate "$KANBOARD_DOMAIN_NAME" 'yes'
# Ensure that the database gets backed up locally, if remote # Ensure that the database gets backed up locally, if remote
# backups are not being used # backups are not being used
@ -568,36 +570,31 @@ function install_kanboard {
backup_database_local kanboard backup_database_local kanboard
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $KANBOARD_DOMAIN_NAME nginx_ensite "$KANBOARD_DOMAIN_NAME"
KANBOARD_SERVER=${KANBOARD_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
KANBOARD_SERVER=${KANBOARD_ONION_HOSTNAME}
fi
# Create the configuration # Create the configuration
kanboard_configfile=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php kanboard_configfile="/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php"
cp /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php $kanboard_configfile cp "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php" "$kanboard_configfile"
sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" $kanboard_configfile sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" "$kanboard_configfile"
sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" $kanboard_configfile sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" "$kanboard_configfile"
sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" $kanboard_configfile sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" "$kanboard_configfile"
sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" $kanboard_configfile sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" "$kanboard_configfile"
sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" $kanboard_configfile sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" "$kanboard_configfile"
sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" $kanboard_configfile sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" "$kanboard_configfile"
sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" $kanboard_configfile sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" "$kanboard_configfile"
logging_off_kanboard logging_off_kanboard
initialise_database kanboard /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql initialise_database kanboard "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql"
chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
cd /var/www/${KANBOARD_DOMAIN_NAME}/htdocs cd "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs" || exit 24582468
install_composer install_composer
systemctl restart mariadb systemctl restart mariadb
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a kanboard -p "$KANBOARD_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
set_completion_param "kanboard domain" "$KANBOARD_DOMAIN_NAME" set_completion_param "kanboard domain" "$KANBOARD_DOMAIN_NAME"

View File

@ -49,7 +49,7 @@ keyserver_variables=(ONION_ONLY
function check_keyserver_directory_size { function check_keyserver_directory_size {
dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}') dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')
# 500M # 500M
if [ $dirsize -gt 500000 ]; then if [ "$dirsize" -gt 500000 ]; then
echo "1" echo "1"
return return
fi fi
@ -57,7 +57,7 @@ function check_keyserver_directory_size {
} }
function keyserver_watchdog { function keyserver_watchdog {
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME} ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed" keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup." keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup."
@ -67,19 +67,19 @@ function keyserver_watchdog {
# check database size hourly # check database size hourly
keyserver_watchdog_script=/tmp/keyserver-watchdog keyserver_watchdog_script=/tmp/keyserver-watchdog
echo '#!/bin/bash' > $keyserver_watchdog_script { echo '#!/bin/bash';
echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')";
echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script echo "if [ \$dirsize -gt 450000 ]; then";
echo " echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script echo " echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS";
echo ' if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script echo " if [ \$dirsize -gt 500000 ]; then";
echo " nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script echo " nginx_dissite $KEYSERVER_DOMAIN_NAME";
echo ' systemctl stop sks' >> $keyserver_watchdog_script echo ' systemctl stop sks';
echo ' systemctl disable sks' >> $keyserver_watchdog_script echo ' systemctl disable sks';
echo " echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script echo " echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS";
echo ' fi' >> $keyserver_watchdog_script echo ' fi';
echo 'fi' >> $keyserver_watchdog_script echo 'fi'; } > $keyserver_watchdog_script
chmod +x $keyserver_watchdog_script chmod +x $keyserver_watchdog_script
if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then
@ -102,7 +102,7 @@ function configure_firewall_for_keyserver {
firewall_add keyserver 11370 tcp firewall_add keyserver 11370 tcp
firewall_add keyserver 11371 tcp firewall_add keyserver 11371 tcp
firewall_add keyserver 11372 tcp firewall_add keyserver 11372 tcp
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function keyserver_reset_database { function keyserver_reset_database {
@ -134,18 +134,18 @@ function upgrade_keyserver {
return return
fi fi
if grep -q "keyserver domain" $COMPLETION_FILE; then if grep -q "keyserver domain" "$COMPLETION_FILE"; then
KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain") KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO set_repo_commit "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
read_config_param MY_USERNAME read_config_param MY_USERNAME
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME USER_EMAIL_ADDRESS="$MY_USERNAME@$HOSTNAME"
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME) GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
if [ ! $GPG_ID ]; then if [ ! "$GPG_ID" ]; then
echo $'No GPG ID for admin user' echo $'No GPG ID for admin user'
exit 846336 exit 846336
fi fi
@ -157,17 +157,17 @@ function upgrade_keyserver {
echo $'GPG ID not retrieved for admin user due to error' echo $'GPG ID not retrieved for admin user due to error'
exit 74825 exit 74825
fi fi
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs"
} }
function backup_local_keyserver { function backup_local_keyserver {
# remove any unused log files # remove any unused log files
cd /var/lib/sks/DB cd /var/lib/sks/DB || exit 2468245
db_archive -d db_archive -d
source_directory=/etc/sks source_directory=/etc/sks
@ -223,6 +223,7 @@ function restore_local_keyserver {
fi fi
cp -r $temp_restore_dir/* /var/lib/sks/DB cp -r $temp_restore_dir/* /var/lib/sks/DB
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
# restore the old database # restore the old database
rm -rf /var/lib/sks/DB rm -rf /var/lib/sks/DB
@ -243,12 +244,12 @@ function restore_local_keyserver {
systemctl enable sks systemctl enable sks
systemctl start sks systemctl start sks
nginx_ensite $KEYSERVER_DOMAIN_NAME nginx_ensite "$KEYSERVER_DOMAIN_NAME"
} }
function backup_remote_keyserver { function backup_remote_keyserver {
# remove any unused log files # remove any unused log files
cd /var/lib/sks/DB cd /var/lib/sks/DB || exit 734624
db_archive -d db_archive -d
source_directory=/etc/sks source_directory=/etc/sks
@ -304,6 +305,7 @@ function restore_remote_keyserver {
fi fi
cp -r $temp_restore_dir/* /var/lib/sks/DB cp -r $temp_restore_dir/* /var/lib/sks/DB
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
# restore the old database # restore the old database
rm -rf /var/lib/sks/DB rm -rf /var/lib/sks/DB
@ -322,7 +324,7 @@ function restore_remote_keyserver {
systemctl enable sks systemctl enable sks
systemctl start sks systemctl start sks
nginx_ensite $KEYSERVER_DOMAIN_NAME nginx_ensite "$KEYSERVER_DOMAIN_NAME"
} }
function remove_keyserver { function remove_keyserver {
@ -333,21 +335,21 @@ function remove_keyserver {
apt-get -qy remove sks dirmngr apt-get -qy remove sks dirmngr
read_config_param "KEYSERVER_DOMAIN_NAME" read_config_param "KEYSERVER_DOMAIN_NAME"
nginx_dissite $KEYSERVER_DOMAIN_NAME nginx_dissite "$KEYSERVER_DOMAIN_NAME"
remove_certs ${KEYSERVER_DOMAIN_NAME} remove_certs "${KEYSERVER_DOMAIN_NAME}"
if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME"
fi fi
if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then if [ -d "/var/www/$KEYSERVER_DOMAIN_NAME" ]; then
rm -rf /var/www/$KEYSERVER_DOMAIN_NAME rm -rf "/var/www/$KEYSERVER_DOMAIN_NAME"
fi fi
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $KEYSERVER_DOMAIN_NAME remove_ddns_domain "$KEYSERVER_DOMAIN_NAME"
remove_config_param KEYSERVER_DOMAIN_NAME remove_config_param KEYSERVER_DOMAIN_NAME
remove_config_param KEYSERVER_CODE remove_config_param KEYSERVER_CODE
function_check remove_onion_service function_check remove_onion_service
remove_onion_service keyserver ${KEYSERVER_ONION_PORT} remove_onion_service keyserver "${KEYSERVER_ONION_PORT}"
remove_onion_service sks 11370 11371 11372 remove_onion_service sks 11370 11371 11372
remove_completion_param "install_keyserver" remove_completion_param "install_keyserver"
@ -355,15 +357,15 @@ function remove_keyserver {
firewall_remove 11371 tcp firewall_remove 11371 tcp
firewall_remove 11372 tcp firewall_remove 11372 tcp
sed -i '/keyserver/d' $COMPLETION_FILE sed -i '/keyserver/d' "$COMPLETION_FILE"
sed -i '/sks onion/d' $COMPLETION_FILE sed -i '/sks onion/d' "$COMPLETION_FILE"
if [ -d /var/lib/sks ]; then if [ -d /var/lib/sks ]; then
rm -rf /var/lib/sks rm -rf /var/lib/sks
fi fi
} }
function install_interactive_keyserver { function install_interactive_keyserver {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -388,12 +390,12 @@ function keyserver_create_membership {
return return
fi fi
systemctl stop sks systemctl stop sks
echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership { echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with.";
echo '#' >> /etc/sks/membership echo '#';
echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership echo $"# Don't add major keyservers here, because it will take an";
echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership echo $'# Infeasible amount of time to sync and backups will become';
echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership echo $'# absurdly long and probably break your system. You have been warned.';
echo '' >> /etc/sks/membership echo ''; } > /etc/sks/membership
chown -Rc debian-sks: /etc/sks/membership chown -Rc debian-sks: /etc/sks/membership
systemctl start sks systemctl start sks
} }
@ -403,7 +405,7 @@ function keyserver_import_keys {
dialog --title $"Import public keys database" \ dialog --title $"Import public keys database" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60 --yesno $"\\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\\n\\nContinue?" 10 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
@ -412,36 +414,38 @@ function keyserver_import_keys {
if [ ! -d /var/lib/sks/dump ]; then if [ ! -d /var/lib/sks/dump ]; then
mkdir -p /var/lib/sks/dump mkdir -p /var/lib/sks/dump
fi fi
cd /var/lib/sks/dump cd /var/lib/sks/dump || exit 59242684
echo $'Getting keyserver dump. This may take a few days or longer, so be patient.' echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
rm -rf /var/lib/sks/dump/* rm -rf /var/lib/sks/dump/*
KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/" KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \ wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
-A pgp,txt $KEYSERVER_DUMP_URL -A pgp,txt "$KEYSERVER_DUMP_URL"
cd /var/lib/sks cd /var/lib/sks || exit 936572424
echo $'Building the keyserver database from the downloaded dump' echo $'Building the keyserver database from the downloaded dump'
keyserver_reset_database keyserver_reset_database
} }
function keyserver_sync { function keyserver_sync {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Sync with other keyserver" \ --title $"Sync with other keyserver" \
--form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \ --form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \
$"Domain:" 1 1 "" 1 25 32 64 \ $"Domain:" 1 1 "" 1 25 32 64 \
$"Port:" 2 1 "11370" 2 25 6 6 \ $"Port:" 2 1 "11370" 2 25 6 6 \
$"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \ $"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
other_keyserver_domain=$(cat $data | sed -n 1p) other_keyserver_domain=$(sed -n 1p < "$data")
other_keyserver_port=$(cat $data | sed -n 2p) other_keyserver_port=$(sed -n 2p < "$data")
other_keyserver_email=$(cat $data | sed -n 3p) other_keyserver_email=$(sed -n 3p < "$data")
rm -f "$data"
if [[ "$other_keyserver_domain" != *'.'* ]]; then if [[ "$other_keyserver_domain" != *'.'* ]]; then
return return
fi fi
@ -464,7 +468,7 @@ function keyserver_sync {
# Warn if trying to sync # Warn if trying to sync
if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then
dialog --title $"Sync with other keyserver" \ dialog --title $"Sync with other keyserver" \
--msgbox $"\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60 --msgbox $"\\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
return return
fi fi
@ -508,47 +512,50 @@ function keyserver_edit {
} }
function keyserver_remove_key { function keyserver_remove_key {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Remove a key" \ dialog --title $"Remove a key" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>$data --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
remove_key_id=$(<$data) remove_key_id=$(<"$data")
if [ ${#remove_key_id} -gt 8 ]; then if [ ${#remove_key_id} -gt 8 ]; then
sks drop $remove_key_id sks drop "$remove_key_id"
dialog --title $"Remove a key" \ dialog --title $"Remove a key" \
--msgbox $"The key was removed" 6 40 --msgbox $"The key was removed" 6 40
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_keyserver { function configure_interactive_keyserver {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"SKS Keyserver" \ --title $"SKS Keyserver" \
--radiolist $"Choose an operation:" 12 70 4 \ --radiolist $"Choose an operation:" 12 70 4 \
1 $"Remove a key" off \ 1 $"Remove a key" off \
2 $"Sync with other keyserver" off \ 2 $"Sync with other keyserver" off \
3 $"Edit sync keyservers" off \ 3 $"Edit sync keyservers" off \
4 $"Exit" on 2> $data 4 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) keyserver_remove_key;; 1) keyserver_remove_key;;
2) keyserver_sync;; 2) keyserver_sync;;
3) keyserver_edit;; 3) keyserver_edit;;
4) break;; 4) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -563,7 +570,7 @@ function install_keyserver {
mkdir /var/www/$KEYSERVER_DOMAIN_NAME mkdir /var/www/$KEYSERVER_DOMAIN_NAME
fi fi
cd /var/www/$KEYSERVER_DOMAIN_NAME cd "/var/www/$KEYSERVER_DOMAIN_NAME" || exit 25427642847
if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
fi fi
@ -571,7 +578,7 @@ function install_keyserver {
if [ -d /repos/keyserverweb ]; then if [ -d /repos/keyserverweb ]; then
mkdir htdocs mkdir htdocs
cp -r -p /repos/keyserverweb/. htdocs cp -r -p /repos/keyserverweb/. htdocs
cd htdocs cd htdocs || exit 379584659
git pull git pull
else else
git_clone $KEYSERVER_WEB_REPO htdocs git_clone $KEYSERVER_WEB_REPO htdocs
@ -581,14 +588,14 @@ function install_keyserver {
exit 6539230 exit 6539230
fi fi
cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs cd "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" || exit 264824528
git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT" set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME) GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
if [ ! $GPG_ID ]; then if [ ! "$GPG_ID" ]; then
echo $'No GPG ID for admin user' echo $'No GPG ID for admin user'
exit 846336 exit 846336
fi fi
@ -659,11 +666,11 @@ function install_keyserver {
chown debian-sks: $sksconf_file chown debian-sks: $sksconf_file
if ! grep -q "hidden_service_sks" /etc/tor/torrc; then if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
echo 'HiddenServiceVersion 3' >> /etc/tor/torrc echo 'HiddenServiceVersion 3';
echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc echo "HiddenServicePort 11370 127.0.0.1:11370";
echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc echo "HiddenServicePort 11373 127.0.0.1:11371";
echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
echo $'Added onion site for sks' echo $'Added onion site for sks'
fi fi
@ -682,141 +689,141 @@ function install_keyserver {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
# NOTE: without http active on port 80 the keyserver doesn't work # NOTE: without http active on port 80 the keyserver doesn't work
# from the commandline # from the commandline
echo 'server {' > $keyserver_nginx_site { echo 'server {';
echo ' listen 80;' >> $keyserver_nginx_site echo ' listen 80;';
echo ' listen 0.0.0.0:11371;' >> $keyserver_nginx_site echo ' listen 0.0.0.0:11371;';
echo ' listen [::]:80;' >> $keyserver_nginx_site echo ' listen [::]:80;';
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site echo " server_name $KEYSERVER_DOMAIN_NAME;";
echo '' >> $keyserver_nginx_site echo '';
echo ' # Logs' >> $keyserver_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $keyserver_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $keyserver_nginx_site echo ' error_log /dev/null;';
echo '' >> $keyserver_nginx_site echo '';
echo ' # Root' >> $keyserver_nginx_site echo ' # Root';
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
echo '' >> $keyserver_nginx_site echo '';
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site echo ' rewrite ^/stats /pks/lookup?op=stats;';
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site echo " rewrite ^/s/(.*) /pks/lookup?search=\$1;";
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site echo " rewrite ^/search/(.*) /pks/lookup?search=\$1;";
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo '' >> $keyserver_nginx_site echo '';
echo ' location / {' >> $keyserver_nginx_site echo ' location / {'; } > $keyserver_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $KEYSERVER_DOMAIN_NAME '128k' nginx_limits "$KEYSERVER_DOMAIN_NAME" '128k'
echo ' }' >> $keyserver_nginx_site { echo ' }';
echo '' >> $keyserver_nginx_site echo '';
echo ' location /pks {' >> $keyserver_nginx_site echo ' location /pks {';
echo ' proxy_pass http://127.0.0.1:11373;' >> $keyserver_nginx_site echo ' proxy_pass http://127.0.0.1:11373;';
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site echo ' proxy_pass_header Server;';
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";";
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site echo ' proxy_ignore_client_abort on;';
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site echo ' client_max_body_size 8m;';
echo ' client_body_buffer_size 128k;' >> $keyserver_nginx_site echo ' client_body_buffer_size 128k;';
echo ' }' >> $keyserver_nginx_site echo ' }';
echo '}' >> $keyserver_nginx_site echo '}';
echo '' >> $keyserver_nginx_site echo '';
echo 'server {' >> $keyserver_nginx_site echo 'server {';
echo ' listen 443 ssl;' >> $keyserver_nginx_site echo ' listen 443 ssl;';
echo ' listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site echo ' listen 0.0.0.0:11372 ssl;';
echo ' #listen [::]:443 ssl;' >> $keyserver_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site echo " server_name $KEYSERVER_DOMAIN_NAME;";
echo '' >> $keyserver_nginx_site echo '';
echo ' error_page 404 /404.html;' >> $keyserver_nginx_site echo ' error_page 404 /404.html;';
echo '' >> $keyserver_nginx_site echo '';
echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site echo ' location ~ (.git|LICENSE|readme.md) {';
echo ' deny all;' >> $keyserver_nginx_site echo ' deny all;';
echo ' return 404;' >> $keyserver_nginx_site echo ' return 404;';
echo ' }' >> $keyserver_nginx_site echo ' }';
echo '' >> $keyserver_nginx_site echo '';
echo ' # Security' >> $keyserver_nginx_site echo ' # Security'; } >> $keyserver_nginx_site
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $KEYSERVER_DOMAIN_NAME nginx_ssl $KEYSERVER_DOMAIN_NAME
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $keyserver_nginx_site echo '';
echo ' # Logs' >> $keyserver_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $keyserver_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $keyserver_nginx_site echo ' error_log /dev/null;';
echo '' >> $keyserver_nginx_site echo '';
echo ' # Root' >> $keyserver_nginx_site echo ' # Root';
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
echo '' >> $keyserver_nginx_site echo '';
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site echo ' rewrite ^/stats /pks/lookup?op=stats;';
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site echo " rewrite ^/s/(.*) /pks/lookup?search=\$1;";
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site echo " rewrite ^/search/(.*) /pks/lookup?search=\$1;";
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo '' >> $keyserver_nginx_site echo '';
echo ' location / {' >> $keyserver_nginx_site echo ' location / {'; } >> $keyserver_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $KEYSERVER_DOMAIN_NAME '128k' nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
echo ' }' >> $keyserver_nginx_site { echo ' }';
echo '' >> $keyserver_nginx_site echo '';
echo ' location /pks {' >> $keyserver_nginx_site echo ' location /pks {';
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site echo " proxy_pass http://127.0.0.1:11373;";
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site echo ' proxy_pass_header Server;';
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";";
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site echo ' proxy_ignore_client_abort on;';
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site echo ' client_max_body_size 8m;';
echo ' client_body_buffer_size 128k;' >> $keyserver_nginx_site echo ' client_body_buffer_size 128k;';
echo ' }' >> $keyserver_nginx_site echo ' }';
echo '}' >> $keyserver_nginx_site echo '}';
echo '' >> $keyserver_nginx_site echo ''; } >> $keyserver_nginx_site
else else
echo -n '' > $keyserver_nginx_site echo -n '' > $keyserver_nginx_site
fi fi
echo 'server {' >> $keyserver_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;";
echo " server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site echo " server_name $KEYSERVER_ONION_HOSTNAME;";
echo '' >> $keyserver_nginx_site echo '';
echo ' error_page 404 /404.html;' >> $keyserver_nginx_site echo ' error_page 404 /404.html;';
echo '' >> $keyserver_nginx_site echo '';
echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site echo ' location ~ (.git|LICENSE|readme.md) {';
echo ' deny all;' >> $keyserver_nginx_site echo ' deny all;';
echo ' return 404;' >> $keyserver_nginx_site echo ' return 404;';
echo ' }' >> $keyserver_nginx_site echo ' }';
echo '' >> $keyserver_nginx_site echo ''; } >> $keyserver_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
echo '' >> $keyserver_nginx_site { echo '';
echo ' # Logs' >> $keyserver_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $keyserver_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $keyserver_nginx_site echo ' error_log /dev/null;';
echo '' >> $keyserver_nginx_site echo '';
echo ' # Root' >> $keyserver_nginx_site echo ' # Root';
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site echo " root /var/www/$KEYSERVER_DOMAIN_NAME/mail;";
echo '' >> $keyserver_nginx_site echo '';
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site echo ' rewrite ^/stats /pks/lookup?op=stats;';
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site echo " rewrite ^/s/(.*) /pks/lookup?search=\$1;";
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site echo " rewrite ^/search/(.*) /pks/lookup?search=\$1;";
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site echo " rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo '' >> $keyserver_nginx_site echo '';
echo ' location / {' >> $keyserver_nginx_site echo ' location / {'; } >> $keyserver_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $KEYSERVER_DOMAIN_NAME '128k' nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
echo ' }' >> $keyserver_nginx_site { echo ' }';
echo '' >> $keyserver_nginx_site echo '';
echo ' location /pks {' >> $keyserver_nginx_site echo ' location /pks {';
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site echo " proxy_pass http://127.0.0.1:11373;";
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site echo ' proxy_pass_header Server;';
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";";
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site echo ' proxy_ignore_client_abort on;';
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site echo ' client_max_body_size 8m;';
echo ' client_body_buffer_size 128k;' >> $keyserver_nginx_site echo ' client_body_buffer_size 128k;';
echo ' }' >> $keyserver_nginx_site echo ' }';
echo '}' >> $keyserver_nginx_site echo '}'; } >> $keyserver_nginx_site
function_check create_site_certificate function_check create_site_certificate
if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then

View File

@ -58,7 +58,7 @@ function logging_off_koel {
} }
function koel_remove_gravatar { function koel_remove_gravatar {
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 8345374534
sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" public/js/app.*.js sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" public/js/app.*.js
if ! grep -q "//Vue.set(user, 'avatar'" resources/assets/js/stores/user.js; then if ! grep -q "//Vue.set(user, 'avatar'" resources/assets/js/stores/user.js; then
@ -69,19 +69,19 @@ function koel_remove_gravatar {
function remove_user_koel { function remove_user_koel {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp koel "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp koel
} }
function add_user_koel { function add_user_koel {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a koel -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a koel -p "$new_user_password"
echo '0' echo '0'
} }
function install_interactive_koel { function install_interactive_koel {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -91,42 +91,43 @@ function install_interactive_koel {
KOEL_DETAILS_COMPLETE= KOEL_DETAILS_COMPLETE=
while [ ! $KOEL_DETAILS_COMPLETE ] while [ ! $KOEL_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Koel Configuration" \ --title $"Koel Configuration" \
--form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \ --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
$"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'KOEL_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ $"Code:" 2 1 "$(grep 'KOEL_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Koel Configuration" \ --title $"Koel Configuration" \
--form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \ --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
$"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
KOEL_DOMAIN_NAME=$(cat $data | sed -n 1p) KOEL_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $KOEL_DOMAIN_NAME ]; then if [ "$KOEL_DOMAIN_NAME" ]; then
if [[ $KOEL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ "$KOEL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
KOEL_DOMAIN_NAME="" KOEL_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$KOEL_DOMAIN_NAME TEST_DOMAIN_NAME=$KOEL_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $KOEL_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$KOEL_DOMAIN_NAME" ]]; then
KOEL_DOMAIN_NAME= KOEL_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
KOEL_CODE=$(cat $data | sed -n 2p) KOEL_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$KOEL_CODE" validate_freedns_code "$KOEL_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
KOEL_DOMAIN_NAME= KOEL_DOMAIN_NAME=
fi fi
fi fi
@ -135,6 +136,7 @@ function install_interactive_koel {
if [ $KOEL_DOMAIN_NAME ]; then if [ $KOEL_DOMAIN_NAME ]; then
KOEL_DETAILS_COMPLETE="yes" KOEL_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file
@ -150,23 +152,23 @@ function change_password_koel {
read_config_param 'KOEL_DOMAIN_NAME' read_config_param 'KOEL_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a koel -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a koel -p "$new_user_password"
} }
function koel_create_database { function koel_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
KOEL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" KOEL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $KOEL_ADMIN_PASSWORD ]; then if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
KOEL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" KOEL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $KOEL_ADMIN_PASSWORD ]; then if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database koel "$KOEL_ADMIN_PASSWORD" $MY_USERNAME create_database koel "$KOEL_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_koel { function reconfigure_koel {
@ -174,14 +176,14 @@ function reconfigure_koel {
} }
function koel_import_from_directory { function koel_import_from_directory {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
dialog --title "Choose a directory containing music" --dselect /home/$MY_USERNAME/ 30 60 2> $data dialog --title "Choose a directory containing music" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
selected_dir=$(cat $data) selected_dir=$(cat "$data")
rm $data rm -f "$data"
if [[ "$selected_dir" == '/music' ]]; then if [[ "$selected_dir" == '/music' ]]; then
return return
fi fi
if [ ! -d $selected_dir ]; then if [ ! -d "$selected_dir" ]; then
return return
fi fi
if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@ -197,7 +199,7 @@ function koel_import_from_directory {
dialog --title $"Import music directory" \ dialog --title $"Import music directory" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nImport the directory:\n\n $selected_dir" 12 75 --yesno $"\\nImport the directory:\\n\\n $selected_dir" 12 75
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
@ -214,18 +216,18 @@ function koel_import_from_usb {
clear clear
detect_usb_drive detect_usb_drive
if [ ! -b $USB_DRIVE ]; then if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Import music from USB drive" --msgbox $'No USB drive found' 6 50 dialog --title $"Import music from USB drive" --msgbox $'No USB drive found' 6 50
return return
fi fi
backup_mount_drive ${USB_DRIVE} backup_mount_drive "${USB_DRIVE}"
if [ ! -d $USB_MOUNT/Music ]; then if [ ! -d "$USB_MOUNT/Music" ]; then
dialog --title $"Import music from USB drive" --msgbox $'No Music directory found on USB drive' 6 50 dialog --title $"Import music from USB drive" --msgbox $'No Music directory found on USB drive' 6 50
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
fi fi
cp -ru $USB_MOUNT/Music/* /music cp -ru "$USB_MOUNT/Music/*" /music
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
dialog --title $"Import music from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50 dialog --title $"Import music from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
} }
@ -233,28 +235,26 @@ function koel_export_to_usb {
clear clear
detect_usb_drive detect_usb_drive
if [ ! -b $USB_DRIVE ]; then if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Export music to USB drive" --msgbox $'No USB drive found' 6 50 dialog --title $"Export music to USB drive" --msgbox $'No USB drive found' 6 50
return return
fi fi
backup_mount_drive ${USB_DRIVE} backup_mount_drive "${USB_DRIVE}"
if [ ! -d $USB_MOUNT/Music ]; then if [ ! -d "$USB_MOUNT/Music" ]; then
mkdir -p $USB_MOUNT/Music mkdir -p "$USB_MOUNT/Music"
fi fi
cp -ru /music/* $USB_MOUNT/Music cp -ru /music/* "$USB_MOUNT/Music"
backup_unmount_drive ${USB_DRIVE} backup_unmount_drive "${USB_DRIVE}"
dialog --title $"Export music to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50 dialog --title $"Export music to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
} }
function format_music_drive { function format_music_drive {
detect_usb_drive detect_usb_drive
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Format USB drive $USB_DRIVE for music storage" \ dialog --title $"Format USB drive $USB_DRIVE for music storage" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nPlease confirm that you wish to format drive\n\n ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60 --yesno $"\\nPlease confirm that you wish to format drive\\n\\n ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
@ -265,7 +265,7 @@ function format_music_drive {
echo '' echo ''
echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST." echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
echo '' echo ''
${PROJECT_NAME}-format $USB_DRIVE "${PROJECT_NAME}-format" "$USB_DRIVE"
dialog --title $"Format USB drive $USB_DRIVE for music storage" --msgbox $'Format complete. You may now export music or remove the USB drive' 6 50 dialog --title $"Format USB drive $USB_DRIVE for music storage" --msgbox $'Format complete. You may now export music or remove the USB drive' 6 50
} }
@ -273,8 +273,7 @@ function format_music_drive {
function configure_interactive_koel { function configure_interactive_koel {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Koel" \ --title $"Koel" \
--radiolist $"Choose an operation:" 12 70 5 \ --radiolist $"Choose an operation:" 12 70 5 \
@ -282,24 +281,28 @@ function configure_interactive_koel {
2 $"Import music from USB drive" off \ 2 $"Import music from USB drive" off \
3 $"Export music to USB drive" off \ 3 $"Export music to USB drive" off \
4 $"Format a USB drive for music storage" off \ 4 $"Format a USB drive for music storage" off \
5 $"Exit" on 2> $data 5 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) koel_import_from_directory;; 1) koel_import_from_directory;;
2) koel_import_from_usb;; 2) koel_import_from_usb;;
3) koel_export_to_usb;; 3) koel_export_to_usb;;
4) format_music_drive;; 4) format_music_drive;;
5) break;; 5) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
function upgrade_koel { function upgrade_koel {
if grep -q "koel domain" $COMPLETION_FILE; then if grep -q "koel domain" "$COMPLETION_FILE"; then
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain") KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
fi fi
@ -312,12 +315,12 @@ function upgrade_koel {
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$KOEL_DOMAIN_NAME/htdocs "koel commit" "$KOEL_COMMIT" $KOEL_REPO set_repo_commit "/var/www/$KOEL_DOMAIN_NAME/htdocs" "koel commit" "$KOEL_COMMIT" $KOEL_REPO
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 7345346358
php artisan koel:init php artisan koel:init
koel_remove_gravatar koel_remove_gravatar
chown -R www-data:www-data * chown -R www-data:www-data "/var/www/${KOEL_DOMAIN_NAME}/htdocs/*"
systemctl start koel systemctl start koel
} }
@ -325,20 +328,20 @@ function upgrade_koel {
function backup_local_koel { function backup_local_koel {
KOEL_DOMAIN_NAME='koel' KOEL_DOMAIN_NAME='koel'
if grep -q "koel domain" $COMPLETION_FILE; then if grep -q "koel domain" "$COMPLETION_FILE"; then
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain") KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
fi fi
source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs source_directory="/var/www/${KOEL_DOMAIN_NAME}/htdocs"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
systemctl stop koel systemctl stop koel
dest_directory=koel dest_directory=koel
function_check suspend_site function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME} suspend_site "${KOEL_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb koel backup_database_to_usb koel
@ -351,27 +354,26 @@ function backup_local_koel {
} }
function restore_local_koel { function restore_local_koel {
if ! grep -q "koel domain" $COMPLETION_FILE; then if ! grep -q "koel domain" "$COMPLETION_FILE"; then
return return
fi fi
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain") KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
if [ $KOEL_DOMAIN_NAME ]; then if [ "$KOEL_DOMAIN_NAME" ]; then
echo $"Restoring koel" echo $"Restoring koel"
systemctl stop koel systemctl stop koel
temp_restore_dir=/root/tempkoel temp_restore_dir=/root/tempkoel
koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
function_check koel_create_database function_check koel_create_database
koel_create_database koel_create_database
restore_database koel ${KOEL_DOMAIN_NAME} restore_database koel "${KOEL_DOMAIN_NAME}"
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
cd /var/www/$KOEL_DOMAIN_NAME/htdocs cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 274825424
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
MARIADB_PASSWORD= MARIADB_PASSWORD=
@ -380,14 +382,14 @@ function restore_local_koel {
} }
function backup_remote_koel { function backup_remote_koel {
if grep -q "koel domain" $COMPLETION_FILE; then if grep -q "koel domain" "$COMPLETION_FILE"; then
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain") KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
systemctl stop koel systemctl stop koel
function_check suspend_site function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME} suspend_site "${KOEL_DOMAIN_NAME}"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend koel backup_database_to_friend koel
@ -395,7 +397,7 @@ function backup_remote_koel {
echo $"Backing up Koel installation" echo $"Backing up Koel installation"
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir koel backup_directory_to_friend "$temp_backup_dir" koel
function_check restart_site function_check restart_site
restart_site restart_site
@ -408,7 +410,7 @@ function backup_remote_koel {
} }
function restore_remote_koel { function restore_remote_koel {
if grep -q "koel domain" $COMPLETION_FILE; then if grep -q "koel domain" "$COMPLETION_FILE"; then
echo $"Restoring koel" echo $"Restoring koel"
systemctl stop koel systemctl stop koel
@ -419,13 +421,13 @@ function restore_remote_koel {
koel_create_database koel_create_database
function_check restore_database_from_friend function_check restore_database_from_friend
restore_database_from_friend koel ${KOEL_DOMAIN_NAME} restore_database_from_friend koel "${KOEL_DOMAIN_NAME}"
if [ -d /root/tempkoel ]; then if [ -d /root/tempkoel ]; then
rm -rf /root/tempkoel rm -rf /root/tempkoel
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
cd /var/www/$KOEL_DOMAIN_NAME/htdocs cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 53743682
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
MARIADB_PASSWORD= MARIADB_PASSWORD=
@ -453,14 +455,14 @@ function remove_koel {
read_config_param "KOEL_DOMAIN_NAME" read_config_param "KOEL_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $KOEL_DOMAIN_NAME" echo "Removing $KOEL_DOMAIN_NAME"
nginx_dissite $KOEL_DOMAIN_NAME nginx_dissite "$KOEL_DOMAIN_NAME"
remove_certs $KOEL_DOMAIN_NAME remove_certs "$KOEL_DOMAIN_NAME"
if [ -d /var/www/$KOEL_DOMAIN_NAME ]; then if [ -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
rm -rf /var/www/$KOEL_DOMAIN_NAME rm -rf "/var/www/$KOEL_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$KOEL_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$KOEL_DOMAIN_NAME rm "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database koel drop_database koel
@ -468,15 +470,15 @@ function remove_koel {
remove_onion_service koel ${KOEL_ONION_PORT} remove_onion_service koel ${KOEL_ONION_PORT}
remove_app koel remove_app koel
remove_completion_param install_koel remove_completion_param install_koel
sed -i '/koel/d' $COMPLETION_FILE sed -i '/koel/d' "$COMPLETION_FILE"
remove_backup_database_local koel remove_backup_database_local koel
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $KOEL_DOMAIN_NAME remove_ddns_domain "$KOEL_DOMAIN_NAME"
} }
function install_koel_main { function install_koel_main {
if [ ! $KOEL_DOMAIN_NAME ]; then if [ ! "$KOEL_DOMAIN_NAME" ]; then
echo $'No domain name was given for koel' echo $'No domain name was given for koel'
exit 7359 exit 7359
fi fi
@ -498,177 +500,186 @@ function install_koel_main {
apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
apt-get -yq install ffmpeg apt-get -yq install ffmpeg
if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then if [ ! -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
mkdir /var/www/$KOEL_DOMAIN_NAME mkdir "/var/www/$KOEL_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/koel ]; then if [ -d /repos/koel ]; then
mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs mkdir "/var/www/$KOEL_DOMAIN_NAME/htdocs"
cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs cp -r -p /repos/koel/. "/var/www/$KOEL_DOMAIN_NAME/htdocs"
cd /var/www/$KOEL_DOMAIN_NAME/htdocs cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 23924295
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs git_clone "$KOEL_REPO" "/var/www/$KOEL_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone koel repo' echo $'Unable to clone koel repo'
exit 365735 exit 365735
fi fi
fi fi
cd /var/www/$KOEL_DOMAIN_NAME/htdocs cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 834567242
git checkout $KOEL_COMMIT -b $KOEL_COMMIT git checkout "$KOEL_COMMIT" -b "$KOEL_COMMIT"
set_completion_param "koel commit" "$KOEL_COMMIT" set_completion_param "koel commit" "$KOEL_COMMIT"
chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
function_check koel_create_database function_check koel_create_database
koel_create_database koel_create_database
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $KOEL_DOMAIN_NAME add_ddns_domain "$KOEL_DOMAIN_NAME"
KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
koel_nginx_site=/etc/nginx/sites-available/$KOEL_DOMAIN_NAME koel_nginx_site=/etc/nginx/sites-available/$KOEL_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $KOEL_DOMAIN_NAME "index index.php" nginx_http_redirect "$KOEL_DOMAIN_NAME" "index index.php"
echo 'server {' >> $koel_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $koel_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $koel_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site echo " server_name $KOEL_DOMAIN_NAME;";
echo '' >> $koel_nginx_site echo ''; } >> "$koel_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $KOEL_DOMAIN_NAME nginx_compress "$KOEL_DOMAIN_NAME"
echo ' gzip_comp_level 9;' >> $koel_nginx_site { echo ' gzip_comp_level 9;';
echo '' >> $koel_nginx_site echo '';
echo ' # Security' >> $koel_nginx_site echo ' # Security'; } >> "$koel_nginx_site"
function_check nginx_ssl mobile function_check nginx_ssl mobile
nginx_ssl $KOEL_DOMAIN_NAME nginx_ssl "$KOEL_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $KOEL_DOMAIN_NAME nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $koel_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $koel_nginx_site echo '';
echo ' # Logs' >> $koel_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $koel_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $koel_nginx_site echo ' error_log /dev/null;';
echo '' >> $koel_nginx_site echo '';
echo ' # Root' >> $koel_nginx_site echo ' # Root';
echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
echo '' >> $koel_nginx_site echo '';
echo ' # Index' >> $koel_nginx_site echo ' # Index';
echo ' index index.php;' >> $koel_nginx_site echo ' index index.php;';
echo '' >> $koel_nginx_site echo '';
echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/';
echo ' if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site echo " if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
echo ' return 404;' >> $koel_nginx_site echo ' return 404;';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' location /media/ {' >> $koel_nginx_site echo ' location /media/ {';
echo ' internal;' >> $koel_nginx_site echo ' internal;';
echo '' >> $koel_nginx_site echo '';
echo ' # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site echo ' # A X-Media-Root should be set to media_path settings from upstream';
echo ' alias $upstream_http_x_media_root;' >> $koel_nginx_site echo " alias \$upstream_http_x_media_root;";
echo '' >> $koel_nginx_site echo '';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # PHP' >> $koel_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $koel_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $koel_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # Location' >> $koel_nginx_site echo ' # Location';
echo ' location / {' >> $koel_nginx_site echo ' location / {'; } >> "$koel_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $KOEL_DOMAIN_NAME '15m' nginx_limits "$KOEL_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @koel;' >> $koel_nginx_site { echo " try_files \$uri \$uri/ @koel;";
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # Fancy URLs' >> $koel_nginx_site echo ' # Fancy URLs';
echo ' location @koel {' >> $koel_nginx_site echo ' location @koel {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $koel_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $koel_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $koel_nginx_site echo ' deny all;';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo '}' >> $koel_nginx_site echo '}'; } >> "$koel_nginx_site"
else else
echo -n '' > $koel_nginx_site echo -n '' > "$koel_nginx_site"
fi
if [[ "$ONION_ONLY" == 'no' ]]; then
{ echo 'server {';
echo " listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
echo " server_name $KOEL_DOMAIN_NAME;";
echo ''; } >> "$koel_nginx_site"
else
{ echo 'server {';
echo " listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
echo " server_name $KOEL_ONION_HOSTNAME;";
echo ''; } >> "$koel_nginx_site"
fi fi
echo 'server {' >> $koel_nginx_site
echo " listen 127.0.0.1:$KOEL_ONION_PORT default_server;" >> $koel_nginx_site
echo " server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
echo '' >> $koel_nginx_site
function_check nginx_compress function_check nginx_compress
nginx_compress $KOEL_DOMAIN_NAME nginx_compress "$KOEL_DOMAIN_NAME"
echo ' gzip_comp_level 9;' >> $koel_nginx_site { echo ' gzip_comp_level 9;';
echo '' >> $koel_nginx_site echo '';
echo ' # Logs' >> $koel_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $koel_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $koel_nginx_site echo ' error_log /dev/null;';
echo '' >> $koel_nginx_site echo '';
echo ' # Root' >> $koel_nginx_site echo ' # Root';
echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
echo '' >> $koel_nginx_site echo '';
echo ' # Index' >> $koel_nginx_site echo ' # Index';
echo ' index index.php;' >> $koel_nginx_site echo ' index index.php;';
echo '' >> $koel_nginx_site echo '';
echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/';
echo ' if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site echo " if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
echo ' return 404;' >> $koel_nginx_site echo ' return 404;';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' location /media/ {' >> $koel_nginx_site echo ' location /media/ {';
echo ' internal;' >> $koel_nginx_site echo ' internal;';
echo '' >> $koel_nginx_site echo '';
echo ' # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site echo ' # A X-Media-Root should be set to media_path settings from upstream';
echo ' alias $upstream_http_x_media_root;' >> $koel_nginx_site echo " alias \$upstream_http_x_media_root;";
echo '' >> $koel_nginx_site echo '';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # PHP' >> $koel_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $koel_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $koel_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # Location' >> $koel_nginx_site echo ' # Location';
echo ' location / {' >> $koel_nginx_site echo ' location / {'; } >> "$koel_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $KOEL_DOMAIN_NAME '15m' nginx_limits "$KOEL_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @koel;' >> $koel_nginx_site { echo " try_files \$uri \$uri/ @koel;";
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # Fancy URLs' >> $koel_nginx_site echo ' # Fancy URLs';
echo ' location @koel {' >> $koel_nginx_site echo ' location @koel {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $koel_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $koel_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $koel_nginx_site echo ' deny all;';
echo ' }' >> $koel_nginx_site echo ' }';
echo '' >> $koel_nginx_site echo '';
echo '}' >> $koel_nginx_site echo '}'; } >> "$koel_nginx_site"
sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' $koel_nginx_site sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' "$koel_nginx_site"
sed -i 's|DENY;|SAMEORIGIN;|g' $koel_nginx_site sed -i 's|DENY;|SAMEORIGIN;|g' "$koel_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $KOEL_DOMAIN_NAME 'yes' create_site_certificate "$KOEL_DOMAIN_NAME" 'yes'
# Ensure that the database gets backed up locally, if remote # Ensure that the database gets backed up locally, if remote
# backups are not being used # backups are not being used
@ -679,20 +690,13 @@ function install_koel_main {
backup_database_local koel backup_database_local koel
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $KOEL_DOMAIN_NAME nginx_ensite "$KOEL_DOMAIN_NAME"
KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
KOEL_SERVER=${KOEL_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
KOEL_SERVER=${KOEL_ONION_HOSTNAME}
fi
systemctl restart mariadb systemctl restart mariadb
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a koel -p "$KOEL_ADMIN_PASSWORD"
set_completion_param "koel domain" "$KOEL_DOMAIN_NAME" set_completion_param "koel domain" "$KOEL_DOMAIN_NAME"
@ -709,7 +713,7 @@ function install_koel {
install_koel_main install_koel_main
cd /var/www/$KOEL_DOMAIN_NAME/htdocs cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 2432848
install_composer install_composer
npm install -g yarn npm install -g yarn
@ -731,30 +735,29 @@ function install_koel {
sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
php artisan koel:init if ! php artisan koel:init; then
if [ ! "$?" = "0" ]; then
echo $"Can't install koel:init" echo $"Can't install koel:init"
exit 78362 exit 78362
fi fi
koel_remove_gravatar koel_remove_gravatar
chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
# daemon # daemon
echo '[Unit]' > /etc/systemd/system/koel.service { echo '[Unit]';
echo 'Description=Koel (music player)' >> /etc/systemd/system/koel.service echo 'Description=Koel (music player)';
echo 'After=syslog.target' >> /etc/systemd/system/koel.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/koel.service echo 'After=network.target';
echo '' >> /etc/systemd/system/koel.service echo '';
echo '[Service]' >> /etc/systemd/system/koel.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/koel.service echo 'Type=simple';
echo 'User=www-data' >> /etc/systemd/system/koel.service echo 'User=www-data';
echo 'Group=www-data' >> /etc/systemd/system/koel.service echo 'Group=www-data';
echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs" >> /etc/systemd/system/koel.service echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs";
echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT" >> /etc/systemd/system/koel.service echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT";
echo 'Restart=on-failure' >> /etc/systemd/system/koel.service echo 'Restart=on-failure';
echo '' >> /etc/systemd/system/koel.service echo '';
echo '[Install]' >> /etc/systemd/system/koel.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/koel.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/koel.service
systemctl enable koel.service systemctl enable koel.service
systemctl daemon-reload systemctl daemon-reload
systemctl start koel.service systemctl start koel.service

View File

@ -55,14 +55,14 @@ function logging_off_lychee {
} }
function lychee_create_database { function lychee_create_database {
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $LYCHEE_ADMIN_PASSWORD ]; then if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
return return
fi fi
@ -73,7 +73,7 @@ function lychee_create_database {
function remove_user_lychee { function remove_user_lychee {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp lychee "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
} }
function add_user_lychee { function add_user_lychee {
@ -85,13 +85,13 @@ function add_user_lychee {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"
echo '0' echo '0'
} }
function install_interactive_lychee { function install_interactive_lychee {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -110,12 +110,12 @@ function configure_interactive_lychee {
get_mariadb_password get_mariadb_password
dialog --title $"Lychee Configuration" \ dialog --title $"Lychee Configuration" \
--msgbox $"\nYou can initially install the system with:\n\n Username: root\n Password: $MARIADB_PASSWORD" 10 70 --msgbox $"\\nYou can initially install the system with:\\n\\n Username: root\\n Password: $MARIADB_PASSWORD" 10 70
} }
function change_password_lychee { function change_password_lychee {
LYCHEE_USERNAME="$1" # LYCHEE_USERNAME="$1"
LYCHEE_PASSWORD="$2" LYCHEE_PASSWORD="$2"
if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
echo $'Lychee password is too short' echo $'Lychee password is too short'
@ -143,56 +143,56 @@ function upgrade_lychee {
function backup_local_lychee { function backup_local_lychee {
LYCHEE_DOMAIN_NAME='lychee.local' LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi fi
lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
if [ -d $lychee_path ]; then if [ -d "$lychee_path" ]; then
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb lychee backup_database_to_usb lychee
backup_directory_to_usb $lychee_path lychee backup_directory_to_usb "$lychee_path" lychee
restart_site restart_site
fi fi
} }
function restore_local_lychee { function restore_local_lychee {
LYCHEE_DOMAIN_NAME='lychee.local' LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi fi
if [ $LYCHEE_DOMAIN_NAME ]; then if [ "$LYCHEE_DOMAIN_NAME" ]; then
suspend_site ${LYCHEE_DOMAIN_NAME} suspend_site "${LYCHEE_DOMAIN_NAME}"
function_check lychee_create_database function_check lychee_create_database
lychee_create_database lychee_create_database
function_check restore_database function_check restore_database
restore_database lychee ${LYCHEE_DOMAIN_NAME} restore_database lychee "${LYCHEE_DOMAIN_NAME}"
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
MARIADB_PASSWORD= MARIADB_PASSWORD=
fi fi
restart_site restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/ chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
fi fi
} }
function backup_remote_lychee { function backup_remote_lychee {
LYCHEE_DOMAIN_NAME='lychee.local' LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi fi
temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
suspend_site ${LYCHEE_DOMAIN_NAME} suspend_site "${LYCHEE_DOMAIN_NAME}"
backup_database_to_friend lychee backup_database_to_friend lychee
backup_directory_to_friend $temp_backup_dir lychee backup_directory_to_friend "$temp_backup_dir" lychee
restart_site restart_site
else else
echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}" echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
@ -202,27 +202,27 @@ function backup_remote_lychee {
function restore_remote_lychee { function restore_remote_lychee {
LYCHEE_DOMAIN_NAME='lychee.local' LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi fi
suspend_site ${LYCHEE_DOMAIN_NAME} suspend_site "${LYCHEE_DOMAIN_NAME}"
function_check restore_database_from_friend function_check restore_database_from_friend
function_check lychee_create_database function_check lychee_create_database
lychee_create_database lychee_create_database
restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME} restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
MARIADB_PASSWORD= MARIADB_PASSWORD=
fi fi
restart_site restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/ chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
} }
function remove_lychee { function remove_lychee {
@ -231,181 +231,181 @@ function remove_lychee {
fi fi
read_config_param "LYCHEE_DOMAIN_NAME" read_config_param "LYCHEE_DOMAIN_NAME"
nginx_dissite $LYCHEE_DOMAIN_NAME nginx_dissite "$LYCHEE_DOMAIN_NAME"
remove_certs ${LYCHEE_DOMAIN_NAME} remove_certs "${LYCHEE_DOMAIN_NAME}"
drop_database lychee drop_database lychee
remove_backup_database_local lychee remove_backup_database_local lychee
if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
fi fi
if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
rm -rf /var/www/$LYCHEE_DOMAIN_NAME rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
fi fi
remove_config_param LYCHEE_DOMAIN_NAME remove_config_param LYCHEE_DOMAIN_NAME
remove_config_param LYCHEE_CODE remove_config_param LYCHEE_CODE
function_check remove_onion_service function_check remove_onion_service
remove_onion_service lychee ${LYCHEE_ONION_PORT} remove_onion_service lychee "${LYCHEE_ONION_PORT}"
remove_completion_param "install_lychee" remove_completion_param "install_lychee"
sed -i '/Lychee/d' $COMPLETION_FILE sed -i '/Lychee/d' "$COMPLETION_FILE"
sed -i '/lychee/d' $COMPLETION_FILE sed -i '/lychee/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $LYCHEE_DOMAIN_NAME remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
} }
function install_lychee_website { function install_lychee_website {
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $LYCHEE_DOMAIN_NAME nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
echo " server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " server_name $LYCHEE_DOMAIN_NAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' index index.html;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $LYCHEE_DOMAIN_NAME nginx_ssl "$LYCHEE_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $LYCHEE_DOMAIN_NAME nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $LYCHEE_DOMAIN_NAME nginx_limits "$LYCHEE_DOMAIN_NAME"
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.php$ {';
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.html;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_index index.html;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
} }
function install_lychee_website_onion { function install_lychee_website_onion {
echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
echo " server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " server_name $LYCHEE_ONION_HOSTNAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' index index.html;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $LYCHEE_DOMAIN_NAME nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # rewrite to front controller as default rule';
echo ' location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $LYCHEE_DOMAIN_NAME nginx_limits "$LYCHEE_DOMAIN_NAME"
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # or a unix socket';
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $LYCHEE_DOMAIN_NAME nginx_limits "$LYCHEE_DOMAIN_NAME"
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME { echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " try_files \$uri \$uri/ /index.html;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_index index.html;';
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '';
echo ' #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' #deny access to store';
echo ' location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /store {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
} }
function install_lychee_from_repo { function install_lychee_from_repo {
if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
mkdir /var/www/$LYCHEE_DOMAIN_NAME mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
fi fi
cd /var/www/$LYCHEE_DOMAIN_NAME cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246
if [ -d /repos/lychee ]; then if [ -d /repos/lychee ]; then
mkdir htdocs mkdir htdocs
cp -r -p /repos/lychee/. htdocs cp -r -p /repos/lychee/. htdocs
cd htdocs cd htdocs || exit 963756345
git pull git pull
else else
git_clone $LYCHEE_REPO htdocs git_clone "$LYCHEE_REPO" htdocs
fi fi
cd htdocs cd htdocs || exit 1437534858
git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
set_completion_param "lychee commit" "$LYCHEE_COMMIT" set_completion_param "lychee commit" "$LYCHEE_COMMIT"
} }
@ -414,7 +414,7 @@ function install_lychee {
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $LYCHEE_DOMAIN_NAME ]; then if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
echo $'The lychee domain name was not specified' echo $'The lychee domain name was not specified'
exit 543672 exit 543672
fi fi
@ -429,7 +429,7 @@ function install_lychee {
function_check install_lychee_website function_check install_lychee_website
install_lychee_website install_lychee_website
else else
echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
fi fi
LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT}) LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})
@ -438,23 +438,23 @@ function install_lychee {
install_lychee_website_onion install_lychee_website_onion
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $LYCHEE_DOMAIN_NAME 'yes' create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'
function_check configure_php function_check configure_php
configure_php configure_php
chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/ chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/ chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $LYCHEE_DOMAIN_NAME nginx_ensite "$LYCHEE_DOMAIN_NAME"
function_check install_mariadb function_check install_mariadb
install_mariadb install_mariadb
@ -469,10 +469,10 @@ function install_lychee {
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $LYCHEE_DOMAIN_NAME add_ddns_domain "$LYCHEE_DOMAIN_NAME"
set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME" set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -58,15 +58,15 @@ function logging_off_mailpile {
function remove_user_mailpile { function remove_user_mailpile {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp mailpile
} }
function add_user_mailpile { function add_user_mailpile {
${PROJECT_NAME}-pass -u $1 -a mailpile -p "$2" "${PROJECT_NAME}-pass" -u "$1" -a mailpile -p "$2"
} }
function install_interactive_mailpile { function install_interactive_mailpile {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -93,7 +93,7 @@ function upgrade_mailpile {
read_config_param "MAILPILE_DOMAIN_NAME" read_config_param "MAILPILE_DOMAIN_NAME"
CURR_COMMIT=$MAILPILE_COMMIT CURR_COMMIT=$MAILPILE_COMMIT
if grep -q "mailpile commit" $COMPLETION_FILE; then if grep -q "mailpile commit" "$COMPLETION_FILE"; then
CURR_COMMIT=$(get_completion_param "mailpile commit") CURR_COMMIT=$(get_completion_param "mailpile commit")
fi fi
if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
@ -103,10 +103,10 @@ function upgrade_mailpile {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
cd /var/www/$MAILPILE_DOMAIN_NAME/mail cd "/var/www/$MAILPILE_DOMAIN_NAME/mail" || exit 2346836535
pip install -r requirements.txt pip install -r requirements.txt
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
} }
function backup_local_mailpile { function backup_local_mailpile {
@ -136,16 +136,16 @@ function remove_mailpile {
systemctl daemon-reload systemctl daemon-reload
read_config_param "MAILPILE_DOMAIN_NAME" read_config_param "MAILPILE_DOMAIN_NAME"
nginx_dissite $MAILPILE_DOMAIN_NAME nginx_dissite "$MAILPILE_DOMAIN_NAME"
remove_certs ${MAILPILE_DOMAIN_NAME} remove_certs "${MAILPILE_DOMAIN_NAME}"
if [ -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME"
fi fi
if [ -d /var/www/$MAILPILE_DOMAIN_NAME ]; then if [ -d "/var/www/$MAILPILE_DOMAIN_NAME" ]; then
rm -rf /var/www/$MAILPILE_DOMAIN_NAME rm -rf "/var/www/$MAILPILE_DOMAIN_NAME"
fi fi
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $MAILPILE_DOMAIN_NAME remove_ddns_domain "$MAILPILE_DOMAIN_NAME"
groupdel -f mailpile groupdel -f mailpile
userdel -r mailpile userdel -r mailpile
@ -158,8 +158,8 @@ function remove_mailpile {
enable_email_encryption_at_rest enable_email_encryption_at_rest
sed -i '/Mailpile/d' $COMPLETION_FILE sed -i '/Mailpile/d' "$COMPLETION_FILE"
sed -i '/mailpile/d' $COMPLETION_FILE sed -i '/mailpile/d' "$COMPLETION_FILE"
} }
function install_mailpile { function install_mailpile {
@ -178,7 +178,7 @@ function install_mailpile {
mkdir /var/www/$MAILPILE_DOMAIN_NAME mkdir /var/www/$MAILPILE_DOMAIN_NAME
fi fi
cd /var/www/$MAILPILE_DOMAIN_NAME cd "/var/www/$MAILPILE_DOMAIN_NAME" || exit 264826484
if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
fi fi
@ -186,13 +186,13 @@ function install_mailpile {
if [ -d /repos/mailpile ]; then if [ -d /repos/mailpile ]; then
mkdir mail mkdir mail
cp -r -p /repos/mailpile/. mail cp -r -p /repos/mailpile/. mail
cd mail cd mail || exit 245728482
git pull git pull
else else
git_clone $MAILPILE_REPO mail git_clone $MAILPILE_REPO mail
fi fi
cd mail cd mail || exit 246872468
git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
set_completion_param "mailpile commit" "$MAILPILE_COMMIT" set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
@ -206,8 +206,8 @@ function install_mailpile {
adduser mailpile debian-tor adduser mailpile debian-tor
adduser mailpile www-data adduser mailpile www-data
adduser mailpile mail adduser mailpile mail
adduser mailpile $MY_USERNAME adduser mailpile "$MY_USERNAME"
if [[ $ONION_ONLY == 'no' ]]; then if [[ "$ONION_ONLY" == 'no' ]]; then
chgrp -R ssl-cert /etc/letsencrypt chgrp -R ssl-cert /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt chmod -R g=rX /etc/letsencrypt
usermod -a -G ssl-cert mailpile usermod -a -G ssl-cert mailpile
@ -219,89 +219,89 @@ function install_mailpile {
MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT}) MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT})
echo '[Unit]' > /etc/systemd/system/mailpile.service { echo '[Unit]';
echo 'Description=Mailpile Email Client' >> /etc/systemd/system/mailpile.service echo 'Description=Mailpile Email Client';
echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/mailpile.service echo 'After=syslog.target network.target nginx.target';
echo '' >> /etc/systemd/system/mailpile.service echo '';
echo '[Service]' >> /etc/systemd/system/mailpile.service echo '[Service]';
echo 'User=mailpile' >> /etc/systemd/system/mailpile.service echo 'User=mailpile';
echo 'Group=mailpile' >> /etc/systemd/system/mailpile.service echo 'Group=mailpile';
echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail" >> /etc/systemd/system/mailpile.service echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail";
echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait" >> /etc/systemd/system/mailpile.service echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait";
echo 'Restart=always' >> /etc/systemd/system/mailpile.service echo 'Restart=always';
echo 'RestartSec=10' >> /etc/systemd/system/mailpile.service echo 'RestartSec=10';
echo '' >> /etc/systemd/system/mailpile.service echo '';
echo '[Install]' >> /etc/systemd/system/mailpile.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mailpile.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mailpile.service
chmod +x /etc/systemd/system/mailpile.service chmod +x /etc/systemd/system/mailpile.service
mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $MAILPILE_DOMAIN_NAME nginx_http_redirect $MAILPILE_DOMAIN_NAME
echo 'server {' >> $mailpile_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $mailpile_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $mailpile_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site echo " server_name $MAILPILE_DOMAIN_NAME;";
echo '' >> $mailpile_nginx_site echo '';
echo ' # Security' >> $mailpile_nginx_site echo ' # Security'; } >> $mailpile_nginx_site
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $MAILPILE_DOMAIN_NAME nginx_ssl $MAILPILE_DOMAIN_NAME
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MAILPILE_DOMAIN_NAME nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $mailpile_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $mailpile_nginx_site echo '';
echo ' # Logs' >> $mailpile_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $mailpile_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $mailpile_nginx_site echo ' error_log /dev/null;';
echo '' >> $mailpile_nginx_site echo '';
echo ' # Root' >> $mailpile_nginx_site echo ' # Root';
echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
echo '' >> $mailpile_nginx_site echo '';
echo ' location / {' >> $mailpile_nginx_site echo ' location / {'; } >> $mailpile_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $MAILPILE_DOMAIN_NAME '15m' nginx_limits $MAILPILE_DOMAIN_NAME '15m'
echo ' rewrite /(.*) /$1 break;' >> $mailpile_nginx_site { echo " rewrite /(.*) /\$1 break;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $http_host;' >> $mailpile_nginx_site echo " proxy_set_header Host \$http_host;";
echo ' proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site echo ' proxy_set_header X-NginX-Proxy true;';
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site echo " proxy_pass http://localhost:${MAILPILE_PORT};";
echo ' proxy_redirect off;' >> $mailpile_nginx_site echo ' proxy_redirect off;';
echo ' }' >> $mailpile_nginx_site echo ' }';
echo '}' >> $mailpile_nginx_site echo '}';
echo '' >> $mailpile_nginx_site echo ''; } >> $mailpile_nginx_site
else else
echo -n '' > $mailpile_nginx_site echo -n '' > $mailpile_nginx_site
fi fi
echo 'server {' >> $mailpile_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;" >> $mailpile_nginx_site echo " listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
echo " server_name $MAILPILE_ONION_HOSTNAME;" >> $mailpile_nginx_site echo " server_name $MAILPILE_ONION_HOSTNAME;";
echo '' >> $mailpile_nginx_site echo ''; } >> $mailpile_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MAILPILE_DOMAIN_NAME nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
echo '' >> $mailpile_nginx_site { echo '';
echo ' # Logs' >> $mailpile_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $mailpile_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $mailpile_nginx_site echo ' error_log /dev/null;';
echo '' >> $mailpile_nginx_site echo '';
echo ' # Root' >> $mailpile_nginx_site echo ' # Root';
echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
echo '' >> $mailpile_nginx_site echo '';
echo ' location / {' >> $mailpile_nginx_site echo ' location / {'; } >> $mailpile_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $MAILPILE_DOMAIN_NAME '15m' nginx_limits $MAILPILE_DOMAIN_NAME '15m'
echo ' rewrite /(.*) /$1 break;' >> $mailpile_nginx_site { echo " rewrite /(.*) /\$1 break;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $http_host;' >> $mailpile_nginx_site echo " proxy_set_header Host \$http_host;";
echo ' proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site echo ' proxy_set_header X-NginX-Proxy true;';
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site echo " proxy_pass http://localhost:${MAILPILE_PORT};";
echo ' proxy_redirect off;' >> $mailpile_nginx_site echo ' proxy_redirect off;';
echo ' }' >> $mailpile_nginx_site echo ' }';
echo '}' >> $mailpile_nginx_site echo '}'; } >> $mailpile_nginx_site
function_check create_site_certificate function_check create_site_certificate
if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
@ -322,7 +322,7 @@ function install_mailpile {
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $MAILPILE_DOMAIN_NAME nginx_ensite $MAILPILE_DOMAIN_NAME
${PROJECT_NAME}-pass -u $MY_USERNAME -a mailpile -p "*" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mailpile -p "*"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $MAILPILE_DOMAIN_NAME add_ddns_domain $MAILPILE_DOMAIN_NAME
@ -336,7 +336,7 @@ function install_mailpile {
if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
fi fi
cp -r /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/ cp -r "/home/$MY_USERNAME/.gnupg" "/var/www/$MAILPILE_DOMAIN_NAME/mail/"
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
@ -348,8 +348,8 @@ function install_mailpile {
sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
# set ssl certs, just in case we want to use them later # set ssl certs, just in case we want to use them later
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_key =.*|ssl_key = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s|#ssl_key =.*|ssl_key = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/dovecot/conf.d/10-ssl.conf

View File

@ -71,21 +71,21 @@ function matrix_expire_old_posts {
read_config_param MATRIX_PORT read_config_param MATRIX_PORT
matrix_remove_posts=/usr/bin/matrix-remove matrix_remove_posts=/usr/bin/matrix-remove
echo '#!/bin/bash' > $matrix_remove_posts { echo '#!/bin/bash';
echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_posts echo "cd $MATRIX_DATA_DIR";
echo 'ROOM=$1' >> $matrix_remove_posts echo "ROOM=\$1";
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_posts echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'" >> $matrix_remove_posts echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'";
echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")" >> $matrix_remove_posts echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")";
echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_posts echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")" >> $matrix_remove_posts echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")";
echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')";
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_posts echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x' >> $matrix_remove_posts echo 'set -x';
echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN" >> $matrix_remove_posts echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN"; } > $matrix_remove_posts
chmod +x $matrix_remove_posts chmod +x $matrix_remove_posts
} }
@ -127,109 +127,109 @@ function logging_off_matrix {
function matrix_nginx { function matrix_nginx {
matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > $matrix_nginx_site { echo 'server {';
echo " listen 0.0.0.0:443;" >> $matrix_nginx_site echo " listen 0.0.0.0:443;";
echo " server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site echo " server_name ${MATRIX_DOMAIN_NAME};";
echo '' >> $matrix_nginx_site echo '';
echo ' # Security' >> $matrix_nginx_site echo ' # Security'; } > $matrix_nginx_site
function_check nginx_ssl function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME} nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${MATRIX_DOMAIN_NAME} nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Logs' >> $matrix_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $matrix_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $matrix_nginx_site echo ' error_log /dev/null;';
echo '' >> $matrix_nginx_site echo '';
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site echo ' root /var/lib/matrix/media_store;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Index' >> $matrix_nginx_site echo ' # Index';
echo ' index index.html;' >> $matrix_nginx_site echo ' index index.html;';
echo '' >> $matrix_nginx_site echo '';
echo ' location /_matrix {' >> $matrix_nginx_site echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m' nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site { echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }' >> $matrix_nginx_site echo ' }';
echo '}' >> $matrix_nginx_site echo '}';
echo '' >> $matrix_nginx_site echo '';
echo 'server {' >> $matrix_nginx_site echo 'server {';
echo " listen 0.0.0.0:${MATRIX_HTTP_PORT};" >> $matrix_nginx_site echo " listen 0.0.0.0:${MATRIX_HTTP_PORT};";
echo " server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site echo " server_name ${MATRIX_DOMAIN_NAME};";
echo '' >> $matrix_nginx_site echo '';
echo ' # Security' >> $matrix_nginx_site echo ' # Security'; } >> $matrix_nginx_site
function_check nginx_ssl function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME} nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${MATRIX_DOMAIN_NAME} nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Logs' >> $matrix_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $matrix_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $matrix_nginx_site echo ' error_log /dev/null;';
echo '' >> $matrix_nginx_site echo '';
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site echo ' root /var/lib/matrix/media_store;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Index' >> $matrix_nginx_site echo ' # Index';
echo ' index index.html;' >> $matrix_nginx_site echo ' index index.html;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Location' >> $matrix_nginx_site echo ' # Location';
echo ' location /_matrix {' >> $matrix_nginx_site echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m' nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site { echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }' >> $matrix_nginx_site echo ' }';
echo '}' >> $matrix_nginx_site echo '}';
echo '' >> $matrix_nginx_site echo ''; } >> $matrix_nginx_site
else else
echo -n '' > $matrix_nginx_site echo -n '' > $matrix_nginx_site
fi fi
echo 'server {' >> $matrix_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;" >> $matrix_nginx_site echo " listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
echo " server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site echo " server_name $MATRIX_DOMAIN_NAME;";
echo '' >> $matrix_nginx_site echo ''; } >> $matrix_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MATRIX_DOMAIN_NAME nginx_disable_sniffing $MATRIX_DOMAIN_NAME
echo '' >> $matrix_nginx_site { echo '';
echo ' # Logs' >> $matrix_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $matrix_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $matrix_nginx_site echo ' error_log /dev/null;';
echo '' >> $matrix_nginx_site echo '';
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site echo ' root /var/lib/matrix/media_store;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Location' >> $matrix_nginx_site echo ' # Location';
echo ' location /_matrix {' >> $matrix_nginx_site echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m' nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site { echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }' >> $matrix_nginx_site echo ' }';
echo '}' >> $matrix_nginx_site echo '}';
echo '' >> $matrix_nginx_site echo '';
echo 'server {' >> $matrix_nginx_site echo 'server {';
echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
echo " server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site echo " server_name $MATRIX_DOMAIN_NAME;";
echo '' >> $matrix_nginx_site echo ''; } >> $matrix_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MATRIX_DOMAIN_NAME nginx_disable_sniffing $MATRIX_DOMAIN_NAME
echo '' >> $matrix_nginx_site { echo '';
echo ' # Logs' >> $matrix_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $matrix_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $matrix_nginx_site echo ' error_log /dev/null;';
echo '' >> $matrix_nginx_site echo '';
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site echo ' root /var/lib/matrix/media_store;';
echo '' >> $matrix_nginx_site echo '';
echo ' # Location' >> $matrix_nginx_site echo ' # Location';
echo ' location /_matrix {' >> $matrix_nginx_site echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m' nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site { echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }' >> $matrix_nginx_site echo ' }';
echo '}' >> $matrix_nginx_site echo '}'; } >> $matrix_nginx_site
if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs
@ -242,7 +242,7 @@ function matrix_nginx {
function matrix_generate_homeserver_file { function matrix_generate_homeserver_file {
local filepath="${1}" local filepath="${1}"
cd /etc/matrix cd /etc/matrix || exit 468246824
python -m synapse.app.homeserver \ python -m synapse.app.homeserver \
--config-path "${filepath}" \ --config-path "${filepath}" \
--generate-config \ --generate-config \
@ -251,10 +251,10 @@ function matrix_generate_homeserver_file {
} }
function matrix_configure_homeserver_yaml { function matrix_configure_homeserver_yaml {
local turnkey="${1}" turnkey="${1}"
local filepath="${2}" filepath="${2}"
local ymltemp="$(mktemp)" ymltemp="$(mktemp)"
awk -v TURNURIES="turn_uris: [\"turn:${MATRIX_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \ awk -v TURNURIES="turn_uris: [\"turn:${MATRIX_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
-v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \ -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
@ -272,7 +272,7 @@ function matrix_configure_homeserver_yaml {
print; print;
}' "${filepath}" > "${ymltemp}" }' "${filepath}" > "${ymltemp}"
mv ${ymltemp} "${filepath}" mv "${ymltemp}" "${filepath}"
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}" sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}"
@ -307,9 +307,10 @@ function matrix_diff {
REPORT_STATS="${REPORT_STATS:-no_or_yes}" REPORT_STATS="${REPORT_STATS:-no_or_yes}"
export MATRIX_DOMAIN_NAME REPORT_STATS export MATRIX_DOMAIN_NAME REPORT_STATS
matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml matrix_generate_synapse_file "$INSTALL_DIR/homeserver.synapse.yaml"
diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml # shellcheck disable=SC2086
rm $INSTALL_DIR/homeserver.synapse.yaml diff -${DIFFPARAMS} "$INSTALL_DIR/homeserver.synapse.yaml" "${MATRIX_DATA_DIR}/homeserver.yaml"
rm "$INSTALL_DIR/homeserver.synapse.yaml"
} }
function matrix_generate { function matrix_generate {
@ -334,15 +335,15 @@ function create_matrix_user_removal_script {
read_config_param MATRIX_DOMAIN_NAME read_config_param MATRIX_DOMAIN_NAME
matrix_remove_user=/usr/bin/matrix-remove-user matrix_remove_user=/usr/bin/matrix-remove-user
echo '#!/bin/bash' > $matrix_remove_user { echo '#!/bin/bash';
echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_user echo "cd $MATRIX_DATA_DIR";
echo 'remove_username=$1' >> $matrix_remove_user echo "remove_username=\$1";
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_user echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_user echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_user echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_user echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x' >> $matrix_remove_user echo 'set -x';
echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'" >> $matrix_remove_user echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'"; } > $matrix_remove_user
chmod +x $matrix_remove_user chmod +x $matrix_remove_user
} }
@ -351,7 +352,7 @@ function remove_user_matrix {
remove_username="$1" remove_username="$1"
create_matrix_user_removal_script create_matrix_user_removal_script
${PROJECT_NAME}-pass -u $remove_username --rmapp matrix "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp matrix
$matrix_remove_user "$remove_username" $matrix_remove_user "$remove_username"
} }
@ -362,7 +363,7 @@ function add_user_matrix {
read_config_param MY_USERNAME read_config_param MY_USERNAME
read_config_param MATRIX_DOMAIN_NAME read_config_param MATRIX_DOMAIN_NAME
${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a matrix -p "$new_user_password"
if [[ "$new_username" != "$MY_USERNAME" ]]; then if [[ "$new_username" != "$MY_USERNAME" ]]; then
echo 'no' | register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" http://localhost:${MATRIX_PORT} echo 'no' | register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" http://localhost:${MATRIX_PORT}
@ -373,7 +374,7 @@ function add_user_matrix {
} }
function install_interactive_matrix { function install_interactive_matrix {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -393,7 +394,7 @@ function install_interactive_matrix {
} }
function change_password_matrix { function change_password_matrix {
curr_username="$1" #curr_username="$1"
new_user_password="$2" new_user_password="$2"
#${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password" #${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password"
@ -418,7 +419,7 @@ function upgrade_matrix {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
cd /etc/matrix cd /etc/matrix || exit 62476724
pip install --upgrade --process-dependency-links . pip install --upgrade --process-dependency-links .
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
@ -467,6 +468,7 @@ function restore_local_matrix {
else else
cp -r $temp_restore_dir/* /etc/matrix/ cp -r $temp_restore_dir/* /etc/matrix/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive function_check backup_unmount_drive
backup_unmount_drive backup_unmount_drive
@ -482,6 +484,7 @@ function restore_local_matrix {
else else
cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/ cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive function_check backup_unmount_drive
backup_unmount_drive backup_unmount_drive
@ -490,7 +493,7 @@ function restore_local_matrix {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
chown -R matrix:matrix $MATRIX_DATA_DIR chown -R matrix:matrix $MATRIX_DATA_DIR
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
fi fi
@ -532,6 +535,7 @@ function restore_remote_matrix {
else else
cp -r $temp_restore_dir/* /etc/matrix/ cp -r $temp_restore_dir/* /etc/matrix/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 38935 exit 38935
fi fi
@ -545,6 +549,7 @@ function restore_remote_matrix {
else else
cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/ cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 60923 exit 60923
fi fi
@ -581,7 +586,7 @@ function remove_matrix {
fi fi
systemctl daemon-reload systemctl daemon-reload
apt-get -y remove --purge coturn apt-get -y remove --purge coturn
cd /etc/matrix cd /etc/matrix || exit 26472462
pip uninstall . pip uninstall .
rm -rf $MATRIX_DATA_DIR rm -rf $MATRIX_DATA_DIR
rm -rf /etc/matrix rm -rf /etc/matrix
@ -596,7 +601,7 @@ function remove_matrix {
systemctl restart nginx systemctl restart nginx
remove_completion_param install_matrix remove_completion_param install_matrix
sed -i '/matrix/d' $COMPLETION_FILE sed -i '/matrix/d' "$COMPLETION_FILE"
rm /etc/avahi/services/matrix.service rm /etc/avahi/services/matrix.service
systemctl restart avahi-daemon systemctl restart avahi-daemon
@ -608,7 +613,7 @@ function install_home_server {
if [ -d /repos/matrix ]; then if [ -d /repos/matrix ]; then
mkdir /etc/matrix mkdir /etc/matrix
cp -r -p /repos/matrix/. /etc/matrix cp -r -p /repos/matrix/. /etc/matrix
cd /etc/matrix cd /etc/matrix || exit 2324962946
git pull git pull
else else
function_check git_clone function_check git_clone
@ -621,18 +626,17 @@ function install_home_server {
fi fi
fi fi
cd /etc/matrix cd /etc/matrix || exit 7385452724
git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
set_completion_param "matrix commit" "$MATRIX_COMMIT" set_completion_param "matrix commit" "$MATRIX_COMMIT"
if [ ! -d $INSTALL_DIR/matrix ]; then if [ ! -d "$INSTALL_DIR/matrix" ]; then
mkdir -p $INSTALL_DIR/matrix mkdir -p "$INSTALL_DIR/matrix"
fi fi
rm -rf /usr/local/lib/python2.7/dist-packages/ldap* rm -rf /usr/local/lib/python2.7/dist-packages/ldap*
if [ -d $INSTALL_DIR/matrix ]; then if [ -d "$INSTALL_DIR/matrix" ]; then
rm -rf $INSTALL_DIR/matrix/* rm -rf "$INSTALL_DIR/matrix/*"
fi fi
pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix if ! pip install --upgrade --process-dependency-links . -b "$INSTALL_DIR/matrix"; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install matrix home server' echo $'Failed to install matrix home server'
exit 782542 exit 782542
fi fi
@ -653,11 +657,6 @@ function install_home_server {
function_check matrix_generate function_check matrix_generate
matrix_generate matrix_generate
if [[ -z ${MATRIX_DATA_DIR}/homeserver.yaml ]]; then
echo $'homeserver.yaml is zero size'
exit 783724
fi
# Disable the web client # Disable the web client
sed -i 's|web_client:.*|web_client: False|g' $MATRIX_DATA_DIR/homeserver.yaml sed -i 's|web_client:.*|web_client: False|g' $MATRIX_DATA_DIR/homeserver.yaml
sed -i 's|, webclient||g' $MATRIX_DATA_DIR/homeserver.yaml sed -i 's|, webclient||g' $MATRIX_DATA_DIR/homeserver.yaml
@ -669,20 +668,20 @@ function install_home_server {
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
echo '[Unit]' > /etc/systemd/system/matrix.service { echo '[Unit]';
echo 'Description=Synapse Matrix homeserver' >> /etc/systemd/system/matrix.service echo 'Description=Synapse Matrix homeserver';
echo 'After=network.target nginx.target' >> /etc/systemd/system/matrix.service echo 'After=network.target nginx.target';
echo '' >> /etc/systemd/system/matrix.service echo '';
echo '[Service]' >> /etc/systemd/system/matrix.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/matrix.service echo 'Type=simple';
echo 'User=matrix' >> /etc/systemd/system/matrix.service echo 'User=matrix';
echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service echo "WorkingDirectory=/etc/matrix";
echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml";
echo 'Restart=on-failure' >> /etc/systemd/system/matrix.service echo 'Restart=on-failure';
echo 'RestartSec=10' >> /etc/systemd/system/matrix.service echo 'RestartSec=10';
echo '' >> /etc/systemd/system/matrix.service echo '';
echo '[Install]' >> /etc/systemd/system/matrix.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/matrix.service
systemctl enable matrix systemctl enable matrix
systemctl daemon-reload systemctl daemon-reload
systemctl start matrix systemctl start matrix
@ -701,18 +700,19 @@ function install_home_server {
fi fi
chmod -R 700 $MATRIX_DATA_DIR/homeserver.db chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
cd $MATRIX_DATA_DIR cd "$MATRIX_DATA_DIR" || exit 365856835
sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;" sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;"
MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}) #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
systemctl restart tor systemctl restart tor
if [ ! ${MATRIX_PASSWORD} ]; then if [ ! "${MATRIX_PASSWORD}" ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" MATRIX_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" MATRIX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
@ -733,8 +733,8 @@ function install_matrix {
check_ram_availability 1500 check_ram_availability 1500
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p $INSTALL_DIR mkdir -p "$INSTALL_DIR"
fi fi
if [[ ${ONION_ONLY} == 'no' ]]; then if [[ ${ONION_ONLY} == 'no' ]]; then
@ -806,19 +806,19 @@ function install_matrix {
set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME" set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME"
# Add avahi services # Add avahi services
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/matrix.service { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/matrix.service echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>' >> /etc/avahi/services/matrix.service echo '<service-group>';
echo ' <name replace-wildcards="yes">%h MATRIX</name>' >> /etc/avahi/services/matrix.service echo ' <name replace-wildcards="yes">%h MATRIX</name>';
echo ' <service>' >> /etc/avahi/services/matrix.service echo ' <service>';
echo ' <type>_matrix._tcp</type>' >> /etc/avahi/services/matrix.service echo ' <type>_matrix._tcp</type>';
echo " <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service echo " <port>$MATRIX_HTTP_PORT</port>";
echo ' </service>' >> /etc/avahi/services/matrix.service echo ' </service>';
echo ' <service>' >> /etc/avahi/services/matrix.service echo ' <service>';
echo ' <type>_matrix._udp</type>' >> /etc/avahi/services/matrix.service echo ' <type>_matrix._udp</type>';
echo " <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service echo " <port>$MATRIX_HTTP_PORT</port>";
echo ' </service>' >> /etc/avahi/services/matrix.service echo ' </service>';
echo '</service-group>' >> /etc/avahi/services/matrix.service echo '</service-group>'; } > /etc/avahi/services/matrix.service
systemctl restart avahi-daemon systemctl restart avahi-daemon

View File

@ -71,7 +71,7 @@ function mediagoblin_fix_email {
if ! grep -q 'import os' $mgfile; then if ! grep -q 'import os' $mgfile; then
sed -i '/import sys/a import os' $mgfile sed -i '/import sys/a import os' $mgfile
fi fi
sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \\| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
} }
function install_interactive_mediagoblin { function install_interactive_mediagoblin {
@ -92,7 +92,7 @@ function configure_interactive_mediagoblin {
dialog --title $"Mediagoblin" \ dialog --title $"Mediagoblin" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nAllow registration of new users?" 10 60 --yesno $"\\nAllow registration of new users?" 10 60
sel=$? sel=$?
case $sel in case $sel in
0) 0)
@ -139,7 +139,7 @@ function reconfigure_mediagoblin {
} }
function upgrade_mediagoblin { function upgrade_mediagoblin {
CURR_MEDIAGOBLIN_COMMIT=$(cat $COMPLETION_FILE | grep "mediagoblin commit" | awk -F ':' '{print $2}') CURR_MEDIAGOBLIN_COMMIT=$(grep "mediagoblin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then
MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin
@ -182,6 +182,7 @@ function restore_local_mediagoblin {
else else
cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/ cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb function_check restore_directory_from_usb
set_user_permissions set_user_permissions
@ -195,6 +196,7 @@ function restore_local_mediagoblin {
else else
cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/ cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -214,24 +216,25 @@ function backup_remote_mediagoblin {
MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
if [ -d /etc/mediagoblin ]; then if [ -d /etc/mediagoblin ]; then
echo $"Backing up mediagoblin" echo $"Backing up mediagoblin"
backup_directory_to_friend $MEDIAGOBLIN_BASE_DIR mediagoblin backup_directory_to_friend "$MEDIAGOBLIN_BASE_DIR" mediagoblin
backup_directory_to_friend /var/lib/mediagoblin mediagoblindata backup_directory_to_friend /var/lib/mediagoblin mediagoblindata
fi fi
} }
function restore_remote_mediagoblin { function restore_remote_mediagoblin {
MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then if [ -d "$SERVER_DIRECTORY/backup/mediagoblin" ]; then
temp_restore_dir=/root/tempmediagoblin temp_restore_dir=/root/tempmediagoblin
function_check get_completion_param function_check get_completion_param
MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain") MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain")
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir mediagoblin restore_directory_from_friend $temp_restore_dir mediagoblin
if [ -d ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR ]; then if [ -d "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR" ]; then
cp -r ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/* $MEDIAGOBLIN_BASE_DIR/ cp -r "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/*" "$MEDIAGOBLIN_BASE_DIR/"
else else
cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/ cp -r "${temp_restore_dir}/*" "$MEDIAGOBLIN_BASE_DIR/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 264824 exit 264824
fi fi
@ -241,12 +244,13 @@ function restore_remote_mediagoblin {
else else
cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/ cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 268492 exit 268492
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
rm -rf ${temp_restore_dir}2 rm -rf ${temp_restore_dir}2
chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
chown -hR mediagoblin:www-data /var/lib/mediagoblin chown -hR mediagoblin:www-data /var/lib/mediagoblin
chmod -R g+wx /var/lib/mediagoblin chmod -R g+wx /var/lib/mediagoblin
fi fi
@ -264,17 +268,17 @@ function remove_mediagoblin {
function_check remove_onion_service function_check remove_onion_service
remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT} remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
nginx_dissite $MEDIAGOBLIN_DOMAIN_NAME nginx_dissite "$MEDIAGOBLIN_DOMAIN_NAME"
remove_certs $MEDIAGOBLIN_DOMAIN_NAME remove_certs "$MEDIAGOBLIN_DOMAIN_NAME"
if [ -d /var/lib/mediagoblin ]; then if [ -d /var/lib/mediagoblin ]; then
rm -rf /var/lib/mediagoblin rm -rf /var/lib/mediagoblin
fi fi
if [ -d $MEDIAGOBLIN_BASE_DIR ]; then if [ -d "$MEDIAGOBLIN_BASE_DIR" ]; then
rm -rf $MEDIAGOBLIN_BASE_DIR rm -rf "$MEDIAGOBLIN_BASE_DIR"
fi fi
remove_completion_param "install_mediagoblin" remove_completion_param "install_mediagoblin"
remove_completion_param "mediagoblin domain" remove_completion_param "mediagoblin domain"
sed -i '/mediagoblin/d' $COMPLETION_FILE sed -i '/mediagoblin/d' "$COMPLETION_FILE"
remove_nodejs mediagoblin remove_nodejs mediagoblin
@ -282,11 +286,11 @@ function remove_mediagoblin {
userdel -r mediagoblin userdel -r mediagoblin
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME remove_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
} }
function install_mediagoblin { function install_mediagoblin {
if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then if [ ! "$MEDIAGOBLIN_DOMAIN_NAME" ]; then
return return
fi fi
@ -304,17 +308,17 @@ function install_mediagoblin {
useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
usermod --append -G mediagoblin mediagoblin usermod --append -G mediagoblin mediagoblin
mkdir -p /var/lib/mediagoblin mkdir -p /var/lib/mediagoblin
mkdir -p $MEDIAGOBLIN_BASE_DIR mkdir -p "$MEDIAGOBLIN_BASE_DIR"
chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
chown -hR mediagoblin:www-data /var/lib/mediagoblin chown -hR mediagoblin:www-data /var/lib/mediagoblin
chmod -R g+wx /var/lib/mediagoblin chmod -R g+wx /var/lib/mediagoblin
if [ -d /repos/mediagoblin ]; then if [ -d /repos/mediagoblin ]; then
mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin mkdir -p "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin cp -r -p /repos/mediagoblin/. "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
cd $MEDIAGOBLIN_BASE_DIR/mediagoblin cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 347593563
git pull git pull
chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin chown -R mediagoblin:mediagoblin "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
else else
su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
fi fi
@ -340,7 +344,7 @@ function install_mediagoblin {
gstreamer1.0-plugins-ugly \ gstreamer1.0-plugins-ugly \
gstreamer1.0-libav \ gstreamer1.0-libav \
python-gst-1.0 python3-gst-1.0 python-gst-1.0 python3-gst-1.0
cd $MEDIAGOBLIN_BASE_DIR/mediagoblin cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 76345672472
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin
# Audio plugin # Audio plugin
@ -349,14 +353,14 @@ function install_mediagoblin {
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
MEDIAGOBLIN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" MEDIAGOBLIN_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $MEDIAGOBLIN_ADMIN_PASSWORD ]; then if [ ! "$MEDIAGOBLIN_ADMIN_PASSWORD" ]; then
MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT}) MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}" set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}"
@ -365,157 +369,157 @@ function install_mediagoblin {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME nginx_http_redirect "$MEDIAGOBLIN_DOMAIN_NAME"
echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' include /etc/nginx/mime.types;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' autoindex off;';
echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' default_type application/octet-stream;';
echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' sendfile on;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME { echo '';
echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_header_timeout 10m;';
echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_body_timeout 10m;';
echo ' send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' send_timeout 10m;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_read_timeout 600;';
echo ' fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_send_timeout 600;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip on;';
echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip_min_length 1024;';
echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip_buffers 4 32k;';
echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' error_log /dev/null;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /mgoblin_static/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /mgoblin_media/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /theme_static/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /plugin_static/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location / {';
echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
echo ' include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' include /etc/nginx/fastcgi_params;';
echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " fastcgi_param PATH_INFO \$fastcgi_script_name;";
echo ' fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_param SCRIPT_NAME "";';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
else else
echo -n '' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo -n '' > "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
fi fi
echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;";
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' include /etc/nginx/mime.types;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' autoindex off;';
echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' default_type application/octet-stream;';
echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' sendfile on;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME { echo '';
echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_header_timeout 10m;';
echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_body_timeout 10m;';
echo ' send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' send_timeout 10m;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_read_timeout 600;';
echo ' fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_send_timeout 600;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip on;';
echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip_min_length 1024;';
echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip_buffers 4 32k;';
echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' error_log /dev/null;';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /mgoblin_static/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /mgoblin_media/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /theme_static/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location /plugin_static/ {';
echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '';
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location / {';
echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
echo ' include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' include /etc/nginx/fastcgi_params;';
echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " fastcgi_param PATH_INFO \$fastcgi_script_name;";
echo ' fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_param SCRIPT_NAME "";';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
echo '[Unit]' > /etc/systemd/system/mediagoblin.service { echo '[Unit]';
echo 'Description=Media service' >> /etc/systemd/system/mediagoblin.service echo 'Description=Media service';
echo 'Requires=network.target' >> /etc/systemd/system/mediagoblin.service echo 'Requires=network.target';
echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service echo 'After=network.target';
echo '' >> /etc/systemd/system/mediagoblin.service echo '';
echo '[Service]' >> /etc/systemd/system/mediagoblin.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service echo 'Type=simple';
echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service echo 'User=mediagoblin';
echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service echo 'Group=mediagoblin';
echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/" >> /etc/systemd/system/mediagoblin.service echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/";
echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT" >> /etc/systemd/system/mediagoblin.service echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT";
echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true" >> /etc/systemd/system/mediagoblin.service echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true";
echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service echo 'Restart=always';
echo 'RestartSec=10' >> /etc/systemd/system/mediagoblin.service echo 'RestartSec=10';
echo '' >> /etc/systemd/system/mediagoblin.service echo '';
echo '[Install]' >> /etc/systemd/system/mediagoblin.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mediagoblin.service
chmod +x /etc/systemd/system/mediagoblin.service chmod +x /etc/systemd/system/mediagoblin.service
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin
sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini sed -i 's|email_debug_mode.*|email_debug_mode = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini sed -i 's|allow_reporting.*|allow_reporting = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then if ! grep -q '[[[skip_transcode]]]' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"; then
echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini { echo '[[[skip_transcode]]]';
echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex';
echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini echo 'container_formats = Matroska, Ogg, ISO MP4/M4A';
echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video';
echo 'audio_codecs = Vorbis, MPEG-4 AAC' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini echo 'audio_codecs = Vorbis, MPEG-4 AAC';
echo 'dimensions_match = false' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini echo 'dimensions_match = false'; } >> "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
fi fi
systemctl enable mediagoblin systemctl enable mediagoblin
@ -529,18 +533,18 @@ function install_mediagoblin {
fi fi
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME 'yes' create_site_certificate "$MEDIAGOBLIN_DOMAIN_NAME" 'yes'
function_check configure_php function_check configure_php
configure_php configure_php
nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME nginx_ensite "$MEDIAGOBLIN_DOMAIN_NAME"
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME add_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
chown -hR mediagoblin:www-data /var/lib/mediagoblin chown -hR mediagoblin:www-data /var/lib/mediagoblin
chmod -R g+wx /var/lib/mediagoblin chmod -R g+wx /var/lib/mediagoblin

View File

@ -58,19 +58,19 @@ function logging_off_movim {
function remove_user_movim { function remove_user_movim {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp movim "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp movim
} }
function add_user_movim { function add_user_movim {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a movim -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a movim -p "$new_user_password"
echo '0' echo '0'
} }
function install_interactive_movim { function install_interactive_movim {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -80,39 +80,38 @@ function install_interactive_movim {
MOVIM_DETAILS_COMPLETE= MOVIM_DETAILS_COMPLETE=
while [ ! $MOVIM_DETAILS_COMPLETE ] while [ ! $MOVIM_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Movim Configuration" \ --title $"Movim Configuration" \
--form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \ --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
$"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ $"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Movim Configuration" \ --title $"Movim Configuration" \
--form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \ --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
$"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) exit 1;;
255) exit 1;; 255) exit 1;;
esac esac
MOVIM_DOMAIN_NAME=$(cat $data | sed -n 1p) MOVIM_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $MOVIM_DOMAIN_NAME ]; then if [ "$MOVIM_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $MOVIM_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$MOVIM_DOMAIN_NAME" ]]; then
MOVIM_DOMAIN_NAME= MOVIM_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
MOVIM_CODE=$(cat $data | sed -n 2p) MOVIM_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$MOVIM_CODE" validate_freedns_code "$MOVIM_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
MOVIM_DOMAIN_NAME= MOVIM_DOMAIN_NAME=
fi fi
fi fi
@ -121,6 +120,7 @@ function install_interactive_movim {
if [ $MOVIM_DOMAIN_NAME ]; then if [ $MOVIM_DOMAIN_NAME ]; then
MOVIM_DETAILS_COMPLETE="yes" MOVIM_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file
@ -136,23 +136,23 @@ function change_password_movim {
read_config_param 'MOVIM_DOMAIN_NAME' read_config_param 'MOVIM_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a movim -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a movim -p "$new_user_password"
} }
function movim_create_database { function movim_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
MOVIM_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" MOVIM_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $MOVIM_ADMIN_PASSWORD ]; then if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
MOVIM_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" MOVIM_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $MOVIM_ADMIN_PASSWORD ]; then if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database movim "$MOVIM_ADMIN_PASSWORD" $MY_USERNAME create_database movim "$MOVIM_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_movim { function reconfigure_movim {
@ -165,35 +165,35 @@ function upgrade_movim {
return return
fi fi
if grep -q "movim domain" $COMPLETION_FILE; then if grep -q "movim domain" "$COMPLETION_FILE"; then
MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$MOVIM_DOMAIN_NAME/htdocs "movim commit" "$MOVIM_COMMIT" $MOVIM_REPO set_repo_commit "/var/www/$MOVIM_DOMAIN_NAME/htdocs" "movim commit" "$MOVIM_COMMIT" "$MOVIM_REPO"
cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 6734824522
php composer.phar install php composer.phar install
php mud.php db --set php mud.php db --set
chown -R www-data:www-data /var/www/${MOVIM_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
} }
function backup_local_movim { function backup_local_movim {
MOVIM_DOMAIN_NAME='movim' MOVIM_DOMAIN_NAME='movim'
if grep -q "movim domain" $COMPLETION_FILE; then if grep -q "movim domain" "$COMPLETION_FILE"; then
MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
fi fi
source_directory=/var/www/${MOVIM_DOMAIN_NAME}/htdocs source_directory="/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=movim dest_directory=movim
function_check suspend_site function_check suspend_site
suspend_site ${MOVIM_DOMAIN_NAME} suspend_site "${MOVIM_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb movim backup_database_to_usb movim
@ -204,28 +204,28 @@ function backup_local_movim {
} }
function restore_local_movim { function restore_local_movim {
if ! grep -q "movim domain" $COMPLETION_FILE; then if ! grep -q "movim domain" "$COMPLETION_FILE"; then
return return
fi fi
MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
if [ $MOVIM_DOMAIN_NAME ]; then if [ "$MOVIM_DOMAIN_NAME" ]; then
echo $"Restoring movim" echo $"Restoring movim"
temp_restore_dir=/root/tempmovim temp_restore_dir=/root/tempmovim
movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
# stop the daemons # stop the daemons
cd $movim_dir cd "$movim_dir" || exit 7856724252
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
function_check movim_create_database function_check movim_create_database
movim_create_database movim_create_database
restore_database movim ${MOVIM_DOMAIN_NAME} restore_database movim "${MOVIM_DOMAIN_NAME}"
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 2468724682
sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php
MARIADB_PASSWORD= MARIADB_PASSWORD=
@ -234,18 +234,18 @@ function restore_local_movim {
} }
function backup_remote_movim { function backup_remote_movim {
if grep -q "movim domain" $COMPLETION_FILE; then if grep -q "movim domain" "$COMPLETION_FILE"; then
MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
function_check suspend_site function_check suspend_site
suspend_site ${MOVIM_DOMAIN_NAME} suspend_site "${MOVIM_DOMAIN_NAME}"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend movim backup_database_to_friend movim
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir movim backup_directory_to_friend "$temp_backup_dir" movim
function_check restart_site function_check restart_site
restart_site restart_site
@ -256,25 +256,25 @@ function backup_remote_movim {
} }
function restore_remote_movim { function restore_remote_movim {
if grep -q "movim domain" $COMPLETION_FILE; then if grep -q "movim domain" "$COMPLETION_FILE"; then
echo $"Restoring movim" echo $"Restoring movim"
MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
# stop the daemons # stop the daemons
cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 524792846827
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
function_check movim_create_database function_check movim_create_database
movim_create_database movim_create_database
function_check restore_database_from_friend function_check restore_database_from_friend
restore_database_from_friend movim ${MOVIM_DOMAIN_NAME} restore_database_from_friend movim "${MOVIM_DOMAIN_NAME}"
if [ -d /root/tempmovim ]; then if [ -d /root/tempmovim ]; then
rm -rf /root/tempmovim rm -rf /root/tempmovim
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 4242462487
sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php
MARIADB_PASSWORD= MARIADB_PASSWORD=
@ -298,14 +298,14 @@ function remove_movim {
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $MOVIM_DOMAIN_NAME" echo "Removing $MOVIM_DOMAIN_NAME"
nginx_dissite $MOVIM_DOMAIN_NAME nginx_dissite "$MOVIM_DOMAIN_NAME"
remove_certs $MOVIM_DOMAIN_NAME remove_certs "$MOVIM_DOMAIN_NAME"
if [ -d /var/www/$MOVIM_DOMAIN_NAME ]; then if [ -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
rm -rf /var/www/$MOVIM_DOMAIN_NAME rm -rf "/var/www/$MOVIM_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME rm "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database movim drop_database movim
@ -316,15 +316,15 @@ function remove_movim {
fi fi
remove_app movim remove_app movim
remove_completion_param install_movim remove_completion_param install_movim
sed -i '/movim/d' $COMPLETION_FILE sed -i '/movim/d' "$COMPLETION_FILE"
remove_backup_database_local movim remove_backup_database_local movim
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $MOVIM_DOMAIN_NAME remove_ddns_domain "$MOVIM_DOMAIN_NAME"
} }
function install_movim { function install_movim {
if [ ! $MOVIM_DOMAIN_NAME ]; then if [ ! "$MOVIM_DOMAIN_NAME" ]; then
echo $'No domain name was given for movim' echo $'No domain name was given for movim'
exit 72572 exit 72572
fi fi
@ -333,7 +333,7 @@ function install_movim {
return return
fi fi
movim_hourly_script movim $MOVIM_DOMAIN_NAME movim_hourly_script movim "$MOVIM_DOMAIN_NAME"
function_check install_mariadb function_check install_mariadb
install_mariadb install_mariadb
@ -347,221 +347,221 @@ function install_movim {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
mkdir /var/www/$MOVIM_DOMAIN_NAME mkdir "/var/www/$MOVIM_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/movim ]; then if [ -d /repos/movim ]; then
mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs mkdir "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs cp -r -p /repos/movim/. "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 3768568325
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs git_clone "$MOVIM_REPO" "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone movim repo' echo $'Unable to clone movim repo'
exit 76285 exit 76285
fi fi
fi fi
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 7345247242
git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT
set_completion_param "movim commit" "$MOVIM_COMMIT" set_completion_param "movim commit" "$MOVIM_COMMIT"
# default login # default login
if [ ! -f /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php ]; then if [ ! -f "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" ]; then
echo $'Unable to find Config.php' echo $'Unable to find Config.php'
exit 72352 exit 72352
fi fi
sed -i "s|'admin'|'${MY_USERNAME}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php sed -i "s|'admin'|'${MY_USERNAME}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
# Fix typo # Fix typo
sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 784368245224
install_composer install_composer
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 6428764224
cp db.example.inc.php db.inc.php cp db.example.inc.php db.inc.php
sed -i "s|'username'.*|'username' => 'root',|g" db.inc.php sed -i "s|'username'.*|'username' => 'root',|g" db.inc.php
sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php
sed -i "s|'database'.*|'database' => 'movim'|g" db.inc.php sed -i "s|'database'.*|'database' => 'movim'|g" db.inc.php
php mud.php db --set php mud.php db --set
chmod u+rwx /var/www/$MOVIM_DOMAIN_NAME/htdocs chmod u+rwx "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
chown -R www-data:www-data /var/www/$MOVIM_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
function_check movim_create_database function_check movim_create_database
movim_create_database movim_create_database
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $MOVIM_DOMAIN_NAME add_ddns_domain "$MOVIM_DOMAIN_NAME"
MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT}) MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT})
echo '[Unit]' > /etc/systemd/system/movim.service { echo '[Unit]';
echo 'Description=Movim daemon' >> /etc/systemd/system/movim.service echo 'Description=Movim daemon';
echo 'After=network.target nginx.target' >> /etc/systemd/system/movim.service echo 'After=network.target nginx.target';
echo '' >> /etc/systemd/system/movim.service echo '';
echo '[Service]' >> /etc/systemd/system/movim.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/movim.service echo 'Type=simple';
echo 'User=www-data' >> /etc/systemd/system/movim.service echo 'User=www-data';
echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs" >> /etc/systemd/system/movim.service echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs"; } > /etc/systemd/system/movim.service
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
else else
echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
fi fi
echo 'StandardOutput=syslog' >> /etc/systemd/system/movim.service { echo 'StandardOutput=syslog';
echo 'SyslogIdentifier=movim' >> /etc/systemd/system/movim.service echo 'SyslogIdentifier=movim';
echo 'PIDFile=/run/movim.pid' >> /etc/systemd/system/movim.service echo 'PIDFile=/run/movim.pid';
echo 'Restart=on-failure' >> /etc/systemd/system/movim.service echo 'Restart=on-failure';
echo 'RestartSec=10' >> /etc/systemd/system/movim.service echo 'RestartSec=10';
echo '' >> /etc/systemd/system/movim.service echo '';
echo '[Install]' >> /etc/systemd/system/movim.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/movim.service echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/movim.service
systemctl enable movim systemctl enable movim
systemctl daemon-reload systemctl daemon-reload
movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $MOVIM_DOMAIN_NAME "index index.php" nginx_http_redirect "$MOVIM_DOMAIN_NAME" "index index.php"
echo 'server {' >> $movim_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $movim_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $movim_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site echo " server_name $MOVIM_DOMAIN_NAME;";
echo '' >> $movim_nginx_site echo ''; } >> "$movim_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $MOVIM_DOMAIN_NAME nginx_compress "$MOVIM_DOMAIN_NAME"
echo '' >> $movim_nginx_site echo '' >> "$movim_nginx_site"
echo ' # Security' >> $movim_nginx_site echo ' # Security' >> "$movim_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $MOVIM_DOMAIN_NAME nginx_ssl "$MOVIM_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MOVIM_DOMAIN_NAME nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $movim_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $movim_nginx_site echo '';
echo ' # Logs' >> $movim_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $movim_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $movim_nginx_site echo ' error_log /dev/null;';
echo '' >> $movim_nginx_site echo '';
echo ' # Root' >> $movim_nginx_site echo ' # Root';
echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
echo '' >> $movim_nginx_site echo '';
echo ' # Index' >> $movim_nginx_site echo ' # Index';
echo ' index index.php;' >> $movim_nginx_site echo ' index index.php;';
echo '' >> $movim_nginx_site echo '';
echo ' # PHP' >> $movim_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $movim_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $movim_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $movim_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' # Location' >> $movim_nginx_site echo ' # Location';
echo ' location / {' >> $movim_nginx_site echo ' location / {'; } >> "$movim_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $MOVIM_DOMAIN_NAME '15m' nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @movim;' >> $movim_nginx_site { echo " try_files \$uri \$uri/ @movim;";
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' location /ws/ {' >> $movim_nginx_site echo ' location /ws/ {';
echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
echo ' proxy_http_version 1.1;' >> $movim_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "Upgrade";' >> $movim_nginx_site echo ' proxy_set_header Connection "Upgrade";';
echo ' proxy_set_header Host $host;' >> $movim_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site echo ' proxy_set_header X-Forwarded-Proto https;';
echo ' proxy_redirect off;' >> $movim_nginx_site echo ' proxy_redirect off;';
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' # Fancy URLs' >> $movim_nginx_site echo ' # Fancy URLs';
echo ' location @movim {' >> $movim_nginx_site echo ' location @movim {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $movim_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $movim_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $movim_nginx_site echo ' deny all;';
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo '}' >> $movim_nginx_site echo '}'; } >> "$movim_nginx_site"
else else
echo -n '' > $movim_nginx_site echo -n '' > "$movim_nginx_site"
fi fi
echo 'server {' >> $movim_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$MOVIM_ONION_PORT default_server;" >> $movim_nginx_site echo " listen 127.0.0.1:$MOVIM_ONION_PORT default_server;";
echo " server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site echo " server_name $MOVIM_DOMAIN_NAME;";
echo '' >> $movim_nginx_site echo ''; } >> "$movim_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $MOVIM_DOMAIN_NAME nginx_compress "$MOVIM_DOMAIN_NAME"
echo '' >> $movim_nginx_site echo '' >> "$movim_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $MOVIM_DOMAIN_NAME nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
echo '' >> $movim_nginx_site { echo '';
echo ' # Logs' >> $movim_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $movim_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $movim_nginx_site echo ' error_log /dev/null;';
echo '' >> $movim_nginx_site echo '';
echo ' # Root' >> $movim_nginx_site echo ' # Root';
echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
echo '' >> $movim_nginx_site echo '';
echo ' # Index' >> $movim_nginx_site echo ' # Index';
echo ' index index.php;' >> $movim_nginx_site echo ' index index.php;';
echo '' >> $movim_nginx_site echo '';
echo ' # PHP' >> $movim_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $movim_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $movim_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $movim_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' # Location' >> $movim_nginx_site echo ' # Location';
echo ' location / {' >> $movim_nginx_site echo ' location / {'; } >> "$movim_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $MOVIM_DOMAIN_NAME '15m' nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @movim;' >> $movim_nginx_site { echo " try_files \$uri \$uri/ @movim;";
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' location /ws/ {' >> $movim_nginx_site echo ' location /ws/ {';
echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
echo ' proxy_http_version 1.1;' >> $movim_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "Upgrade";' >> $movim_nginx_site echo ' proxy_set_header Connection "Upgrade";';
echo ' proxy_set_header Host $host;' >> $movim_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site echo ' proxy_set_header X-Forwarded-Proto https;';
echo ' proxy_redirect off;' >> $movim_nginx_site echo ' proxy_redirect off;';
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' # Fancy URLs' >> $movim_nginx_site echo ' # Fancy URLs';
echo ' location @movim {' >> $movim_nginx_site echo ' location @movim {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $movim_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $movim_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $movim_nginx_site echo ' deny all;';
echo ' }' >> $movim_nginx_site echo ' }';
echo '' >> $movim_nginx_site echo '';
echo '}' >> $movim_nginx_site echo '}'; } >> "$movim_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $MOVIM_DOMAIN_NAME 'yes' create_site_certificate "$MOVIM_DOMAIN_NAME" 'yes'
# Ensure that the database gets backed up locally, if remote # Ensure that the database gets backed up locally, if remote
# backups are not being used # backups are not being used
@ -572,9 +572,9 @@ function install_movim {
backup_database_local movim backup_database_local movim
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $MOVIM_DOMAIN_NAME nginx_ensite "$MOVIM_DOMAIN_NAME"
${PROJECT_NAME}-pass -u $MY_USERNAME -a movim -p "$MOVIM_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a movim -p "$MOVIM_ADMIN_PASSWORD"
set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME" set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"

View File

@ -86,7 +86,7 @@ function upgrade_mumble {
usermod -a -G ssl-cert mumble-server usermod -a -G ssl-cert mumble-server
fi fi
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
@ -117,17 +117,18 @@ function backup_local_mumble {
} }
function restore_local_mumble { function restore_local_mumble {
if [ -d $USB_MOUNT/backup/mumble ]; then if [ -d "$USB_MOUNT/backup/mumble" ]; then
echo $"Restoring mumble settings" echo $"Restoring mumble settings"
temp_restore_dir=/root/tempmumble temp_restore_dir=/root/tempmumble
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir voip restore_directory_from_usb $temp_restore_dir voip
restore_directory_from_usb $temp_restore_dir mumble restore_directory_from_usb $temp_restore_dir mumble
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
else else
cp -f $temp_restore_dir/mumble-server.ini /etc/ cp -f $temp_restore_dir/mumble-server.ini /etc/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -136,11 +137,12 @@ function restore_local_mumble {
backup_unmount_drive backup_unmount_drive
exit 3679 exit 3679
fi fi
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
else else
cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/ cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -171,29 +173,27 @@ function backup_remote_mumble {
} }
function restore_remote_mumble { function restore_remote_mumble {
if [ -d $SERVER_DIRECTORY/backup/mumble ]; then if [ -d "$SERVER_DIRECTORY/backup/mumble" ]; then
echo $"Restoring Mumble settings" echo $"Restoring Mumble settings"
temp_restore_dir=/root/tempmumble temp_restore_dir=/root/tempmumble
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir mumble restore_directory_from_friend $temp_restore_dir mumble
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
else else
cp -f $temp_restore_dir/mumble-server.ini /etc/ cp -f $temp_restore_dir/mumble-server.ini /etc/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 7823 exit 7823
fi fi
if [ ! "$?" = "0" ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
rm -rf $temp_restore_dir cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
exit 7823
fi
if [ $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
else else
cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/ cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 276 exit 276
@ -221,51 +221,51 @@ function remove_mumble {
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service mumble ${MUMBLE_PORT} remove_onion_service mumble ${MUMBLE_PORT}
sed -i '/mumble/d' $COMPLETION_FILE sed -i '/mumble/d' "$COMPLETION_FILE"
} }
function configure_firewall_for_mumble { function configure_firewall_for_mumble {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ $ONION_ONLY != "no" ]]; then
return return
fi fi
firewall_add Mumble ${MUMBLE_PORT} firewall_add Mumble ${MUMBLE_PORT}
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function install_mumble { function install_mumble {
apt-get -yq install mumble-server apt-get -yq install mumble-server
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
MUMBLE_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" MUMBLE_SERVER_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $MUMBLE_SERVER_PASSWORD ]; then if [ ! "$MUMBLE_SERVER_PASSWORD" ]; then
MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
if [ ${#MUMBLE_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then if [ ${#MUMBLE_SERVER_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
fi fi
if [[ ${ONION_ONLY} == 'no' ]]; then if [[ ${ONION_ONLY} == 'no' ]]; then
if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then
mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs mkdir "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
fi fi
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt"
fi fi
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" ]; then
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
fi fi
echo $'Obtaining certificate for the main domain' echo $'Obtaining certificate for the main domain'
function_check create_site_certificate function_check create_site_certificate
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam chmod 755 "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
echo $'Incorrect certificate generated' echo $'Incorrect certificate generated'
exit 78352 exit 78352
fi fi
@ -276,9 +276,9 @@ function install_mumble {
# Make an ssl cert for the server # Make an ssl cert for the server
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH "${PROJECT_NAME}-addcert" -h mumble --dhkey "$DH_KEYLENGTH"
function_check check_certificates function_check check_certificates
check_certificates mumble check_certificates mumble
fi fi
@ -318,7 +318,7 @@ function install_mumble {
echo 'allowping=False' >> /etc/mumble-server.ini echo 'allowping=False' >> /etc/mumble-server.ini
fi fi
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
else else
@ -335,7 +335,8 @@ function install_mumble {
sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini
MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}) #MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}
# turn off logs by default # turn off logs by default
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini

View File

@ -60,14 +60,14 @@ function logging_off_nextcloud {
function remove_user_nextcloud { function remove_user_nextcloud {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp nextcloud "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud
} }
function add_user_nextcloud { function add_user_nextcloud {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a nextcloud -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password"
echo '0' echo '0'
} }
@ -76,12 +76,12 @@ function change_password_nextcloud {
export OC_PASS="$2" export OC_PASS="$2"
su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username" su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username"
${PROJECT_NAME}-pass -u $curr_username -a nextcloud -p "$OC_PASS" "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS"
export OC_PASS="" export OC_PASS=""
} }
function install_interactive_nextcloud { function install_interactive_nextcloud {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -91,42 +91,40 @@ function install_interactive_nextcloud {
NEXTCLOUD_DETAILS_COMPLETE= NEXTCLOUD_DETAILS_COMPLETE=
while [ ! $NEXTCLOUD_DETAILS_COMPLETE ] while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"NextCloud Configuration" \ --title $"NextCloud Configuration" \
--form $"\nPlease enter your NextCloud details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \ --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
$"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
$"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \ $"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"NextCloud Configuration" \ --title $"NextCloud Configuration" \
--form $"\nPlease enter your NextCloud details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \ --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
$"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
NEXTCLOUD_DOMAIN_NAME=$(cat $data | sed -n 1p) NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ ${#img_url} -gt 1 ]; then if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
NEXTCLOUD_BACKGROUND_IMAGE_URL=$img_url
fi
if [ $NEXTCLOUD_DOMAIN_NAME ]; then
TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $NEXTCLOUD_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then
NEXTCLOUD_DOMAIN_NAME= NEXTCLOUD_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
NEXTCLOUD_CODE=$(cat $data | sed -n 2p) NEXTCLOUD_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$NEXTCLOUD_CODE" validate_freedns_code "$NEXTCLOUD_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
NEXTCLOUD_DOMAIN_NAME= NEXTCLOUD_DOMAIN_NAME=
fi fi
fi fi
@ -135,11 +133,12 @@ function install_interactive_nextcloud {
if [ $NEXTCLOUD_DOMAIN_NAME ]; then if [ $NEXTCLOUD_DOMAIN_NAME ]; then
NEXTCLOUD_DETAILS_COMPLETE="yes" NEXTCLOUD_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# remove any invalid characters # remove any invalid characters
if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
new_title=$(echo "$NEXTCLOUD_TITLE" | sed "s|'||g") new_title=${"$NEXTCLOUD_TITLE"//\'//}
NEXTCLOUD_TITLE="$new_title" NEXTCLOUD_TITLE="$new_title"
fi fi
@ -156,23 +155,23 @@ function change_password_nextcloud {
read_config_param ${NEXTCLOUD_DOMAIN_NAME} read_config_param ${NEXTCLOUD_DOMAIN_NAME}
${PROJECT_NAME}-pass -u "$curr_username" -a nextcloud -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password"
} }
function nextcloud_create_database { function nextcloud_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
NEXTCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
NEXTCLOUD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" $MY_USERNAME create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_nextcloud { function reconfigure_nextcloud {
@ -186,7 +185,7 @@ function configure_interactive_nextcloud {
function upgrade_nextcloud_base { function upgrade_nextcloud_base {
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985
sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all sudo -u www-data ./occ files:scan --all
@ -200,13 +199,13 @@ function upgrade_nextcloud {
return return
fi fi
if grep -q "nextcloud domain" $COMPLETION_FILE; then if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO"
upgrade_nextcloud_base upgrade_nextcloud_base
sudo -u www-data ./occ upgrade sudo -u www-data ./occ upgrade
@ -215,22 +214,22 @@ function upgrade_nextcloud {
function backup_local_nextcloud { function backup_local_nextcloud {
NEXTCLOUD_DOMAIN_NAME='nextcloud' NEXTCLOUD_DOMAIN_NAME='nextcloud'
if grep -q "nextcloud domain" $COMPLETION_FILE; then if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
fi fi
source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
function_check suspend_site function_check suspend_site
suspend_site ${NEXTCLOUD_DOMAIN_NAME} suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
dest_directory=nextcloudfiles dest_directory=nextcloudfiles
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
dest_directory=nextcloudconfig dest_directory=nextcloudconfig
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb nextcloud backup_database_to_usb nextcloud
@ -241,26 +240,26 @@ function backup_local_nextcloud {
} }
function restore_local_nextcloud { function restore_local_nextcloud {
if ! grep -q "nextcloud domain" $COMPLETION_FILE; then if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then
return return
fi fi
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
if [ $NEXTCLOUD_DOMAIN_NAME ]; then if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
temp_restore_dir=/root/tempnextcloud temp_restore_dir=/root/tempnextcloud
function_check nextcloud_create_database function_check nextcloud_create_database
nextcloud_create_database nextcloud_create_database
restore_database nextcloud ${NEXTCLOUD_DOMAIN_NAME} restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
temp_restore_dir=/root/tempnextcloudfiles temp_restore_dir=/root/tempnextcloudfiles
restore_directory_from_usb $temp_restore_dir nextcloudfiles restore_directory_from_usb $temp_restore_dir nextcloudfiles
if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/ cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
else else
cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/ cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -271,12 +270,13 @@ function restore_local_nextcloud {
temp_restore_dir=/root/tempnextcloudconfig temp_restore_dir=/root/tempnextcloudconfig
restore_directory_from_usb $temp_restore_dir nextcloudconfig restore_directory_from_usb $temp_restore_dir nextcloudconfig
if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
else else
cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/ cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -284,9 +284,9 @@ function restore_local_nextcloud {
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
cd $nextcloud_dir cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875
sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all sudo -u www-data ./occ files:scan --all
@ -294,21 +294,21 @@ function restore_local_nextcloud {
} }
function backup_remote_nextcloud { function backup_remote_nextcloud {
if grep -q "nextcloud domain" $COMPLETION_FILE; then if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
if [ -d $temp_backup_dir ]; then if [ -d "$temp_backup_dir" ]; then
function_check suspend_site function_check suspend_site
suspend_site ${NEXTCLOUD_DOMAIN_NAME} suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend nextcloud backup_database_to_friend nextcloud
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir nextclouddata backup_directory_to_friend "$temp_backup_dir" nextclouddata
temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
backup_directory_to_friend $temp_backup_dir nextcloudconfig backup_directory_to_friend "$temp_backup_dir" nextcloudconfig
function_check restart_site function_check restart_site
restart_site restart_site
@ -319,7 +319,7 @@ function backup_remote_nextcloud {
} }
function restore_remote_nextcloud { function restore_remote_nextcloud {
if grep -q "nextcloud domain" $COMPLETION_FILE; then if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
echo $"Restoring nextcloud" echo $"Restoring nextcloud"
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
@ -327,7 +327,7 @@ function restore_remote_nextcloud {
nextcloud_create_database nextcloud_create_database
function_check restore_database_from_friend function_check restore_database_from_friend
restore_database_from_friend nextcloud ${NEXTCLOUD_DOMAIN_NAME} restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
if [ -d /root/tempnextcloud ]; then if [ -d /root/tempnextcloud ]; then
rm -rf /root/tempnextcloud rm -rf /root/tempnextcloud
fi fi
@ -335,12 +335,12 @@ function restore_remote_nextcloud {
temp_restore_dir=/root/tempnextcloudfiles temp_restore_dir=/root/tempnextcloudfiles
restore_directory_from_friend $temp_restore_dir nextcloudfiles restore_directory_from_friend $temp_restore_dir nextcloudfiles
if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/ cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
else else
cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/ cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 768254 exit 768254
fi fi
@ -349,20 +349,21 @@ function restore_remote_nextcloud {
temp_restore_dir=/root/tempnextcloudconfig temp_restore_dir=/root/tempnextcloudconfig
restore_directory_from_friend $temp_restore_dir nextcloudconfig restore_directory_from_friend $temp_restore_dir nextcloudconfig
if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
else else
cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/ cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 573427 exit 573427
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824
sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all sudo -u www-data ./occ files:scan --all
@ -381,13 +382,13 @@ function remove_nextcloud {
read_config_param "NEXTCLOUD_DOMAIN_NAME" read_config_param "NEXTCLOUD_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $NEXTCLOUD_DOMAIN_NAME" echo "Removing $NEXTCLOUD_DOMAIN_NAME"
nginx_dissite $NEXTCLOUD_DOMAIN_NAME nginx_dissite "$NEXTCLOUD_DOMAIN_NAME"
remove_certs $NEXTCLOUD_DOMAIN_NAME remove_certs "$NEXTCLOUD_DOMAIN_NAME"
if [ -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
rm -rf /var/www/$NEXTCLOUD_DOMAIN_NAME rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database nextcloud drop_database nextcloud
@ -395,17 +396,17 @@ function remove_nextcloud {
remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT} remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT}
remove_app nextcloud remove_app nextcloud
remove_completion_param install_nextcloud remove_completion_param install_nextcloud
sed -i '/nextcloud/d' $COMPLETION_FILE sed -i '/nextcloud/d' "$COMPLETION_FILE"
remove_backup_database_local nextcloud remove_backup_database_local nextcloud
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
systemctl restart nginx systemctl restart nginx
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
} }
function install_nextcloud_main { function install_nextcloud_main {
if [ ! $NEXTCLOUD_DOMAIN_NAME ]; then if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then
echo $'No domain name was given for nextcloud' echo $'No domain name was given for nextcloud'
exit 7359 exit 7359
fi fi
@ -434,34 +435,34 @@ function install_nextcloud_main {
fi fi
sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/nextcloud ]; then if [ -d /repos/nextcloud ]; then
mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone nextcloud repo' echo $'Unable to clone nextcloud repo'
exit 87525 exit 87525
fi fi
fi fi
cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834
git submodule update --init git submodule update --init
git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT
set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT" set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT"
chmod g+w /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
function_check nextcloud_create_database function_check nextcloud_create_database
nextcloud_create_database nextcloud_create_database
@ -474,154 +475,154 @@ function install_nextcloud_main {
fi fi
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $NEXTCLOUD_DOMAIN_NAME add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $NEXTCLOUD_DOMAIN_NAME nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME"
echo 'server {' >> $nextcloud_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $nextcloud_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $nextcloud_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site echo " server_name $NEXTCLOUD_DOMAIN_NAME;";
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Security' >> $nextcloud_nginx_site echo ' # Security'; } >> "$nextcloud_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $NEXTCLOUD_DOMAIN_NAME mobile nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $nextcloud_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Logs' >> $nextcloud_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $nextcloud_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $nextcloud_nginx_site echo ' error_log /dev/null;';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Root' >> $nextcloud_nginx_site echo ' # Root';
echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Index' >> $nextcloud_nginx_site echo ' # Index';
echo ' index index.php;' >> $nextcloud_nginx_site echo ' index index.php;';
echo '' >> $nextcloud_nginx_site echo '';
# By default nextcloud advertises highly specific version information # By default nextcloud advertises highly specific version information
# on status.php, which can obviously be used by adversaries. # on status.php, which can obviously be used by adversaries.
# Blocking status.php prevents this information leak # Blocking status.php prevents this information leak
echo ' location = /status.php {' >> $nextcloud_nginx_site echo ' location = /status.php {';
echo ' return 404;' >> $nextcloud_nginx_site echo ' return 404;';
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # PHP' >> $nextcloud_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $nextcloud_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $nextcloud_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Location' >> $nextcloud_nginx_site echo ' # Location';
echo ' location / {' >> $nextcloud_nginx_site echo ' location / {'; } >> "$nextcloud_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m' nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site { echo " try_files \$uri \$uri/ @nextcloud;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Fancy URLs' >> $nextcloud_nginx_site echo ' # Fancy URLs';
echo ' location @nextcloud {' >> $nextcloud_nginx_site echo ' location @nextcloud {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $nextcloud_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $nextcloud_nginx_site echo ' deny all;';
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' location = /.well-known/carddav {' >> $nextcloud_nginx_site echo ' location = /.well-known/carddav {';
echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo ' location = /.well-known/caldav {' >> $nextcloud_nginx_site echo ' location = /.well-known/caldav {';
echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site echo ' location /.well-known/acme-challenge { }';
echo '}' >> $nextcloud_nginx_site echo '}'; } >> "$nextcloud_nginx_site"
else else
echo -n '' > $nextcloud_nginx_site echo -n '' > "$nextcloud_nginx_site"
fi fi
echo 'server {' >> $nextcloud_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;" >> $nextcloud_nginx_site echo " listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
echo " server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site echo " server_name $NEXTCLOUD_DOMAIN_NAME;";
echo '' >> $nextcloud_nginx_site echo ''; } >> "$nextcloud_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
echo '' >> $nextcloud_nginx_site { echo '';
echo ' # Logs' >> $nextcloud_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $nextcloud_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $nextcloud_nginx_site echo ' error_log /dev/null;';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Root' >> $nextcloud_nginx_site echo ' # Root';
echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Index' >> $nextcloud_nginx_site echo ' # Index';
echo ' index index.php;' >> $nextcloud_nginx_site echo ' index index.php;';
echo '' >> $nextcloud_nginx_site echo '';
# By default nextcloud advertises highly specific version information # By default nextcloud advertises highly specific version information
# on status.php, which can obviously be used by adversaries. # on status.php, which can obviously be used by adversaries.
# Blocking status.php prevents this information leak # Blocking status.php prevents this information leak
echo ' location = /status.php {' >> $nextcloud_nginx_site echo ' location = /status.php {';
echo ' return 404;' >> $nextcloud_nginx_site echo ' return 404;';
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # PHP' >> $nextcloud_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $nextcloud_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $nextcloud_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Location' >> $nextcloud_nginx_site echo ' # Location';
echo ' location / {' >> $nextcloud_nginx_site echo ' location / {'; } >> "$nextcloud_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m' nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site { echo " try_files \$uri \$uri/ @nextcloud;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Fancy URLs' >> $nextcloud_nginx_site echo ' # Fancy URLs';
echo ' location @nextcloud {' >> $nextcloud_nginx_site echo ' location @nextcloud {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $nextcloud_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $nextcloud_nginx_site echo ' deny all;';
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' location = /.well-known/carddav {' >> $nextcloud_nginx_site echo ' location = /.well-known/carddav {';
echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo ' location = /.well-known/caldav {' >> $nextcloud_nginx_site echo ' location = /.well-known/caldav {';
echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }' >> $nextcloud_nginx_site echo ' }';
echo '' >> $nextcloud_nginx_site echo '';
echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site echo ' location /.well-known/acme-challenge { }';
echo '}' >> $nextcloud_nginx_site echo '}'; } >> "$nextcloud_nginx_site"
sed -i 's| DENY;| SAMEORIGIN;|g' $nextcloud_nginx_site sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site"
# NextCloud doesn't like content-security-policy at all # NextCloud doesn't like content-security-policy at all
sed -i '/Content-Security-Policy/d' $nextcloud_nginx_site sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $NEXTCLOUD_DOMAIN_NAME 'yes' create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes'
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
if [ ! -f /etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem ]; then if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then
echo $'Certificate not generated for nextcloud' echo $'Certificate not generated for nextcloud'
exit 725762 exit 725762
fi fi
@ -636,31 +637,18 @@ function install_nextcloud_main {
backup_database_local nextcloud backup_database_local nextcloud
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $NEXTCLOUD_DOMAIN_NAME nginx_ensite "$NEXTCLOUD_DOMAIN_NAME"
# NOTE: For the typical case always enable SSL and only
# disable it if in onion only mode. This is due to complexities
# with the way URLs are generated by nextcloud
nextcloud_ssl='always'
if [[ $ONION_ONLY != 'no' ]]; then
nextcloud_ssl='never'
fi
NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT}) NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT})
NEXTCLOUD_SERVER=${NEXTCLOUD_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
fi
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247
if [ -d config ]; then if [ -d config ]; then
chown -R www-data:www-data config chown -R www-data:www-data config
fi fi
@ -669,7 +657,7 @@ function install_nextcloud_main {
fi fi
chmod +x occ chmod +x occ
./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}" ./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
if [ ! -d data ]; then if [ ! -d data ]; then
echo $'Nextcloud data directory was not found. This probably means that the installation failed.' echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
echo '' echo ''
@ -683,20 +671,19 @@ function install_nextcloud_main {
sudo -u www-data ./occ status sudo -u www-data ./occ status
sudo -u www-data ./occ app:list sudo -u www-data ./occ app:list
sudo -u www-data ./occ app:enable encryption sudo -u www-data ./occ app:enable encryption
sudo -u www-data ./occ encryption:enable if ! sudo -u www-data ./occ encryption:enable; then
if [ ! "$?" = "0" ]; then
echo $'Encryption not enabled' echo $'Encryption not enabled'
exit 73527 exit 73527
fi fi
sudo -u www-data ./occ encryption:status sudo -u www-data ./occ encryption:status
sudo -u www-data ./occ config:system:set appstoreenabled --value=false sudo -u www-data ./occ config:system:set appstoreenabled --value=false
chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
chmod 0644 .htaccess chmod 0644 .htaccess
chmod 0750 data chmod 0750 data
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME"
sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME"
sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all sudo -u www-data ./occ files:scan --all
sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ maintenance:repair
@ -705,8 +692,8 @@ function install_nextcloud_main {
systemctl restart mariadb systemctl restart mariadb
# move the data directory # move the data directory
mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/ mv "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME" set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME"
@ -714,7 +701,7 @@ function install_nextcloud_main {
} }
function install_nextcloud { function install_nextcloud {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi

View File

@ -55,14 +55,14 @@ peertube_variables=(PEERTUBE_DOMAIN_NAME
MY_EMAIL_ADDRESS) MY_EMAIL_ADDRESS)
function peertube_create_database { function peertube_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
PEERTUBE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
PEERTUBE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
return return
fi fi
@ -82,7 +82,8 @@ function logging_off_peertube {
} }
function remove_user_peertube { function remove_user_peertube {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_peertube { function add_user_peertube {
@ -91,14 +92,14 @@ function add_user_peertube {
return return
fi fi
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
function install_interactive_peertube { function install_interactive_peertube {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -113,15 +114,14 @@ function install_interactive_peertube {
} }
function peertube_set_admin_email { function peertube_set_admin_email {
read_config_param $MY_EMAIL_ADDRESS read_config_param "$MY_EMAIL_ADDRESS"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Set PeerTube administrator email address" \ dialog --title $"Set PeerTube administrator email address" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>$data --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) peertube_email=$(<$data) 0) peertube_email=$(<"$data")
if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then
if [ ${#peertube_email} -gt 8 ]; then if [ ${#peertube_email} -gt 8 ]; then
sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml
@ -132,13 +132,13 @@ function peertube_set_admin_email {
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function peertube_disable_signups { function peertube_disable_signups {
dialog --title $"Disable PeerTube signups" \ dialog --title $"Disable PeerTube signups" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--yesno $"\nDo you wish to disable further PeerTube signups?" 8 75 --yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75
sel=$? sel=$?
case $sel in case $sel in
0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;; 0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;;
@ -152,35 +152,36 @@ function peertube_disable_signups {
function configure_interactive_peertube { function configure_interactive_peertube {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"PeerTube" \ --title $"PeerTube" \
--radiolist $"Choose an operation:" 10 70 4 \ --radiolist $"Choose an operation:" 10 70 4 \
1 $"Set administrator email address" off \ 1 $"Set administrator email address" off \
2 $"Disable or enable signups" off \ 2 $"Disable or enable signups" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) break;;
255) break;; 255) break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) peertube_set_admin_email;; 1) peertube_set_admin_email;;
2) peertube_disable_signups;; 2) peertube_disable_signups;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
function change_password_peertube { function change_password_peertube {
PEERTUBE_USERNAME="$1" # PEERTUBE_USERNAME="$1"
PEERTUBE_PASSWORD="$2" PEERTUBE_PASSWORD="$2"
if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then
echo $'Peertube password is too short' echo $'Peertube password is too short'
return return
fi fi
#${PROJECT_NAME}-pass -u $PEERTUBE_USERNAME -a peertube -p "$PEERTUBE_PASSWORD" #"${PROJECT_NAME}-pass" -u "$PEERTUBE_USERNAME" -a peertube -p "$PEERTUBE_PASSWORD"
} }
function reconfigure_peertube { function reconfigure_peertube {
@ -195,7 +196,7 @@ function upgrade_peertube {
read_config_param PEERTUBE_DOMAIN_NAME read_config_param PEERTUBE_DOMAIN_NAME
systemctl stop peertube systemctl stop peertube
cd $PEERTUBE_DIR cd "$PEERTUBE_DIR" || exit 7824552627
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO
@ -207,7 +208,7 @@ function upgrade_peertube {
function backup_local_peertube { function backup_local_peertube {
PEERTUBE_DOMAIN_NAME='peertube.local' PEERTUBE_DOMAIN_NAME='peertube.local'
if grep -q "peertube domain" $COMPLETION_FILE; then if grep -q "peertube domain" "$COMPLETION_FILE"; then
PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
fi fi
@ -219,7 +220,7 @@ function backup_local_peertube {
peertube_path=$PEERTUBE_DIR/videos peertube_path=$PEERTUBE_DIR/videos
if [ -d $peertube_path ]; then if [ -d $peertube_path ]; then
suspend_site ${PEERTUBE_DOMAIN_NAME} suspend_site "${PEERTUBE_DOMAIN_NAME}"
systemctl stop peertube systemctl stop peertube
backup_directory_to_usb $peertube_path peertubevideos backup_directory_to_usb $peertube_path peertubevideos
systemctl start peertube systemctl start peertube
@ -229,11 +230,11 @@ function backup_local_peertube {
function restore_local_peertube { function restore_local_peertube {
PEERTUBE_DOMAIN_NAME='peertube.local' PEERTUBE_DOMAIN_NAME='peertube.local'
if grep -q "peertube domain" $COMPLETION_FILE; then if grep -q "peertube domain" "$COMPLETION_FILE"; then
PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
fi fi
if [ $PEERTUBE_DOMAIN_NAME ]; then if [ "$PEERTUBE_DOMAIN_NAME" ]; then
suspend_site ${PEERTUBE_DOMAIN_NAME} suspend_site "${PEERTUBE_DOMAIN_NAME}"
systemctl stop peertube systemctl stop peertube
USE_POSTGRESQL=1 USE_POSTGRESQL=1
@ -259,7 +260,7 @@ function restore_local_peertube {
function backup_remote_peertube { function backup_remote_peertube {
PEERTUBE_DOMAIN_NAME='peertube.local' PEERTUBE_DOMAIN_NAME='peertube.local'
if grep -q "peertube domain" $COMPLETION_FILE; then if grep -q "peertube domain" "$COMPLETION_FILE"; then
PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
fi fi
@ -272,7 +273,7 @@ function backup_remote_peertube {
temp_backup_dir=$PEERTUBE_DIR/videos temp_backup_dir=$PEERTUBE_DIR/videos
if [ -d $temp_backup_dir ]; then if [ -d $temp_backup_dir ]; then
systemctl stop peertube systemctl stop peertube
suspend_site ${PEERTUBE_DOMAIN_NAME} suspend_site "${PEERTUBE_DOMAIN_NAME}"
backup_directory_to_friend $temp_backup_dir peertubevideos backup_directory_to_friend $temp_backup_dir peertubevideos
restart_site restart_site
systemctl start peertube systemctl start peertube
@ -284,13 +285,14 @@ function backup_remote_peertube {
function restore_remote_peertube { function restore_remote_peertube {
PEERTUBE_DOMAIN_NAME='peertube.local' PEERTUBE_DOMAIN_NAME='peertube.local'
if grep -q "peertube domain" $COMPLETION_FILE; then if grep -q "peertube domain" "$COMPLETION_FILE"; then
PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
fi fi
suspend_site ${PEERTUBE_DOMAIN_NAME} suspend_site "${PEERTUBE_DOMAIN_NAME}"
systemctl stop peertube systemctl stop peertube
# shellcheck disable=SC2034
USE_POSTGRESQL=1 USE_POSTGRESQL=1
function_check restore_database_from_friend function_check restore_database_from_friend
restore_database_from_friend peertube restore_database_from_friend peertube
@ -326,20 +328,20 @@ function remove_peertube {
remove_nodejs peertube remove_nodejs peertube
read_config_param "PEERTUBE_DOMAIN_NAME" read_config_param "PEERTUBE_DOMAIN_NAME"
nginx_dissite $PEERTUBE_DOMAIN_NAME nginx_dissite "$PEERTUBE_DOMAIN_NAME"
remove_certs ${PEERTUBE_DOMAIN_NAME} remove_certs "${PEERTUBE_DOMAIN_NAME}"
if [ -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then
rm -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME"
fi fi
if [ -d /var/www/$PEERTUBE_DOMAIN_NAME ]; then if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then
rm -rf /var/www/$PEERTUBE_DOMAIN_NAME rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME"
fi fi
remove_config_param PEERTUBE_DOMAIN_NAME remove_config_param PEERTUBE_DOMAIN_NAME
remove_config_param PEERTUBE_CODE remove_config_param PEERTUBE_CODE
function_check remove_onion_service function_check remove_onion_service
remove_onion_service peertube ${PEERTUBE_ONION_PORT} remove_onion_service peertube ${PEERTUBE_ONION_PORT}
remove_completion_param "install_peertube" remove_completion_param "install_peertube"
sed -i '/peertube/d' $COMPLETION_FILE sed -i '/peertube/d' "$COMPLETION_FILE"
function_check drop_database_postgresql function_check drop_database_postgresql
drop_database_postgresql peertube peertube drop_database_postgresql peertube peertube
@ -352,188 +354,189 @@ function remove_peertube {
fi fi
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $PEERTUBE_DOMAIN_NAME remove_ddns_domain "$PEERTUBE_DOMAIN_NAME"
} }
function peertube_setup_web { function peertube_setup_web {
peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > $peertube_nginx_file { echo 'server {';
echo ' listen 80;' >> $peertube_nginx_file echo ' listen 80;';
echo ' listen [::]:80;' >> $peertube_nginx_file echo ' listen [::]:80;';
echo " server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file echo " server_name $PEERTUBE_DOMAIN_NAME;";
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $peertube_nginx_file echo " rewrite ^ https://\$server_name\$request_uri? permanent;";
echo '}' >> $peertube_nginx_file echo '}';
echo '' >> $peertube_nginx_file echo '';
echo 'server {' >> $peertube_nginx_file echo 'server {';
echo ' listen 443 ssl http2;' >> $peertube_nginx_file echo ' listen 443 ssl http2;';
echo ' #listen [::]:443 ssl http2;' >> $peertube_nginx_file echo ' #listen [::]:443 ssl http2;';
echo " server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file echo " server_name $PEERTUBE_DOMAIN_NAME;";
echo '' >> $peertube_nginx_file echo ''; } > "$peertube_nginx_file"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $PEERTUBE_DOMAIN_NAME mobile nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $PEERTUBE_DOMAIN_NAME nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $peertube_nginx_file { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $peertube_nginx_file echo '';
echo ' location / {' >> $peertube_nginx_file echo ' location / {';
echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file echo " proxy_pass http://localhost:${PEERTUBE_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $peertube_nginx_file echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $peertube_nginx_file echo '';
echo ' # For the video upload' >> $peertube_nginx_file echo ' # For the video upload';
echo ' client_max_body_size 2G;' >> $peertube_nginx_file echo ' client_max_body_size 2G;';
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo ' location /static/webseed {' >> $peertube_nginx_file echo ' location /static/webseed {';
echo " if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file echo " if (\$request_method = 'OPTIONS') {";
echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo " add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file echo " add_header 'Access-Control-Max-Age' 1728000;";
echo " add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file echo " add_header 'Content-Type' 'text/plain charset=UTF-8';";
echo " add_header 'Content-Length' 0;" >> $peertube_nginx_file echo " add_header 'Content-Length' 0;";
echo ' return 204;' >> $peertube_nginx_file echo ' return 204;';
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo " if (\$request_method = 'GET') {" >> $peertube_nginx_file echo " if (\$request_method = 'GET') {";
echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo " alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file echo " alias $PEERTUBE_DIR/videos;";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo ' # Websocket tracker' >> $peertube_nginx_file echo ' # Websocket tracker';
echo ' location /tracker/socket {' >> $peertube_nginx_file echo ' location /tracker/socket {';
echo ' # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file echo ' # Peers send a message to the tracker every 15 minutes';
echo ' # Dont close the websocket before this time' >> $peertube_nginx_file echo ' # Dont close the websocket before this time';
echo ' proxy_read_timeout 1200s;' >> $peertube_nginx_file echo ' proxy_read_timeout 1200s;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";' >> $peertube_nginx_file echo ' proxy_set_header Connection "upgrade";';
echo ' proxy_http_version 1.1;' >> $peertube_nginx_file echo ' proxy_http_version 1.1;';
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $host;' >> $peertube_nginx_file echo " proxy_set_header Host \$host;";
echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file echo " proxy_pass http://localhost:${PEERTUBE_PORT};";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '}' >> $peertube_nginx_file echo '}'; } >> "$peertube_nginx_file"
else else
echo -n '' > $peertube_nginx_file echo -n '' > "$peertube_nginx_file"
fi fi
echo 'server {' >> $peertube_nginx_file { echo 'server {';
echo " listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;" >> $peertube_nginx_file echo " listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;";
echo " server_name $PEERTUBE_ONION_HOSTNAME;" >> $peertube_nginx_file echo " server_name $PEERTUBE_ONION_HOSTNAME;";
echo '' >> $peertube_nginx_file echo '';
echo ' location / {' >> $peertube_nginx_file echo ' location / {';
echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file echo " proxy_pass http://localhost:${PEERTUBE_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $peertube_nginx_file echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $peertube_nginx_file echo '';
echo ' # For the video upload' >> $peertube_nginx_file echo ' # For the video upload';
echo ' client_max_body_size 2G;' >> $peertube_nginx_file echo ' client_max_body_size 2G;';
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo ' location /static/webseed {' >> $peertube_nginx_file echo ' location /static/webseed {';
echo " if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file echo " if (\$request_method = 'OPTIONS') {";
echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo " add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file echo " add_header 'Access-Control-Max-Age' 1728000;";
echo " add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file echo " add_header 'Content-Type' 'text/plain charset=UTF-8';";
echo " add_header 'Content-Length' 0;" >> $peertube_nginx_file echo " add_header 'Content-Length' 0;";
echo ' return 204;' >> $peertube_nginx_file echo ' return 204;';
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo " if (\$request_method = 'GET') {" >> $peertube_nginx_file echo " if (\$request_method = 'GET') {";
echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo " alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file echo " alias $PEERTUBE_DIR/videos;";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo ' # Websocket tracker' >> $peertube_nginx_file echo ' # Websocket tracker';
echo ' location /tracker/socket {' >> $peertube_nginx_file echo ' location /tracker/socket {';
echo ' # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file echo ' # Peers send a message to the tracker every 15 minutes';
echo ' # Dont close the websocket before this time' >> $peertube_nginx_file echo ' # Dont close the websocket before this time';
echo ' proxy_read_timeout 1200s;' >> $peertube_nginx_file echo ' proxy_read_timeout 1200s;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";' >> $peertube_nginx_file echo ' proxy_set_header Connection "upgrade";';
echo ' proxy_http_version 1.1;' >> $peertube_nginx_file echo ' proxy_http_version 1.1;';
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $host;' >> $peertube_nginx_file echo " proxy_set_header Host \$host;";
echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file echo " proxy_pass http://localhost:${PEERTUBE_PORT};";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '}' >> $peertube_nginx_file echo '}'; } >> "$peertube_nginx_file"
# CSP currently causes an error # CSP currently causes an error
sed -i '/Content-Security-Policy/d' $peertube_nginx_file sed -i '/Content-Security-Policy/d' "$peertube_nginx_file"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $PEERTUBE_DOMAIN_NAME 'yes' create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes'
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $PEERTUBE_DOMAIN_NAME nginx_ensite "$PEERTUBE_DOMAIN_NAME"
} }
function mesh_peertube_setup_web { function mesh_peertube_setup_web {
# shellcheck disable=SC2154
peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube
echo 'server {' >> $peertube_nginx_file { echo 'server {';
echo " listen $MESH_PEERTUBE_PORT http2;" >> $peertube_nginx_file echo " listen $MESH_PEERTUBE_PORT http2;";
echo ' listen [::]:$MESH_PEERTUBE_PORT http2;' >> $peertube_nginx_file echo " listen [::]:\$MESH_PEERTUBE_PORT http2;";
echo ' server_name $HOSTNAME;' >> $peertube_nginx_file echo " server_name \$HOSTNAME;";
echo '' >> $peertube_nginx_file echo '';
echo ' location / {' >> $peertube_nginx_file echo ' location / {';
echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file echo " proxy_pass http://localhost:${PEERTUBE_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $peertube_nginx_file echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '' >> $peertube_nginx_file echo '';
echo ' # For the video upload' >> $peertube_nginx_file echo ' # For the video upload';
echo ' client_max_body_size 2G;' >> $peertube_nginx_file echo ' client_max_body_size 2G;';
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo ' location /static/webseed {' >> $peertube_nginx_file echo ' location /static/webseed {';
echo " if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file echo " if (\$request_method = 'OPTIONS') {";
echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo " add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file echo " add_header 'Access-Control-Max-Age' 1728000;";
echo " add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file echo " add_header 'Content-Type' 'text/plain charset=UTF-8';";
echo " add_header 'Content-Length' 0;" >> $peertube_nginx_file echo " add_header 'Content-Length' 0;";
echo ' return 204;' >> $peertube_nginx_file echo ' return 204;';
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo " if (\$request_method = 'GET') {" >> $peertube_nginx_file echo " if (\$request_method = 'GET') {";
echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo " alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file echo " alias $PEERTUBE_DIR/videos;";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '' >> $peertube_nginx_file echo '';
echo ' # Websocket tracker' >> $peertube_nginx_file echo ' # Websocket tracker';
echo ' location /tracker/socket {' >> $peertube_nginx_file echo ' location /tracker/socket {';
echo ' # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file echo ' # Peers send a message to the tracker every 15 minutes';
echo ' # Dont close the websocket before this time' >> $peertube_nginx_file echo ' # Dont close the websocket before this time';
echo ' proxy_read_timeout 1200s;' >> $peertube_nginx_file echo ' proxy_read_timeout 1200s;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";' >> $peertube_nginx_file echo " proxy_set_header Connection \"upgrade\";";
echo ' proxy_http_version 1.1;' >> $peertube_nginx_file echo ' proxy_http_version 1.1;';
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $host;' >> $peertube_nginx_file echo " proxy_set_header Host \$host;";
echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file echo " proxy_pass http://localhost:${PEERTUBE_PORT};";
echo ' }' >> $peertube_nginx_file echo ' }';
echo '}' >> $peertube_nginx_file echo '}'; } > "$peertube_nginx_file"
} }
function peertube_create_config { function peertube_create_config {
@ -541,84 +544,85 @@ function peertube_create_config {
peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml
echo 'listen:' > $peertube_config_file { echo 'listen:';
echo " port: $PEERTUBE_PORT" >> $peertube_config_file echo " port: $PEERTUBE_PORT";
echo '' >> $peertube_config_file echo '';
echo '# Correspond to your reverse proxy "listen" configuration' >> $peertube_config_file echo '# Correspond to your reverse proxy "listen" configuration';
echo 'webserver:' >> $peertube_config_file echo 'webserver:'; } > "$peertube_config_file"
if [ ! $peertube_prefix ]; then if [ ! "$peertube_prefix" ]; then
if [[ $ONION_ONLY == 'no' ]]; then if [[ "$ONION_ONLY" == 'no' ]]; then
echo ' https: true' >> $peertube_config_file { echo ' https: true';
echo " hostname: '$PEERTUBE_DOMAIN_NAME'" >> $peertube_config_file echo " hostname: '$PEERTUBE_DOMAIN_NAME'";
echo ' port: 443' >> $peertube_config_file echo ' port: 443'; } >> "$peertube_config_file"
else else
echo ' https: false' >> $peertube_config_file { echo ' https: false';
echo " hostname: '$PEERTUBE_ONION_HOSTNAME'" >> $peertube_config_file echo " hostname: '$PEERTUBE_ONION_HOSTNAME'";
echo ' port: 80' >> $peertube_config_file echo ' port: 80'; } >> "$peertube_config_file"
fi fi
else else
echo ' https: false' >> $peertube_config_file { echo ' https: false';
echo " hostname: ''" >> $peertube_config_file echo " hostname: ''";
echo " port: $MESH_PEERTUBE_PORT" >> $peertube_config_file echo " port: $MESH_PEERTUBE_PORT"; } >> "$peertube_config_file"
fi fi
echo '' >> $peertube_config_file { echo '';
echo '# Your database name will be "peertube"+database.suffix' >> $peertube_config_file echo '# Your database name will be "peertube"+database.suffix';
echo 'database:' >> $peertube_config_file echo 'database:';
echo " hostname: 'localhost'" >> $peertube_config_file echo " hostname: 'localhost'";
echo ' port: 5432' >> $peertube_config_file echo ' port: 5432';
echo " suffix: ''" >> $peertube_config_file echo " suffix: ''";
echo " username: 'peertube'" >> $peertube_config_file echo " username: 'peertube'"; } >> "$peertube_config_file"
if [ ! $peertube_prefix ]; then if [ ! "$peertube_prefix" ]; then
echo " password: '$PEERTUBE_ADMIN_PASSWORD'" >> $peertube_config_file echo " password: '$PEERTUBE_ADMIN_PASSWORD'" >> "$peertube_config_file"
else else
echo " password: ''" >> $peertube_config_file echo " password: ''" >> "$peertube_config_file"
fi fi
echo '' >> $peertube_config_file { echo '';
echo '# From the project root directory' >> $peertube_config_file echo '# From the project root directory';
echo 'storage:' >> $peertube_config_file echo 'storage:';
echo " certs: 'certs/'" >> $peertube_config_file echo " certs: 'certs/'";
echo " videos: 'videos/'" >> $peertube_config_file echo " videos: 'videos/'";
echo " logs: 'logs/'" >> $peertube_config_file echo " logs: 'logs/'";
echo " previews: 'previews/'" >> $peertube_config_file echo " previews: 'previews/'";
echo " thumbnails: 'thumbnails/'" >> $peertube_config_file echo " thumbnails: 'thumbnails/'";
echo " torrents: 'torrents/'" >> $peertube_config_file echo " torrents: 'torrents/'";
echo " cache: 'cache/'" >> $peertube_config_file echo " cache: 'cache/'";
echo '' >> $peertube_config_file echo '';
echo 'cache:' >> $peertube_config_file echo 'cache:';
echo ' previews:' >> $peertube_config_file echo ' previews:';
echo ' size: 10 # Max number of previews you want to cache' >> $peertube_config_file echo ' size: 10 # Max number of previews you want to cache';
echo '' >> $peertube_config_file echo '';
echo 'admin:' >> $peertube_config_file echo 'admin:';
# This is deliberately a dummy email address # This is deliberately a dummy email address
echo " email: 'testuser@testdomain.net'" >> $peertube_config_file echo " email: 'testuser@testdomain.net'";
echo '' >> $peertube_config_file echo '';
echo 'signup:' >> $peertube_config_file echo 'signup:';
echo ' enabled: true' >> $peertube_config_file echo ' enabled: true';
echo ' limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited' >> $peertube_config_file echo ' limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited';
echo '' >> $peertube_config_file echo '';
echo 'user:' >> $peertube_config_file echo 'user:';
echo ' # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).' >> $peertube_config_file echo ' # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).';
echo ' # -1 == unlimited' >> $peertube_config_file echo ' # -1 == unlimited';
echo ' video_quota: -1' >> $peertube_config_file echo ' video_quota: -1';
echo '' >> $peertube_config_file echo '';
echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag' >> $peertube_config_file echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag';
echo '# Uses a lot of CPU!' >> $peertube_config_file echo '# Uses a lot of CPU!';
echo 'transcoding:' >> $peertube_config_file echo 'transcoding:';
echo ' enabled: true' >> $peertube_config_file echo ' enabled: true';
echo ' threads: 2' >> $peertube_config_file echo ' threads: 2';
echo ' resolutions: # Only created if the original video has a higher resolution' >> $peertube_config_file echo ' resolutions: # Only created if the original video has a higher resolution';
echo ' 240p: true' >> $peertube_config_file echo ' 240p: true';
echo ' 360p: false' >> $peertube_config_file echo ' 360p: false';
echo ' 480p: false' >> $peertube_config_file echo ' 480p: false';
echo ' 720p: false' >> $peertube_config_file echo ' 720p: false';
echo ' 1080p: false' >> $peertube_config_file echo ' 1080p: false'; } >> "$peertube_config_file"
} }
function mesh_install_peertube { function mesh_install_peertube {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then # shellcheck disable=SC2153
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
return return
fi fi
if [[ $ARCHITECTURE != 'x86_64' && $ARCHITECTURE != 'amd64' ]]; then if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then
return return
fi fi
@ -627,22 +631,21 @@ function mesh_install_peertube {
function_check install_postgresql function_check install_postgresql
install_postgresql install_postgresql
if [ -d $rootdir$PEERTUBE_DIR ]; then if [ -d "$rootdir$PEERTUBE_DIR" ]; then
rm -rf $rootdir$PEERTUBE_DIR rm -rf "$rootdir$PEERTUBE_DIR"
fi fi
git clone $PEERTUBE_REPO $rootdir$PEERTUBE_DIR git clone "$PEERTUBE_REPO" "$rootdir$PEERTUBE_DIR"
chroot "$rootdir" groupadd peertube chroot "$rootdir" groupadd peertube
chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube
cd $rootdir$PEERTUBE_DIR cd "$rootdir$PEERTUBE_DIR" || exit 246824524
git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
get_npm_arch get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_peertube cat <<EOF > "$rootdir/usr/bin/install_peertube"
#!/bin/bash #!/bin/bash
cd $PEERTUBE_DIR cd $PEERTUBE_DIR
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
@ -683,34 +686,33 @@ if [ ! "\$?" = "0" ]; then
exit 5293593 exit 5293593
fi fi
EOF EOF
chmod +x $rootdir/usr/bin/install_peertube chmod +x "$rootdir/usr/bin/install_peertube"
chroot "$rootdir" /usr/bin/install_peertube if ! chroot "$rootdir" /usr/bin/install_peertube; then
if [ ! "$?" = "0" ]; then
echo $'PeerTube install failed' echo $'PeerTube install failed'
exit 735638 exit 735638
fi fi
echo '[Unit]' > $rootdir/etc/systemd/system/peertube.service { echo '[Unit]';
echo 'Description=PeerTube Decentralized video streaming platform' >> $rootdir/etc/systemd/system/peertube.service echo 'Description=PeerTube Decentralized video streaming platform';
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/peertube.service echo 'After=syslog.target';
echo 'After=network.target' >> $rootdir/etc/systemd/system/peertube.service echo 'After=network.target';
echo '' >> $rootdir/etc/systemd/system/peertube.service echo '';
echo '[Service]' >> $rootdir/etc/systemd/system/peertube.service echo '[Service]';
echo 'User=peertube' >> $rootdir/etc/systemd/system/peertube.service echo 'User=peertube';
echo 'Group=peertube' >> $rootdir/etc/systemd/system/peertube.service echo 'Group=peertube';
echo "WorkingDirectory=$PEERTUBE_DIR" >> $rootdir/etc/systemd/system/peertube.service echo "WorkingDirectory=$PEERTUBE_DIR";
echo "ExecStart=/usr/local/bin/npm start" >> $rootdir/etc/systemd/system/peertube.service echo "ExecStart=/usr/local/bin/npm start";
echo "ExecStop=/usr/local/bin/npm stop" >> $rootdir/etc/systemd/system/peertube.service echo "ExecStop=/usr/local/bin/npm stop";
echo 'StandardOutput=syslog' >> $rootdir/etc/systemd/system/peertube.service echo 'StandardOutput=syslog';
echo 'StandardError=syslog' >> $rootdir/etc/systemd/system/peertube.service echo 'StandardError=syslog';
echo 'SyslogIdentifier=peertube' >> $rootdir/etc/systemd/system/peertube.service echo 'SyslogIdentifier=peertube';
echo 'Restart=always' >> $rootdir/etc/systemd/system/peertube.service echo 'Restart=always';
echo "Environment=NODE_ENV=production" >> $rootdir/etc/systemd/system/peertube.service echo "Environment=NODE_ENV=production";
echo '' >> $rootdir/etc/systemd/system/peertube.service echo '';
echo '[Install]' >> $rootdir/etc/systemd/system/peertube.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/peertube.service echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/peertube.service"
peertube_create_config $rootdir peertube_create_config "$rootdir"
chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR
@ -730,7 +732,7 @@ function install_peertube {
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $PEERTUBE_DOMAIN_NAME ]; then if [ ! "$PEERTUBE_DOMAIN_NAME" ]; then
echo $'The peertube domain name was not specified' echo $'The peertube domain name was not specified'
exit 783523 exit 783523
fi fi
@ -740,8 +742,8 @@ function install_peertube {
function_check install_postgresql function_check install_postgresql
install_postgresql install_postgresql
if [ ! -d /var/www/$PEERTUBE_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" ]; then
mkdir -p /var/www/$PEERTUBE_DOMAIN_NAME/htdocs mkdir -p "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs"
fi fi
if [ -d $PEERTUBE_DIR ]; then if [ -d $PEERTUBE_DIR ]; then
@ -759,60 +761,56 @@ function install_peertube {
if [ -d /repos/peertube ]; then if [ -d /repos/peertube ]; then
mkdir -p $PEERTUBE_DIR mkdir -p $PEERTUBE_DIR
cp -r -p /repos/peertube/. $PEERTUBE_DIR cp -r -p /repos/peertube/. $PEERTUBE_DIR
cd $PEERTUBE_DIR cd "$PEERTUBE_DIR" || exit 642874682
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $PEERTUBE_REPO $PEERTUBE_DIR git_clone $PEERTUBE_REPO $PEERTUBE_DIR
fi fi
cd $PEERTUBE_DIR cd "$PEERTUBE_DIR" || exit 27492742
git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
set_completion_param "peertube commit" "$PEERTUBE_COMMIT" set_completion_param "peertube commit" "$PEERTUBE_COMMIT"
npm install -g yarn if ! npm install -g yarn; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install yarn' echo $'Failed to install yarn'
exit 79353234 exit 79353234
fi fi
yarn add -D webpack --network-concurrency 1 yarn add -D webpack --network-concurrency 1
yarn install if ! yarn install; then
if [ ! "$?" = "0" ]; then
echo $'Failed to run yarn install' echo $'Failed to run yarn install'
exit 63754235 exit 63754235
fi fi
npm install if ! npm install; then
if [ ! "$?" = "0" ]; then
echo $'Failed to install peertube' echo $'Failed to install peertube'
exit 7835243 exit 7835243
fi fi
npm run build if ! npm run build; then
if [ ! "$?" = "0" ]; then
echo $'Failed to build peertube' echo $'Failed to build peertube'
exit 5293593 exit 5293593
fi fi
PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT}) PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT})
echo '[Unit]' > /etc/systemd/system/peertube.service { echo '[Unit]';
echo 'Description=PeerTube Decentralized video streaming platform' >> /etc/systemd/system/peertube.service echo 'Description=PeerTube Decentralized video streaming platform';
echo 'After=syslog.target' >> /etc/systemd/system/peertube.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/peertube.service echo 'After=network.target';
echo '' >> /etc/systemd/system/peertube.service echo '';
echo '[Service]' >> /etc/systemd/system/peertube.service echo '[Service]';
echo 'User=peertube' >> /etc/systemd/system/peertube.service echo 'User=peertube';
echo 'Group=peertube' >> /etc/systemd/system/peertube.service echo 'Group=peertube';
echo "WorkingDirectory=$PEERTUBE_DIR" >> /etc/systemd/system/peertube.service echo "WorkingDirectory=$PEERTUBE_DIR";
echo "ExecStart=/usr/local/bin/npm start" >> /etc/systemd/system/peertube.service echo "ExecStart=/usr/local/bin/npm start";
echo "ExecStop=/usr/local/bin/npm stop" >> /etc/systemd/system/peertube.service echo "ExecStop=/usr/local/bin/npm stop";
echo 'StandardOutput=syslog' >> /etc/systemd/system/peertube.service echo 'StandardOutput=syslog';
echo 'StandardError=syslog' >> /etc/systemd/system/peertube.service echo 'StandardError=syslog';
echo 'SyslogIdentifier=peertube' >> /etc/systemd/system/peertube.service echo 'SyslogIdentifier=peertube';
echo 'Restart=always' >> /etc/systemd/system/peertube.service echo 'Restart=always';
echo "Environment=NODE_ENV=production" >> /etc/systemd/system/peertube.service echo "Environment=NODE_ENV=production";
echo '' >> /etc/systemd/system/peertube.service echo '';
echo '[Install]' >> /etc/systemd/system/peertube.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/peertube.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/peertube.service
peertube_create_config peertube_create_config
@ -820,10 +818,10 @@ function install_peertube {
peertube_setup_web peertube_setup_web
${PROJECT_NAME}-pass -u $MY_USERNAME -a peertube -p "$PEERTUBE_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $PEERTUBE_DOMAIN_NAME add_ddns_domain "$PEERTUBE_DOMAIN_NAME"
systemctl enable peertube systemctl enable peertube
systemctl daemon-reload systemctl daemon-reload

View File

@ -50,12 +50,12 @@ pelican_variables=(MY_USERNAME
PELICAN_BLOG_CODE) PELICAN_BLOG_CODE)
function pelican_remove_bad_blog_links { function pelican_remove_bad_blog_links {
find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \; find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \; find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \; find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \; find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \; find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \; find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
} }
function logging_on_pelican { function logging_on_pelican {
@ -73,104 +73,104 @@ function install_pelican_website {
fi fi
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $PELICAN_DOMAIN_NAME nginx_http_redirect $PELICAN_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME { echo 'server {';
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' #listen [::]:443 ssl;';
echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
echo " server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " server_name ${PELICAN_DOMAIN_NAME};";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' index index.html;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $PELICAN_DOMAIN_NAME nginx_ssl "$PELICAN_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $PELICAN_DOMAIN_NAME nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $PELICAN_DOMAIN_NAME nginx_limits "$PELICAN_DOMAIN_NAME"
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME { echo ' }';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ''; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $PELICAN_DOMAIN_NAME 'yes' create_site_certificate "$PELICAN_DOMAIN_NAME" 'yes'
} }
function install_pelican_website_onion { function install_pelican_website_onion {
echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;";
echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
echo " server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " server_name ${PELICAN_DOMAIN_NAME};";
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' access_log /dev/null;';
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo " error_log /dev/null;";
echo ' index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' index index.html;';
echo ' charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $PELICAN_DOMAIN_NAME nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME { echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check nginx_limits function_check nginx_limits
nginx_limits $PELICAN_DOMAIN_NAME nginx_limits "$PELICAN_DOMAIN_NAME"
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME { echo ' }';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' # deny access to all dot files';
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~ /\. {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '';
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~ /\.ht {';
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }';
echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '}'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
} }
function pelican_editor_config { function pelican_editor_config {
if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then
echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
echo '(setq org-support-shift-select t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq org-support-shift-select t)';
echo '(setq standard-indent 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq standard-indent 4)';
echo '(setq-default tab-width 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq-default tab-width 4)';
echo '(setq c-basic-offset 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq c-basic-offset 4)';
echo '(mouse-wheel-mode t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(mouse-wheel-mode t)';
echo '(setq make-backup-files t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq make-backup-files t)';
echo '(setq version-control t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq version-control t)';
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
echo "(setq default-major-mode 'text-mode)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo "(setq default-major-mode 'text-mode)";
echo "(dolist (hook '(text-mode-hook))" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo "(dolist (hook '(text-mode-hook))";
echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo ' (add-hook hook (lambda () (flyspell-mode 1))))';
echo '(setq-default fill-column 72)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq-default fill-column 72)';
echo '(setq auto-fill-mode 0)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo '(setq auto-fill-mode 0)';
echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
echo "(setq-default auto-fill-function 'do-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican echo "(setq-default auto-fill-function 'do-auto-fill)"; } > "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican"
fi fi
} }
@ -179,7 +179,7 @@ function pelican_regenerate_blog {
echo '' echo ''
echo $'Regenerating blog...' echo $'Regenerating blog...'
cd $PELICAN_BLOG_INSTALL_DIR cd "$PELICAN_BLOG_INSTALL_DIR" || exit 463856348
make html make html
cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/ cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs
@ -189,19 +189,19 @@ function pelican_new_blog {
DATESTR=$(date "+%Y-%m-%d %H:%M:%S") DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then
echo $'Title: Blog Post Title' > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry { echo $'Title: Blog Post Title';
echo $"Date: ${DATESTR}" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $"Date: ${DATESTR}";
echo $"Author: $(toxid --showuser)" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $"Author: $(toxid --showuser)";
echo $'Category: default' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $'Category: default';
echo $'Tags: blog, tag' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $'Tags: blog, tag';
echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo '';
echo $'Add your text here' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $'Add your text here';
echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo '';
echo -n $'To include an image copy it into the /etc/blog/content/images directory, ' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo -n $'To include an image copy it into the /etc/blog/content/images directory, ';
echo $'then link to it with:' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $'then link to it with:';
echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo '';
echo $'![My image]({filename}images/myimage.jpg)' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo $'![My image]({filename}images/myimage.jpg)';
echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry echo ''; } > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
fi fi
if [ -f /usr/bin/emacs ]; then if [ -f /usr/bin/emacs ]; then
@ -222,7 +222,7 @@ function pelican_new_blog {
# move to the content directory # move to the content directory
CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX) CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
mv $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md mv "$PELICAN_BLOG_INSTALL_DIR/.new-blog-entry" "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
# increment the index # increment the index
CURRENT_INDEX=$((CURRENT_INDEX + 1)) CURRENT_INDEX=$((CURRENT_INDEX + 1))
@ -238,14 +238,14 @@ function pelican_edit_blog {
CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX) CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
PREVIOUS_INDEX=$((CURRENT_INDEX - 1)) PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
if [ ! -f $LAST_BLOG_ENTRY ]; then if [ ! -f "$LAST_BLOG_ENTRY" ]; then
return return
fi fi
if [ -f /usr/bin/emacs ]; then if [ -f /usr/bin/emacs ]; then
emacs -q --load $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican $LAST_BLOG_ENTRY emacs -q --load "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" "$LAST_BLOG_ENTRY"
else else
editor $LAST_BLOG_ENTRY editor "$LAST_BLOG_ENTRY"
fi fi
pelican_regenerate_blog pelican_regenerate_blog
@ -258,18 +258,18 @@ function pelican_delete_blog {
CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX) CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
PREVIOUS_INDEX=$((CURRENT_INDEX - 1)) PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
if [ ! -f $LAST_BLOG_ENTRY ]; then if [ ! -f "$LAST_BLOG_ENTRY" ]; then
return return
fi fi
dialog --title $"Delete the previous blog entry" \ dialog --title $"Delete the previous blog entry" \
--backtitle $"Freedombone Mesh" \ --backtitle $"Freedombone Mesh" \
--defaultno \ --defaultno \
--yesno $"\nAre you sure that you wish to delete the previous blog entry?" 8 60 --yesno $"\\nAre you sure that you wish to delete the previous blog entry?" 8 60
sel=$? sel=$?
case $sel in case $sel in
0) rm $LAST_BLOG_ENTRY 0) rm "$LAST_BLOG_ENTRY"
if [ $CURRENT_INDEX -gt 0 ]; then if [ "$CURRENT_INDEX" -gt 0 ]; then
CURRENT_INDEX=$PREVIOUS_INDEX CURRENT_INDEX=$PREVIOUS_INDEX
echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX
else else
@ -297,8 +297,8 @@ function pelican_change_theme {
for a in "${THEMES[@]}" for a in "${THEMES[@]}"
do do
is_selected='off' is_selected='off'
if [ $curr_theme_index ]; then if [ "$curr_theme_index" ]; then
if [ $n -eq $curr_theme_index ]; then if [ $n -eq "$curr_theme_index" ]; then
is_selected='on' is_selected='on'
fi fi
else else
@ -308,28 +308,30 @@ function pelican_change_theme {
fi fi
themelist="$themelist $n $a $is_selected" themelist="$themelist $n $a $is_selected"
n=$[n+1] n=$((n+1))
theme_index=$[theme_index+1] theme_index=$((theme_index+1))
done done
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Mesh" \ dialog --backtitle $"Freedombone Mesh" \
--title $"Select Blog Theme" \ --title $"Select Blog Theme" \
--radiolist $'Choose:' \ --radiolist $'Choose:' \
80 40 20 $themelist 2> $data 80 40 20 "$themelist" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
CHOSEN_THEME_INDEX=$(cat $data) CHOSEN_THEME_INDEX=$(cat "$data")
rm -f "$data"
echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index
CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1)) CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]} CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
cd $PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME cd "$PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME" || exit 2648268284
pelican_remove_bad_blog_links pelican_remove_bad_blog_links
if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then
@ -341,8 +343,7 @@ function pelican_change_theme {
} }
function configure_interactive_pelican { function configure_interactive_pelican {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Pelican Blogging" \ --title $"Pelican Blogging" \
--radiolist $"Choose an operation:" 18 50 11 \ --radiolist $"Choose an operation:" 18 50 11 \
@ -350,23 +351,25 @@ function configure_interactive_pelican {
2 $"Edit the previous blog entry" off \ 2 $"Edit the previous blog entry" off \
3 $"Delete the previous blog entry" off \ 3 $"Delete the previous blog entry" off \
4 $"Change theme" off \ 4 $"Change theme" off \
5 $"Exit" off 2> $data 5 $"Exit" off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) pelican_new_blog;; 1) pelican_new_blog;;
2) pelican_edit_blog;; 2) pelican_edit_blog;;
3) pelican_delete_blog;; 3) pelican_delete_blog;;
4) pelican_change_theme;; 4) pelican_change_theme;;
5) break;;
esac esac
rm -f "$data"
} }
function install_interactive_pelican { function install_interactive_pelican {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -376,42 +379,43 @@ function install_interactive_pelican {
PELICAN_DETAILS_COMPLETE= PELICAN_DETAILS_COMPLETE=
while [ ! $PELICAN_DETAILS_COMPLETE ] while [ ! $PELICAN_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Pelican Blog Configuration" \ --title $"Pelican Blog Configuration" \
--form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Pelican Blog Configuration" \ --title $"Pelican Blog Configuration" \
--form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p) PELICAN_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $PELICAN_DOMAIN_NAME ]; then if [ "$PELICAN_DOMAIN_NAME" ]; then
if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
PELICAN_DOMAIN_NAME="" PELICAN_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$PELICAN_DOMAIN_NAME" ]]; then
PELICAN_DOMAIN_NAME= PELICAN_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
PELICAN_BLOG_CODE=$(cat $data | sed -n 2p) PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$PELICAN_BLOG_CODE" validate_freedns_code "$PELICAN_BLOG_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
PELICAN_DOMAIN_NAME= PELICAN_DOMAIN_NAME=
fi fi
fi fi
@ -420,6 +424,7 @@ function install_interactive_pelican {
if [ $PELICAN_DOMAIN_NAME ]; then if [ $PELICAN_DOMAIN_NAME ]; then
PELICAN_DETAILS_COMPLETE="yes" PELICAN_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file
@ -454,7 +459,7 @@ function backup_local_pelican {
function restore_local_pelican { function restore_local_pelican {
if [ -d /etc/blog ]; then if [ -d /etc/blog ]; then
if [ -d $USB_MOUNT_DLNA/backup/pelican ]; then if [ -d "$USB_MOUNT_DLNA/backup/pelican" ]; then
temp_restore_dir=/root/temppelican temp_restore_dir=/root/temppelican
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir pelican restore_directory_from_usb $temp_restore_dir pelican
@ -463,6 +468,7 @@ function restore_local_pelican {
else else
cp -r $temp_restore_dir/* /etc/blog/ cp -r $temp_restore_dir/* /etc/blog/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -475,7 +481,7 @@ function restore_local_pelican {
fi fi
fi fi
if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then if [ -d "$USB_MOUNT_DLNA/backup/pelican-site" ]; then
temp_restore_dir=/root/temppelican-site temp_restore_dir=/root/temppelican-site
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir pelican-site restore_directory_from_usb $temp_restore_dir pelican-site
@ -484,6 +490,7 @@ function restore_local_pelican {
else else
cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/ cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -508,7 +515,7 @@ function backup_remote_pelican {
function restore_remote_pelican { function restore_remote_pelican {
if [ -d /etc/blog ]; then if [ -d /etc/blog ]; then
if [ -d $SERVER_DIRECTORY/backup/pelican ]; then if [ -d "$SERVER_DIRECTORY/backup/pelican" ]; then
temp_restore_dir=/root/temppelican temp_restore_dir=/root/temppelican
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir pelican restore_directory_from_friend $temp_restore_dir pelican
@ -517,6 +524,7 @@ function restore_remote_pelican {
else else
cp -r $temp_restore_dir/* /etc/blog/ cp -r $temp_restore_dir/* /etc/blog/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 782352 exit 782352
fi fi
@ -524,7 +532,7 @@ function restore_remote_pelican {
fi fi
fi fi
if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then if [ -d "$SERVER_DIRECTORY/backup/pelican-site" ]; then
temp_restore_dir=/root/temppelican-site temp_restore_dir=/root/temppelican-site
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir pelican-site restore_directory_from_friend $temp_restore_dir pelican-site
@ -533,6 +541,7 @@ function restore_remote_pelican {
else else
cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/ cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 76382562 exit 76382562
fi fi
@ -561,112 +570,112 @@ function remove_pelican {
} }
function create_pelican_conf { function create_pelican_conf {
STATIC_BLOG_FILE=$1 STATIC_BLOG_FILE="$1"
echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE { echo '#!/usr/bin/env python';
echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE echo '# -*- coding: utf-8 -*- #';
echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE echo 'from __future__ import unicode_literals';
echo '' >> $STATIC_BLOG_FILE echo '';
echo "AUTHOR=u\"$MY_USERNAME\"" >> $STATIC_BLOG_FILE echo "AUTHOR=u\"$MY_USERNAME\"";
echo "SITENAME=u'$DEFAULT_BLOG_TITLE'" >> $STATIC_BLOG_FILE echo "SITENAME=u'$DEFAULT_BLOG_TITLE'";
echo "SITEURL=''" >> $STATIC_BLOG_FILE echo "SITEURL=''";
echo "PATH='content'" >> $STATIC_BLOG_FILE echo "PATH='content'";
echo 'TIMEZONE=u"Europe/London"' >> $STATIC_BLOG_FILE echo 'TIMEZONE=u"Europe/London"';
echo "DEFAULT_LANG=u'en'" >> $STATIC_BLOG_FILE echo "DEFAULT_LANG=u'en'";
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'FEED_ALL_ATOM=None' >> $STATIC_BLOG_FILE echo 'FEED_ALL_ATOM=None';
echo 'CATEGORY_FEED_ATOM=None' >> $STATIC_BLOG_FILE echo 'CATEGORY_FEED_ATOM=None';
echo 'TRANSLATION_FEED_ATOM=None' >> $STATIC_BLOG_FILE echo 'TRANSLATION_FEED_ATOM=None';
echo 'AUTHOR_FEED_ATOM=None' >> $STATIC_BLOG_FILE echo 'AUTHOR_FEED_ATOM=None';
echo 'AUTHOR_FEED_RSS=None' >> $STATIC_BLOG_FILE echo 'AUTHOR_FEED_RSS=None';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'DEFAULT_PAGINATION=False' >> $STATIC_BLOG_FILE echo 'DEFAULT_PAGINATION=False';
echo 'RELATIVE_URLS=True' >> $STATIC_BLOG_FILE echo 'RELATIVE_URLS=True';
echo "THEME='themes/nice-blog'" >> $STATIC_BLOG_FILE echo "THEME='themes/nice-blog'"; } > "$STATIC_BLOG_FILE"
} }
function create_pelican_makefile { function create_pelican_makefile {
STATIC_BLOG_FILE=$1 STATIC_BLOG_FILE="$1"
echo 'PY?=python' > $STATIC_BLOG_FILE { echo 'PY?=python';
echo 'PELICAN?=pelican' >> $STATIC_BLOG_FILE echo 'PELICAN?=pelican';
echo 'PELICANOPTS=' >> $STATIC_BLOG_FILE echo 'PELICANOPTS=';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'BASEDIR=$(CURDIR)' >> $STATIC_BLOG_FILE echo "BASEDIR=\$(CURDIR)";
echo 'INPUTDIR=$(BASEDIR)/content' >> $STATIC_BLOG_FILE echo "INPUTDIR=\$(BASEDIR)/content";
echo "OUTPUTDIR=$PELICAN_BLOG_PATH" >> $STATIC_BLOG_FILE echo "OUTPUTDIR=$PELICAN_BLOG_PATH";
echo 'CONFFILE=$(BASEDIR)/pelicanconf.py' >> $STATIC_BLOG_FILE echo "CONFFILE=\$(BASEDIR)/pelicanconf.py";
echo 'PUBLISHCONF=$(BASEDIR)/publishconf.py' >> $STATIC_BLOG_FILE echo "PUBLISHCONF=\$(BASEDIR)/publishconf.py";
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'DEBUG ?= 0' >> $STATIC_BLOG_FILE echo 'DEBUG ?= 0';
echo 'ifeq ($(DEBUG), 1)' >> $STATIC_BLOG_FILE echo "ifeq (\$(DEBUG), 1)";
echo -e '\tPELICANOPTS += -D' >> $STATIC_BLOG_FILE echo -e '\tPELICANOPTS += -D';
echo 'endif' >> $STATIC_BLOG_FILE echo 'endif';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'RELATIVE ?= 0' >> $STATIC_BLOG_FILE echo 'RELATIVE ?= 0';
echo 'ifeq ($(RELATIVE), 1)' >> $STATIC_BLOG_FILE echo "ifeq (\$(RELATIVE), 1)";
echo -e '\tPELICANOPTS += --relative-urls' >> $STATIC_BLOG_FILE echo -e '\tPELICANOPTS += --relative-urls';
echo 'endif' >> $STATIC_BLOG_FILE echo 'endif';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'html:' >> $STATIC_BLOG_FILE echo 'html:';
echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'clean:' >> $STATIC_BLOG_FILE echo 'clean:';
echo -e '\t[ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR)' >> $STATIC_BLOG_FILE echo -e "\\t[ ! -d \$(OUTPUTDIR) ] || rm -rf \$(OUTPUTDIR)";
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'regenerate:' >> $STATIC_BLOG_FILE echo 'regenerate:';
echo -e '\t$(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE echo -e "\\t\$(PELICAN) -r \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'serve:' >> $STATIC_BLOG_FILE echo 'serve:';
echo 'ifdef PORT' >> $STATIC_BLOG_FILE echo 'ifdef PORT';
echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT)' >> $STATIC_BLOG_FILE echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server \$(PORT)";
echo 'else' >> $STATIC_BLOG_FILE echo 'else';
echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server' >> $STATIC_BLOG_FILE echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server";
echo 'endif' >> $STATIC_BLOG_FILE echo 'endif';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'serve-global:' >> $STATIC_BLOG_FILE echo 'serve-global:';
echo 'ifdef SERVER' >> $STATIC_BLOG_FILE echo 'ifdef SERVER';
echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER)' >> $STATIC_BLOG_FILE echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 \$(SERVER)";
echo 'else' >> $STATIC_BLOG_FILE echo 'else';
echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0' >> $STATIC_BLOG_FILE echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 0.0.0.0";
echo 'endif' >> $STATIC_BLOG_FILE echo 'endif';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'devserver:' >> $STATIC_BLOG_FILE echo 'devserver:';
echo 'ifdef PORT' >> $STATIC_BLOG_FILE echo 'ifdef PORT';
echo -e '\t$(BASEDIR)/develop_server.sh restart $(PORT)' >> $STATIC_BLOG_FILE echo -e "\\t\$(BASEDIR)/develop_server.sh restart \$(PORT)";
echo 'else' >> $STATIC_BLOG_FILE echo 'else';
echo -e '\t$(BASEDIR)/develop_server.sh restart' >> $STATIC_BLOG_FILE echo -e "\\t\$(BASEDIR)/develop_server.sh restart";
echo 'endif' >> $STATIC_BLOG_FILE echo 'endif';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'stopserver:' >> $STATIC_BLOG_FILE echo 'stopserver:';
echo -e '\t$(BASEDIR)/develop_server.sh stop' >> $STATIC_BLOG_FILE echo -e "\\t\$(BASEDIR)/develop_server.sh stop";
echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."' >> $STATIC_BLOG_FILE echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'publish:' >> $STATIC_BLOG_FILE echo 'publish:';
echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS)' >> $STATIC_BLOG_FILE echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(PUBLISHCONF) \$(PELICANOPTS)";
echo '' >> $STATIC_BLOG_FILE echo '';
echo '.PHONY: html clean regenerate serve serve-global devserver publish' >> $STATIC_BLOG_FILE echo '.PHONY: html clean regenerate serve serve-global devserver publish'; } > "$STATIC_BLOG_FILE"
} }
function create_pelican_publish_conf { function create_pelican_publish_conf {
STATIC_BLOG_FILE=$1 STATIC_BLOG_FILE=$1
echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE { echo '#!/usr/bin/env python';
echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE echo '# -*- coding: utf-8 -*- #';
echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE echo 'from __future__ import unicode_literals';
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'import os' >> $STATIC_BLOG_FILE echo 'import os';
echo 'import sys' >> $STATIC_BLOG_FILE echo 'import sys';
echo 'sys.path.append(os.curdir)' >> $STATIC_BLOG_FILE echo 'sys.path.append(os.curdir)';
echo 'from pelicanconf import *' >> $STATIC_BLOG_FILE echo 'from pelicanconf import *';
echo '' >> $STATIC_BLOG_FILE echo '';
echo "SITEURL = ''" >> $STATIC_BLOG_FILE echo "SITEURL = ''";
echo 'RELATIVE_URLS = True' >> $STATIC_BLOG_FILE echo 'RELATIVE_URLS = True';
echo '' >> $STATIC_BLOG_FILE echo '';
echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'" >> $STATIC_BLOG_FILE echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'";
echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'" >> $STATIC_BLOG_FILE echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'";
echo '' >> $STATIC_BLOG_FILE echo '';
echo 'DELETE_OUTPUT_DIRECTORY = True' >> $STATIC_BLOG_FILE echo 'DELETE_OUTPUT_DIRECTORY = True'; } > "$STATIC_BLOG_FILE"
} }
function pelican_themes { function pelican_themes {
@ -747,10 +756,12 @@ function pelican_themes {
} }
function mesh_install_pelican { function mesh_install_pelican {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then # shellcheck disable=SC2153
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
return return
fi fi
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install python-pip chroot "$rootdir" apt-get -yq install python-pip
chroot "$rootdir" pip install ipython chroot "$rootdir" pip install ipython
chroot "$rootdir" pip install Markdown chroot "$rootdir" pip install Markdown
@ -760,34 +771,34 @@ function mesh_install_pelican {
PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog
PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog
if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR ]; then if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR" ]; then
mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR"
fi fi
if [ ! -d $rootdir$PELICAN_BLOG_PATH ]; then if [ ! -d "$rootdir$PELICAN_BLOG_PATH" ]; then
mkdir -p $rootdir$PELICAN_BLOG_PATH mkdir -p "$rootdir$PELICAN_BLOG_PATH"
fi fi
if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images ]; then if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" ]; then
mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images"
fi fi
create_pelican_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py create_pelican_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
create_pelican_makefile $rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile create_pelican_makefile "$rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile"
create_pelican_publish_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py create_pelican_publish_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/themes mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes"
cd $rootdir$PELICAN_BLOG_INSTALL_DIR/themes cd "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" || exit 74624524
pelican_themes pelican_themes
#git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins #git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins
chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Public"
} }
function install_pelican { function install_pelican {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_install_pelican mesh_install_pelican
return return
fi fi
@ -800,29 +811,29 @@ function install_pelican {
PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs
if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then if [ ! -d "$PELICAN_BLOG_INSTALL_DIR" ]; then
mkdir -p $PELICAN_BLOG_INSTALL_DIR mkdir -p "$PELICAN_BLOG_INSTALL_DIR"
fi fi
if [ ! -d $PELICAN_BLOG_PATH ]; then if [ ! -d $PELICAN_BLOG_PATH ]; then
mkdir -p $PELICAN_BLOG_PATH mkdir -p $PELICAN_BLOG_PATH
fi fi
if [ ! -d $PELICAN_BLOG_INSTALL_DIR/content ]; then if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/content" ]; then
mkdir -p $PELICAN_BLOG_INSTALL_DIR/content mkdir -p "$PELICAN_BLOG_INSTALL_DIR/content"
fi fi
create_pelican_conf $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py create_pelican_conf "$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
create_pelican_makefile $PELICAN_BLOG_INSTALL_DIR/Makefile create_pelican_makefile "$PELICAN_BLOG_INSTALL_DIR/Makefile"
create_pelican_publish_conf $PELICAN_BLOG_INSTALL_DIR/publishconf.py create_pelican_publish_conf "$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
mkdir -p $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes mkdir -p "$PELICAN_THEMES_REPO" "$PELICAN_BLOG_INSTALL_DIR/themes"
cd $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes cd "$PELICAN_BLOG_INSTALL_DIR/themes" || exit 45357282883
pelican_themes pelican_themes
#git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins #git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins
chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
chown -R www-data:www-data $PELICAN_BLOG_PATH chown -R www-data:www-data $PELICAN_BLOG_PATH
pelican_editor_config pelican_editor_config
@ -834,7 +845,7 @@ function install_pelican {
install_pelican_website_onion install_pelican_website_onion
pelican_regenerate_blog pelican_regenerate_blog
if [ ! -d $PELICAN_BLOG_INSTALL_DIR/output ]; then if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/output" ]; then
echo $'Failed to generate pelican blog' echo $'Failed to generate pelican blog'
exit 521892 exit 521892
fi fi

View File

@ -66,17 +66,17 @@ function pihole_copy_files {
if [ ! -d /etc/.pihole ]; then if [ ! -d /etc/.pihole ]; then
mkdir /etc/.pihole mkdir /etc/.pihole
fi fi
cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default
cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default
if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST
fi fi
cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename cp "$INSTALL_DIR/pihole/advanced/Scripts/*" /opt/$piholeBasename
if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
rm /etc/dnsmasq.d/01-pihole.conf rm /etc/dnsmasq.d/01-pihole.conf
fi fi
cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole
cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename
chmod +x /opt/pihole/*.sh chmod +x /opt/pihole/*.sh
} }
@ -95,7 +95,7 @@ function pihole_update {
return return
fi fi
if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
PIHOLE_IFACE=eth0 PIHOLE_IFACE=eth0
else else
read_config_param WIFI_INTERFACE read_config_param WIFI_INTERFACE
@ -114,13 +114,13 @@ function pihole_update {
echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars} echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars} echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
echo 'domain-needed' > /etc/dnsmasq.conf { echo 'domain-needed';
echo 'bogus-priv' >> /etc/dnsmasq.conf echo 'bogus-priv';
echo 'no-resolv' >> /etc/dnsmasq.conf echo 'no-resolv';
echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf echo "server=${PIHOLE_DNS1}";
echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf echo "server=${PIHOLE_DNS2}";
echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf echo "interface=${PIHOLE_IFACE}";
echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf
pihole -g pihole -g
systemctl restart dnsmasq systemctl restart dnsmasq
@ -132,8 +132,7 @@ function pihole_update {
} }
function pihole_change_upstream_dns { function pihole_change_upstream_dns {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Ad Blocker Upstream DNS" \ dialog --backtitle $"Ad Blocker Upstream DNS" \
--radiolist $"Pick a domain name service (DNS):" 28 50 19 \ --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
1 $"Digital Courage" on \ 1 $"Digital Courage" on \
@ -154,13 +153,15 @@ function pihole_change_upstream_dns {
16 $"DNS.Watch" off \ 16 $"DNS.Watch" off \
17 $"uncensoreddns.org" off \ 17 $"uncensoreddns.org" off \
18 $"Lorraine Data Network" off \ 18 $"Lorraine Data Network" off \
19 $"Google" off 2> $data 19 $"Google" off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) PIHOLE_DNS1='85.214.73.63' 1) PIHOLE_DNS1='85.214.73.63'
PIHOLE_DNS2='213.73.91.35' PIHOLE_DNS2='213.73.91.35'
;; ;;
@ -218,10 +219,12 @@ function pihole_change_upstream_dns {
19) PIHOLE_DNS1='8.8.8.8' 19) PIHOLE_DNS1='8.8.8.8'
PIHOLE_DNS2='4.4.4.4' PIHOLE_DNS2='4.4.4.4'
dialog --title $"WARNING" \ dialog --title $"WARNING" \
--msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60 --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
;; ;;
255) exit 1;; 255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1" write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2" write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
} }
@ -252,8 +255,7 @@ function pihole_resume {
function configure_interactive_pihole { function configure_interactive_pihole {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Ad Blocker" \ --title $"Ad Blocker" \
--radiolist $"Choose an operation:" 16 70 7 \ --radiolist $"Choose an operation:" 16 70 7 \
@ -263,13 +265,15 @@ function configure_interactive_pihole {
4 $"Change upstream DNS servers" off \ 4 $"Change upstream DNS servers" off \
5 $"Pause blocker" off \ 5 $"Pause blocker" off \
6 $"Resume blocker" off \ 6 $"Resume blocker" off \
7 $"Exit" on 2> $data 7 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) editor $PIHOLE_CUSTOM_ADLIST 1) editor $PIHOLE_CUSTOM_ADLIST
update_pihole_interactive update_pihole_interactive
;; ;;
@ -286,8 +290,10 @@ function configure_interactive_pihole {
;; ;;
6) pihole_resume 6) pihole_resume
;; ;;
7) break;; 7) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -306,7 +312,7 @@ function upgrade_pihole {
fi fi
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
pihole_copy_files pihole_copy_files
pihole_update pihole_update
@ -367,8 +373,8 @@ function remove_pihole {
rm /etc/cron.d/pihole rm /etc/cron.d/pihole
fi fi
if [ -d $INSTALL_DIR/pihole ]; then if [ -d "$INSTALL_DIR/pihole" ]; then
rm -rf $INSTALL_DIR/pihole rm -rf "$INSTALL_DIR/pihole"
fi fi
firewall_remove 53 firewall_remove 53
@ -391,27 +397,27 @@ function install_pihole {
systemctl enable dnsmasq systemctl enable dnsmasq
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p $INSTALL_DIR mkdir -p "$INSTALL_DIR"
fi fi
if [ ! -d $INSTALL_DIR/pihole ]; then if [ ! -d "$INSTALL_DIR/pihole" ]; then
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 78245624527
if [ -d /repos/pihole ]; then if [ -d /repos/pihole ]; then
mkdir pihole mkdir pihole
cp -r -p /repos/pihole/. pihole cp -r -p /repos/pihole/. pihole
cd pihole cd pihole || exit 24572424684
git pull git pull
else else
git_clone $PIHOLE_REPO pihole git_clone $PIHOLE_REPO pihole
fi fi
if [ ! -d $INSTALL_DIR/pihole ]; then if [ ! -d "$INSTALL_DIR/pihole" ]; then
exit 523925 exit 523925
fi fi
cd $INSTALL_DIR/pihole cd "$INSTALL_DIR/pihole" || exit 2682468242
git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT"
set_completion_param "pihole commit" "$PIHOLE_COMMIT" set_completion_param "pihole commit" "$PIHOLE_COMMIT"
fi fi
@ -420,21 +426,21 @@ function install_pihole {
fi fi
# blank file which takes the place of ads # blank file which takes the place of ads
echo '<html>' > /var/www/pihole/htdocs/index.html { echo '<html>';
echo '<body>' >> /var/www/pihole/htdocs/index.html echo '<body>';
echo '</body>' >> /var/www/pihole/htdocs/index.html echo '</body>';
echo '</html>' >> /var/www/pihole/htdocs/index.html echo '</html>'; } > /var/www/pihole/htdocs/index.html
if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then
exit 26738 exit 26738
fi fi
cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh
chmod 755 /usr/local/bin/gravity.sh chmod 755 /usr/local/bin/gravity.sh
if [ ! -f $INSTALL_DIR/pihole/pihole ]; then if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then
exit 52935 exit 52935
fi fi
cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole
chmod 755 /usr/local/bin/pihole chmod 755 /usr/local/bin/pihole
if [ ! -d $piholeDir ]; then if [ ! -d $piholeDir ]; then

File diff suppressed because it is too large Load Diff

View File

@ -66,12 +66,12 @@ function logging_off_postactiv {
function postactiv_customise_logo { function postactiv_customise_logo {
domain_name=$1 domain_name=$1
if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then
if [ -f ~/freedombone/img/postactiv.png ]; then if [ -f ~/freedombone/img/postactiv.png ]; then
cp ~/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png"
else else
if [ -f /home/$MY_USERNAME/freedombone/img/postactiv.png ]; then if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then
cp /home/$MY_USERNAME/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
fi fi
fi fi
fi fi
@ -80,13 +80,13 @@ function postactiv_customise_logo {
function remove_user_postactiv { function remove_user_postactiv {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp postactiv "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp postactiv
function_check get_completion_param function_check get_completion_param
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254
php scripts/deleteprofile.php -n $remove_username -y php scripts/deleteprofile.php -n "$remove_username" -y
fi fi
} }
@ -94,13 +94,13 @@ function add_user_postactiv {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a postactiv -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a postactiv -p "$new_user_password"
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs ]; then if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs" ]; then
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 346846834
php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME" php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME"
${PROJECT_NAME}-addemail -u $new_username -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
echo '0' echo '0'
else else
echo '1' echo '1'
@ -108,7 +108,7 @@ function add_user_postactiv {
} }
function install_interactive_postactiv { function install_interactive_postactiv {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -118,54 +118,55 @@ function install_interactive_postactiv {
POSTACTIV_DETAILS_COMPLETE= POSTACTIV_DETAILS_COMPLETE=
while [ ! $POSTACTIV_DETAILS_COMPLETE ] while [ ! $POSTACTIV_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"PostActiv Configuration" \ --title $"PostActiv Configuration" \
--form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
$"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
$"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
$"Code:" 4 1 "$(grep 'POSTACTIV_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \ $"Code:" 4 1 "$(grep 'POSTACTIV_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"PostActiv Configuration" \ --title $"PostActiv Configuration" \
--form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
$"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
$"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
POSTACTIV_DOMAIN_NAME=$(cat $data | sed -n 1p) POSTACTIV_DOMAIN_NAME=$(sed -n 1p < "$data")
title=$(cat $data | sed -n 2p) title=$(sed -n 2p < "$data")
if [ ${#title} -gt 1 ]; then if [ ${#title} -gt 1 ]; then
POSTACTIV_TITLE=$welcome_msg POSTACTIV_TITLE=$title
fi fi
img_url=$(cat $data | sed -n 3p) img_url=$(sed -n 3p < "$data")
if [ ${#img_url} -gt 1 ]; then if [ ${#img_url} -gt 1 ]; then
POSTACTIV_BACKGROUND_IMAGE_URL=$img_url POSTACTIV_BACKGROUND_IMAGE_URL=$img_url
fi fi
if [ $POSTACTIV_DOMAIN_NAME ]; then if [ "$POSTACTIV_DOMAIN_NAME" ]; then
if [[ $POSTACTIV_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ "$POSTACTIV_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
POSTACTIV_DOMAIN_NAME="" POSTACTIV_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$POSTACTIV_DOMAIN_NAME TEST_DOMAIN_NAME=$POSTACTIV_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $POSTACTIV_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$POSTACTIV_DOMAIN_NAME" ]]; then
POSTACTIV_DOMAIN_NAME= POSTACTIV_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
POSTACTIV_CODE=$(cat $data | sed -n 4p) POSTACTIV_CODE=$(sed -n 4p < "$data")
validate_freedns_code "$POSTACTIV_CODE" validate_freedns_code "$POSTACTIV_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
POSTACTIV_DOMAIN_NAME= POSTACTIV_DOMAIN_NAME=
fi fi
fi fi
@ -174,11 +175,12 @@ function install_interactive_postactiv {
if [ $POSTACTIV_DOMAIN_NAME ]; then if [ $POSTACTIV_DOMAIN_NAME ]; then
POSTACTIV_DETAILS_COMPLETE="yes" POSTACTIV_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# remove any invalid characters # remove any invalid characters
if [ ${#POSTACTIV_TITLE} -gt 0 ]; then if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
new_title=$(echo "$POSTACTIV_TITLE" | sed "s|'||g") new_title=${"$POSTACTIV_TITLE"//\'//}
POSTACTIV_TITLE="$new_title" POSTACTIV_TITLE="$new_title"
fi fi
@ -197,26 +199,26 @@ function change_password_postactiv {
read_config_param 'POSTACTIV_DOMAIN_NAME' read_config_param 'POSTACTIV_DOMAIN_NAME'
cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts cd "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts" || exit 246824682
php setpassword.php "$curr_username" "$new_user_password" php setpassword.php "$curr_username" "$new_user_password"
${PROJECT_NAME}-pass -u "$curr_username" -a postactiv -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a postactiv -p "$new_user_password"
} }
function postactiv_create_database { function postactiv_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
POSTACTIV_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" POSTACTIV_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
POSTACTIV_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" POSTACTIV_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" $MY_USERNAME create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function postactiv_running_script { function postactiv_running_script {
@ -235,64 +237,63 @@ function reconfigure_postactiv {
function postactiv_set_background_image { function postactiv_set_background_image {
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"PostActiv" \ dialog --title $"PostActiv" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Set a background image URL' 10 60 2>$data --inputbox $'Set a background image URL' 10 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
temp_background=$(<$data) temp_background=$(<"$data")
if [ ${#temp_background} -gt 0 ]; then if [ ${#temp_background} -gt 0 ]; then
POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background" POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background"
write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL" write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL"
if [[ $(pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then if [[ $(pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
dialog --title $"Set PostActiv background" \ dialog --title $"Set PostActiv background" \
--msgbox $"The background image has been set" 6 60 --msgbox $"The background image has been set" 6 60
fi fi
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function postactiv_set_title { function postactiv_set_title {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"PostActiv" \ dialog --title $"PostActiv" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Set a title' 10 60 2>$data --inputbox $'Set a title' 10 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
new_title=$(<$data) new_title=$(<"$data")
if [ ${#new_title} -gt 0 ]; then if [ ${#new_title} -gt 0 ]; then
POSTACTIV_TITLE="$new_title" POSTACTIV_TITLE="$new_title"
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
write_config_param "POSTACTIV_TITLE" "$POSTACTIV_TITLE" write_config_param "POSTACTIV_TITLE" "$POSTACTIV_TITLE"
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static" || exit 782452452
sed -i "s|\"name\":.*|\"name\": \"${POSTACTIV_TITLE}\",|g" config.json sed -i "s|\"name\":.*|\"name\": \"${POSTACTIV_TITLE}\",|g" config.json
dialog --title $"Set PostActiv title" \ dialog --title $"Set PostActiv title" \
--msgbox $"The title has been set" 6 60 --msgbox $"The title has been set" 6 60
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function postactiv_set_expire_months { function postactiv_set_expire_months {
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
read_config_param "POSTACTIV_EXPIRE_MONTHS" read_config_param "POSTACTIV_EXPIRE_MONTHS"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"PostActiv" \ dialog --title $"PostActiv" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>$data --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
new_expiry_months=$(<$data) new_expiry_months=$(<"$data")
if [ ${#new_expiry_months} -gt 0 ]; then if [ ${#new_expiry_months} -gt 0 ]; then
# should contain no spaces # should contain no spaces
if [[ "$new_expiry_months" == *" "* ]]; then if [[ "$new_expiry_months" == *" "* ]]; then
@ -312,14 +313,14 @@ function postactiv_set_expire_months {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_postactiv { function configure_interactive_postactiv {
read_config_param "POSTACTIV_EXPIRE_MONTHS" read_config_param "POSTACTIV_EXPIRE_MONTHS"
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"PostActiv" \ --title $"PostActiv" \
--radiolist $"Choose an operation:" 16 70 7 \ --radiolist $"Choose an operation:" 16 70 7 \
@ -329,21 +330,25 @@ function configure_interactive_postactiv {
4 $"Select Qvitter user interface" off \ 4 $"Select Qvitter user interface" off \
5 $"Select Pleroma user interface" off \ 5 $"Select Pleroma user interface" off \
6 $"Select Classic user interface" off \ 6 $"Select Classic user interface" off \
7 $"Exit" on 2> $data 7 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) postactiv_set_background_image;; 1) postactiv_set_background_image;;
2) postactiv_set_title;; 2) postactiv_set_title;;
3) postactiv_set_expire_months;; 3) postactiv_set_expire_months;;
4) gnusocial_use_qvitter postactiv;; 4) gnusocial_use_qvitter postactiv;;
5) gnusocial_use_pleroma postactiv;; 5) gnusocial_use_pleroma postactiv;;
6) gnusocial_use_classic postactiv;; 6) gnusocial_use_classic postactiv;;
7) break;; 7) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -353,22 +358,22 @@ function upgrade_postactiv {
return return
fi fi
if grep -q "postactiv domain" $COMPLETION_FILE; then if grep -q "postactiv domain" "$COMPLETION_FILE"; then
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO set_repo_commit "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO
# Ensure that installation script is removed # Ensure that installation script is removed
if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
fi fi
if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then
if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php ]; then if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" ]; then
mv /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php mv "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php"
fi fi
fi fi
@ -379,16 +384,16 @@ function upgrade_postactiv {
gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME" gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
postactiv_customise_logo postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME" install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs chown -R www-data:www-data "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs"
systemctl restart mariadb systemctl restart mariadb
} }
function backup_local_postactiv { function backup_local_postactiv {
POSTACTIV_DOMAIN_NAME='postactiv' POSTACTIV_DOMAIN_NAME='postactiv'
if grep -q "postactiv domain" $COMPLETION_FILE; then if grep -q "postactiv domain" "$COMPLETION_FILE"; then
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
fi fi
@ -396,24 +401,24 @@ function backup_local_postactiv {
/etc/cron.daily/postactiv-expire /etc/cron.daily/postactiv-expire
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then if [ ! -d "$source_directory" ]; then
mkdir $source_directory mkdir "$source_directory"
fi fi
cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
fi fi
function_check suspend_site function_check suspend_site
suspend_site ${POSTACTIV_DOMAIN_NAME} suspend_site "${POSTACTIV_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
dest_directory=postactivconfig dest_directory=postactivconfig
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
dest_directory=postactivfile dest_directory=postactivfile
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb function_check backup_database_to_usb
backup_database_to_usb postactiv backup_database_to_usb postactiv
@ -423,16 +428,16 @@ function backup_local_postactiv {
} }
function restore_local_postactiv { function restore_local_postactiv {
if ! grep -q "postactiv domain" $COMPLETION_FILE; then if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
return return
fi fi
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if [ $POSTACTIV_DOMAIN_NAME ]; then if [ "$POSTACTIV_DOMAIN_NAME" ]; then
echo $"Restoring postactiv" echo $"Restoring postactiv"
temp_restore_dir=/root/temppostactiv temp_restore_dir=/root/temppostactiv
postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
# stop the daemons # stop the daemons
cd $postactiv_dir cd "$postactiv_dir" || exit 468246242
scripts/stopdaemons.sh scripts/stopdaemons.sh
function_check postactiv_create_database function_check postactiv_create_database
@ -446,36 +451,36 @@ function restore_local_postactiv {
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir postactivconfig restore_directory_from_usb $temp_restore_dir postactivconfig
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$postactiv_dir ]; then if [ -d "$temp_restore_dir$postactiv_dir" ]; then
cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/ cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/ cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
else else
cp $temp_restore_dir/backup/config.php $postactiv_dir/ cp "$temp_restore_dir/backup/config.php" "$postactiv_dir/"
if [ ! -d $postactiv_dir/static ]; then if [ ! -d "$postactiv_dir/static" ]; then
mkdir $postactiv_dir/static mkdir "$postactiv_dir/static"
fi fi
cp -rp $temp_restore_dir/static/* $postactiv_dir/static/ cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
fi fi
chown www-data:www-data $postactiv_dir/config.php chown www-data:www-data "$postactiv_dir/config.php"
chown -R www-data:www-data $postactiv_dir/static chown -R www-data:www-data "$postactiv_dir/static"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
restore_directory_from_usb $temp_restore_dir postactivfile restore_directory_from_usb $temp_restore_dir postactivfile
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$postactiv_dir/file ]; then if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/ cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
else else
if [ ! -d $postactiv_dir/file ]; then if [ ! -d "$postactiv_dir/file" ]; then
mkdir $postactiv_dir/file mkdir "$postactiv_dir/file"
fi fi
cp -rp $temp_restore_dir/* $postactiv_dir/file/ cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
fi fi
chown -R www-data:www-data $postactiv_dir/file chown -R www-data:www-data "$postactiv_dir/file"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME} gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"
echo $"Restore of postactiv complete" echo $"Restore of postactiv complete"
fi fi
@ -483,7 +488,7 @@ function restore_local_postactiv {
function backup_remote_postactiv { function backup_remote_postactiv {
POSTACTIV_DOMAIN_NAME='postactiv' POSTACTIV_DOMAIN_NAME='postactiv'
if grep -q "postactiv domain" $COMPLETION_FILE; then if grep -q "postactiv domain" "$COMPLETION_FILE"; then
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
fi fi
@ -491,24 +496,24 @@ function backup_remote_postactiv {
/etc/cron.daily/postactiv-expire /etc/cron.daily/postactiv-expire
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then if [ ! -d "$source_directory" ]; then
mkdir $source_directory mkdir "$source_directory"
fi fi
cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
fi fi
function_check suspend_site function_check suspend_site
suspend_site ${POSTACTIV_DOMAIN_NAME} suspend_site "${POSTACTIV_DOMAIN_NAME}"
function_check backup_directory_to_friend function_check backup_directory_to_friend
dest_directory=postactivconfig dest_directory=postactivconfig
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
dest_directory=postactivfile dest_directory=postactivfile
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
function_check backup_database_to_friend function_check backup_database_to_friend
backup_database_to_friend postactiv backup_database_to_friend postactiv
@ -518,16 +523,16 @@ function backup_remote_postactiv {
} }
function restore_remote_postactiv { function restore_remote_postactiv {
if ! grep -q "postactiv domain" $COMPLETION_FILE; then if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
return return
fi fi
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if [ $POSTACTIV_DOMAIN_NAME ]; then if [ "$POSTACTIV_DOMAIN_NAME" ]; then
echo $"Restoring postactiv" echo $"Restoring postactiv"
temp_restore_dir=/root/temppostactiv temp_restore_dir=/root/temppostactiv
postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
# stop the daemons # stop the daemons
cd $postactiv_dir cd "$postactiv_dir" || exit 24682464
scripts/stopdaemons.sh scripts/stopdaemons.sh
function_check postactiv_create_database function_check postactiv_create_database
@ -542,36 +547,36 @@ function restore_remote_postactiv {
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir postactivconfig restore_directory_from_friend $temp_restore_dir postactivconfig
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$postactiv_dir ]; then if [ -d "$temp_restore_dir$postactiv_dir" ]; then
cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/ cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/ cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
else else
cp $temp_restore_dir/config.php $postactiv_dir/ cp "$temp_restore_dir/config.php" "$postactiv_dir/"
if [ ! -d $postactiv_dir/static ]; then if [ ! -d "$postactiv_dir/static" ]; then
mkdir $postactiv_dir/static mkdir "$postactiv_dir/static"
fi fi
cp -rp $temp_restore_dir/static/* $postactiv_dir/static/ cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
fi fi
chown www-data:www-data $postactiv_dir/config.php chown www-data:www-data "$postactiv_dir/config.php"
chown -R www-data:www-data $postactiv_dir/static chown -R www-data:www-data "$postactiv_dir/static"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
restore_directory_from_friend $temp_restore_dir postactivfile restore_directory_from_friend $temp_restore_dir postactivfile
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$postactiv_dir/file ]; then if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/ cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
else else
if [ ! -d $postactiv_dir/file ]; then if [ ! -d "$postactiv_dir/file" ]; then
mkdir $postactiv_dir/file mkdir "$postactiv_dir/file"
fi fi
cp -rp $temp_restore_dir/* $postactiv_dir/file/ cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
fi fi
chown -R www-data:www-data $postactiv_dir/file chown -R www-data:www-data "$postactiv_dir/file"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME} gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"
echo $"Restore of postactiv complete" echo $"Restore of postactiv complete"
fi fi
@ -587,23 +592,23 @@ function remove_postactiv {
read_config_param "POSTACTIV_DOMAIN_NAME" read_config_param "POSTACTIV_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $POSTACTIV_DOMAIN_NAME" echo "Removing $POSTACTIV_DOMAIN_NAME"
nginx_dissite $POSTACTIV_DOMAIN_NAME nginx_dissite "$POSTACTIV_DOMAIN_NAME"
remove_certs $POSTACTIV_DOMAIN_NAME remove_certs "$POSTACTIV_DOMAIN_NAME"
if [ -f /etc/cron.hourly/postactiv-daemons ]; then if [ -f /etc/cron.hourly/postactiv-daemons ]; then
rm /etc/cron.hourly/postactiv-daemons rm /etc/cron.hourly/postactiv-daemons
fi fi
if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 2467245248
scripts/stopdaemons.sh scripts/stopdaemons.sh
fi fi
kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1) kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
kill -9 $kill_pid kill -9 "$kill_pid"
if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
rm -rf /var/www/$POSTACTIV_DOMAIN_NAME rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME rm "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME"
fi fi
function_check drop_database function_check drop_database
drop_database postactiv drop_database postactiv
@ -614,17 +619,17 @@ function remove_postactiv {
fi fi
remove_app postactiv remove_app postactiv
remove_completion_param install_postactiv remove_completion_param install_postactiv
sed -i '/postactiv/d' $COMPLETION_FILE sed -i '/postactiv/d' "$COMPLETION_FILE"
remove_backup_database_local postactiv remove_backup_database_local postactiv
sed -i '/postactiv-firewall/d' /etc/crontab sed -i '/postactiv-firewall/d' /etc/crontab
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $POSTACTIV_DOMAIN_NAME remove_ddns_domain "$POSTACTIV_DOMAIN_NAME"
} }
function install_postactiv_main { function install_postactiv_main {
if [ ! $POSTACTIV_DOMAIN_NAME ]; then if [ ! "$POSTACTIV_DOMAIN_NAME" ]; then
echo $'No domain name was given for postactiv' echo $'No domain name was given for postactiv'
exit 7359 exit 7359
fi fi
@ -648,38 +653,38 @@ function install_postactiv_main {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
mkdir /var/www/$POSTACTIV_DOMAIN_NAME mkdir "/var/www/$POSTACTIV_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/postactiv ]; then if [ -d /repos/postactiv ]; then
mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs mkdir "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs cp -r -p /repos/postactiv/. "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone postactiv repo' echo $'Unable to clone postactiv repo'
exit 87525 exit 87525
fi fi
fi fi
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46287462828
git checkout $POSTACTIV_COMMIT -b $POSTACTIV_COMMIT git checkout $POSTACTIV_COMMIT -b $POSTACTIV_COMMIT
set_completion_param "postactiv commit" "$POSTACTIV_COMMIT" set_completion_param "postactiv commit" "$POSTACTIV_COMMIT"
chmod g+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs chmod g+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar"
chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file"
chown -R www-data:www-data /var/www/$POSTACTIV_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
chmod +x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php chmod +x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php"
chmod 755 /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php chmod 755 "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
chmod -x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php chmod -x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
function_check postactiv_create_database function_check postactiv_create_database
postactiv_create_database postactiv_create_database
@ -695,118 +700,118 @@ function install_postactiv_main {
fi fi
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $POSTACTIV_DOMAIN_NAME add_ddns_domain "$POSTACTIV_DOMAIN_NAME"
POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT}) POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $POSTACTIV_DOMAIN_NAME "index index.php" nginx_http_redirect "$POSTACTIV_DOMAIN_NAME" "index index.php"
echo 'server {' >> $postactiv_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $postactiv_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $postactiv_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site echo " server_name $POSTACTIV_DOMAIN_NAME;";
echo '' >> $postactiv_nginx_site echo ''; } >> "$postactiv_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $POSTACTIV_DOMAIN_NAME nginx_compress "$POSTACTIV_DOMAIN_NAME"
echo '' >> $postactiv_nginx_site echo '' >> "$postactiv_nginx_site"
echo ' # Security' >> $postactiv_nginx_site echo ' # Security' >> "$postactiv_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $POSTACTIV_DOMAIN_NAME nginx_ssl "$POSTACTIV_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $postactiv_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Logs' >> $postactiv_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $postactiv_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $postactiv_nginx_site echo ' error_log /dev/null;';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Root' >> $postactiv_nginx_site echo ' # Root';
echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
echo '' >> $postactiv_nginx_site echo '';
echo ' # Index' >> $postactiv_nginx_site echo ' # Index';
echo ' index index.php;' >> $postactiv_nginx_site echo ' index index.php;';
echo '' >> $postactiv_nginx_site echo '';
echo ' # PHP' >> $postactiv_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $postactiv_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $postactiv_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Location' >> $postactiv_nginx_site echo ' # Location';
echo ' location / {' >> $postactiv_nginx_site echo ' location / {'; } >> "$postactiv_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $POSTACTIV_DOMAIN_NAME '15m' nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site { echo " try_files \$uri \$uri/ @postactiv;";
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Fancy URLs' >> $postactiv_nginx_site echo ' # Fancy URLs';
echo ' location @postactiv {' >> $postactiv_nginx_site echo ' location @postactiv {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $postactiv_nginx_site echo ' deny all;';
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '}' >> $postactiv_nginx_site echo '}'; } >> "$postactiv_nginx_site"
else else
echo -n '' > $postactiv_nginx_site echo -n '' > "$postactiv_nginx_site"
fi fi
echo 'server {' >> $postactiv_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site echo " listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
echo " server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site echo " server_name $POSTACTIV_ONION_HOSTNAME;";
echo '' >> $postactiv_nginx_site echo ''; } >> "$postactiv_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
echo '' >> $postactiv_nginx_site echo '' >> "$postactiv_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $POSTACTIV_DOMAIN_NAME nginx_compress "$POSTACTIV_DOMAIN_NAME"
echo '' >> $postactiv_nginx_site { echo '';
echo ' # Logs' >> $postactiv_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $postactiv_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $postactiv_nginx_site echo ' error_log /dev/null;';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Root' >> $postactiv_nginx_site echo ' # Root';
echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
echo '' >> $postactiv_nginx_site echo '';
echo ' # Index' >> $postactiv_nginx_site echo ' # Index';
echo ' index index.php;' >> $postactiv_nginx_site echo ' index index.php;';
echo '' >> $postactiv_nginx_site echo '';
echo ' # PHP' >> $postactiv_nginx_site echo ' # PHP';
echo ' location ~ \.php {' >> $postactiv_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $postactiv_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Location' >> $postactiv_nginx_site echo ' # Location';
echo ' location / {' >> $postactiv_nginx_site echo ' location / {'; } >> "$postactiv_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $POSTACTIV_DOMAIN_NAME '15m' nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site { echo " try_files \$uri \$uri/ @postactiv;";
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Fancy URLs' >> $postactiv_nginx_site echo ' # Fancy URLs';
echo ' location @postactiv {' >> $postactiv_nginx_site echo ' location @postactiv {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '' >> $postactiv_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $postactiv_nginx_site echo ' deny all;';
echo ' }' >> $postactiv_nginx_site echo ' }';
echo '}' >> $postactiv_nginx_site echo '}'; } >> "$postactiv_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $POSTACTIV_DOMAIN_NAME 'yes' create_site_certificate "$POSTACTIV_DOMAIN_NAME" 'yes'
# Ensure that the database gets backed up locally, if remote # Ensure that the database gets backed up locally, if remote
# backups are not being used # backups are not being used
@ -817,7 +822,7 @@ function install_postactiv_main {
backup_database_local postactiv backup_database_local postactiv
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $POSTACTIV_DOMAIN_NAME nginx_ensite "$POSTACTIV_DOMAIN_NAME"
# NOTE: For the typical case always enable SSL and only # NOTE: For the typical case always enable SSL and only
# disable it if in onion only mode. This is due to complexities # disable it if in onion only mode. This is due to complexities
@ -834,8 +839,8 @@ function install_postactiv_main {
# Create the configuration # Create the configuration
postactiv_installer=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts/install_cli.php postactiv_installer=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts/install_cli.php
if [ ! -f $postactiv_installer ]; then if [ ! -f "$postactiv_installer" ]; then
rm -rf /var/www/$POSTACTIV_DOMAIN_NAME rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
echo $'No postactiv commandline installer found' echo $'No postactiv commandline installer found'
exit 53026 exit 53026
fi fi
@ -856,45 +861,45 @@ function install_postactiv_main {
#fi #fi
# check postactiv has a config file # check postactiv has a config file
postactiv_config_file=/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php postactiv_config_file="/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php"
if [ ! -f $postactiv_config_file ]; then if [ ! -f "$postactiv_config_file" ]; then
drop_database postactiv drop_database postactiv
rm -rf /var/www/$POSTACTIV_DOMAIN_NAME rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
echo $'Postactiv config.php not found' echo $'Postactiv config.php not found'
exit 87586 exit 87586
fi fi
# Some useful settings # Some useful settings
if ! grep -q "Recommended postactiv settings" $postactiv_config_file; then if ! grep -q "Recommended postactiv settings" "$postactiv_config_file"; then
echo "" >> $postactiv_config_file { echo "";
echo "// Recommended postactiv settings" >> $postactiv_config_file echo "// Recommended postactiv settings";
echo "\$config['thumbnail']['maxsize'] = 3000;" >> $postactiv_config_file echo "\$config['thumbnail']['maxsize'] = 3000;";
echo "\$config['profile']['delete'] = true;" >> $postactiv_config_file echo "\$config['profile']['delete'] = true;";
echo "\$config['profile']['changenick'] = true;" >> $postactiv_config_file echo "\$config['profile']['changenick'] = true;";
echo "\$config['public']['localonly'] = false;" >> $postactiv_config_file echo "\$config['public']['localonly'] = false;";
echo "addPlugin('StoreRemoteMedia');" >> $postactiv_config_file echo "addPlugin('StoreRemoteMedia');";
echo "\$config['queue']['enabled'] = true;" >> $postactiv_config_file echo "\$config['queue']['enabled'] = true;";
echo "\$config['queue']['daemon'] = true;" >> $postactiv_config_file echo "\$config['queue']['daemon'] = true;";
echo "\$config['ostatus']['hub_retries'] = 3;" >> $postactiv_config_file echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$postactiv_config_file"
fi fi
echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $postactiv_config_file echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$postactiv_config_file"
# This improves performance # This improves performance
sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $postactiv_config_file sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$postactiv_config_file"
# remove the install script # remove the install script
if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
fi fi
systemctl restart mariadb systemctl restart mariadb
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
${PROJECT_NAME}-pass -u $MY_USERNAME -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"
gnusocial_block_user_script gnusocial_block_user_script
gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME" gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
@ -905,7 +910,7 @@ function install_postactiv_main {
} }
function install_postactiv { function install_postactiv {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -925,8 +930,8 @@ function install_postactiv {
install_nodejs pleroma-gnusocial install_nodejs pleroma-gnusocial
install_pleroma_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" install_pleroma_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME" install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
postactiv_customise_logo postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json"
fi fi
expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS" expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS"
@ -940,8 +945,8 @@ function install_postactiv {
# And doesn't forget logins # And doesn't forget logins
gnusocial_use_qvitter postactiv gnusocial_use_qvitter postactiv
if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then if [ "$POSTACTIV_BACKGROUND_IMAGE_URL" ]; then
pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
fi fi
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -56,7 +56,7 @@ function secure_privatebin {
find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550 find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
chown -R ${rootuser}:${htgroup} "${pbpath}/" chown -R ${rootuser}:${htgroup} "${pbpath}/"
chown -R www-data:www-data ${pbdata} chown -R www-data:www-data "${pbdata}"
} }
function logging_on_privatebin { function logging_on_privatebin {
@ -68,63 +68,65 @@ function logging_off_privatebin {
} }
function remove_user_privatebin { function remove_user_privatebin {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_privatebin { function add_user_privatebin {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
function install_interactive_privatebin { function install_interactive_privatebin {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [[ $ONION_ONLY != "no" ]]; then if [[ "$ONION_ONLY" != "no" ]]; then
PRIVATEBIN_DOMAIN_NAME='privatebin.local' PRIVATEBIN_DOMAIN_NAME='privatebin.local'
else else
PRIVATEBIN_DETAILS_COMPLETE= PRIVATEBIN_DETAILS_COMPLETE=
while [ ! $PRIVATEBIN_DETAILS_COMPLETE ] while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \ --title $"PrivateBin Configuration" \
--form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
$"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \ $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \ --title $"PrivateBin Configuration" \
--form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p) PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
PRIVATEBIN_DOMAIN_NAME="" PRIVATEBIN_DOMAIN_NAME=""
fi fi
TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then
PRIVATEBIN_DOMAIN_NAME= PRIVATEBIN_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
PRIVATEBIN_CODE=$(cat $data | sed -n 2p) PRIVATEBIN_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$PRIVATEBIN_CODE" validate_freedns_code "$PRIVATEBIN_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
PRIVATEBIN_DOMAIN_NAME= PRIVATEBIN_DOMAIN_NAME=
fi fi
fi fi
@ -133,6 +135,7 @@ function install_interactive_privatebin {
if [ $PRIVATEBIN_DOMAIN_NAME ]; then if [ $PRIVATEBIN_DOMAIN_NAME ]; then
PRIVATEBIN_DETAILS_COMPLETE="yes" PRIVATEBIN_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE" write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
@ -142,8 +145,9 @@ function install_interactive_privatebin {
} }
function change_password_privatebin { function change_password_privatebin {
curr_username="$1" # curr_username="$1"
new_user_password="$2" # new_user_password="$2"
echo -n ''
} }
function reconfigure_privatebin { function reconfigure_privatebin {
@ -156,13 +160,13 @@ function upgrade_privatebin {
return return
fi fi
if grep -q "privatebin domain" $COMPLETION_FILE; then if grep -q "privatebin domain" "$COMPLETION_FILE"; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi fi
# update to the next commit # update to the next commit
function_check set_repo_commit function_check set_repo_commit
set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
secure_privatebin secure_privatebin
} }
@ -170,40 +174,40 @@ function upgrade_privatebin {
function backup_local_privatebin { function backup_local_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin' PRIVATEBIN_DOMAIN_NAME='privatebin'
if grep -q "privatebin domain" $COMPLETION_FILE; then if grep -q "privatebin domain" "$COMPLETION_FILE"; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi fi
source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
function_check suspend_site function_check suspend_site
suspend_site ${PRIVATEBIN_DOMAIN_NAME} suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
function_check backup_directory_to_usb function_check backup_directory_to_usb
dest_directory=privatebin dest_directory=privatebin
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
} }
function restore_local_privatebin { function restore_local_privatebin {
if ! grep -q "privatebin domain" $COMPLETION_FILE; then if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
return return
fi fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
echo $"Restoring privatebin" echo $"Restoring privatebin"
temp_restore_dir=/root/tempprivatebin temp_restore_dir=/root/tempprivatebin
privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir privatebin restore_directory_from_usb $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$privatebin_dir ]; then if [ -d "$temp_restore_dir$privatebin_dir" ]; then
cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/ cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
else else
cp -rp $temp_restore_dir/* $privatebin_dir/ cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
fi fi
secure_privatebin secure_privatebin
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
@ -215,39 +219,39 @@ function restore_local_privatebin {
function backup_remote_privatebin { function backup_remote_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin' PRIVATEBIN_DOMAIN_NAME='privatebin'
if grep -q "privatebin domain" $COMPLETION_FILE; then if grep -q "privatebin domain" "$COMPLETION_FILE"; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi fi
source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
function_check suspend_site function_check suspend_site
suspend_site ${PRIVATEBIN_DOMAIN_NAME} suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
function_check backup_directory_to_friend function_check backup_directory_to_friend
dest_directory=privatebin dest_directory=privatebin
backup_directory_to_friend $source_directory $dest_directory backup_directory_to_friend "$source_directory" "$dest_directory"
function_check restart_site function_check restart_site
restart_site restart_site
} }
function restore_remote_privatebin { function restore_remote_privatebin {
if ! grep -q "privatebin domain" $COMPLETION_FILE; then if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
return return
fi fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
temp_restore_dir=/root/tempprivatebin temp_restore_dir=/root/tempprivatebin
privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir privatebin restore_directory_from_friend $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$privatebin_dir ]; then if [ -d "$temp_restore_dir$privatebin_dir" ]; then
cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/ cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
else else
cp -rp $temp_restore_dir/* $privatebin_dir/ cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
fi fi
secure_privatebin secure_privatebin
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
@ -262,14 +266,14 @@ function remove_privatebin {
read_config_param "PRIVATEBIN_DOMAIN_NAME" read_config_param "PRIVATEBIN_DOMAIN_NAME"
read_config_param "MY_USERNAME" read_config_param "MY_USERNAME"
echo "Removing $PRIVATEBIN_DOMAIN_NAME" echo "Removing $PRIVATEBIN_DOMAIN_NAME"
nginx_dissite $PRIVATEBIN_DOMAIN_NAME nginx_dissite "$PRIVATEBIN_DOMAIN_NAME"
remove_certs $PRIVATEBIN_DOMAIN_NAME remove_certs "$PRIVATEBIN_DOMAIN_NAME"
if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME"
fi fi
if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then
rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME"
fi fi
function_check remove_onion_service function_check remove_onion_service
remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT} remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
@ -278,18 +282,18 @@ function remove_privatebin {
fi fi
remove_app privatebin remove_app privatebin
remove_completion_param install_privatebin remove_completion_param install_privatebin
sed -i '/privatebin/d' $COMPLETION_FILE sed -i '/privatebin/d' "$COMPLETION_FILE"
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
} }
function install_privatebin { function install_privatebin {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then
echo $'No domain name was given for privatebin' echo $'No domain name was given for privatebin'
exit 7359 exit 7359
fi fi
@ -298,153 +302,153 @@ function install_privatebin {
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
apt-get -yq install php-libsodium libsodium18 php-mcrypt apt-get -yq install php-libsodium libsodium18 php-mcrypt
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME"
fi fi
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/privatebin ]; then if [ -d /repos/privatebin ]; then
mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
fi fi
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone privatebin repo' echo $'Unable to clone privatebin repo'
exit 63763873 exit 63763873
fi fi
fi fi
cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462
git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT"
set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT" set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $PRIVATEBIN_DOMAIN_NAME add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT}) PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php" nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php"
echo 'server {' >> $privatebin_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $privatebin_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $privatebin_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site echo " server_name $PRIVATEBIN_DOMAIN_NAME;";
echo '' >> $privatebin_nginx_site echo ''; } >> "$privatebin_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $PRIVATEBIN_DOMAIN_NAME nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
echo '' >> $privatebin_nginx_site echo '' >> "$privatebin_nginx_site"
echo ' # Security' >> $privatebin_nginx_site echo ' # Security' >> "$privatebin_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $PRIVATEBIN_DOMAIN_NAME nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $privatebin_nginx_site echo '';
echo ' # Logs' >> $privatebin_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $privatebin_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $privatebin_nginx_site echo ' error_log /dev/null;';
echo '' >> $privatebin_nginx_site echo '';
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
echo '' >> $privatebin_nginx_site echo '';
echo ' index index.php;' >> $privatebin_nginx_site echo ' index index.php;';
echo '' >> $privatebin_nginx_site echo '';
echo ' location ~ \.php {' >> $privatebin_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $privatebin_nginx_site echo ' }';
echo '' >> $privatebin_nginx_site echo '';
echo ' # Location' >> $privatebin_nginx_site echo ' # Location';
echo ' location / {' >> $privatebin_nginx_site echo ' location / {'; } >> "$privatebin_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m' nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site { echo " try_files \$uri \$uri/ @privatebin;";
echo ' }' >> $privatebin_nginx_site echo ' }';
echo '' >> $privatebin_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $privatebin_nginx_site echo ' deny all;';
echo ' }' >> $privatebin_nginx_site echo ' }';
echo '}' >> $privatebin_nginx_site echo '}';
echo '' >> $privatebin_nginx_site echo ''; } >> "$privatebin_nginx_site"
else else
echo -n '' > $privatebin_nginx_site echo -n '' > "$privatebin_nginx_site"
fi fi
echo 'server {' >> $privatebin_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;";
echo " server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site echo " server_name $PRIVATEBIN_ONION_HOSTNAME;";
echo '' >> $privatebin_nginx_site echo ''; } >> "$privatebin_nginx_site"
function_check nginx_compress function_check nginx_compress
nginx_compress $PRIVATEBIN_DOMAIN_NAME nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
echo '' >> $privatebin_nginx_site echo '' >> "$privatebin_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
echo '' >> $privatebin_nginx_site { echo '';
echo ' # Logs' >> $privatebin_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $privatebin_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $privatebin_nginx_site echo ' error_log /dev/null;';
echo '' >> $privatebin_nginx_site echo '';
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
echo '' >> $privatebin_nginx_site echo '';
echo ' index index.php;' >> $privatebin_nginx_site echo ' index index.php;';
echo '' >> $privatebin_nginx_site echo '';
echo ' location ~ \.php {' >> $privatebin_nginx_site echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site echo ' fastcgi_read_timeout 30;';
echo ' }' >> $privatebin_nginx_site echo ' }';
echo '' >> $privatebin_nginx_site echo '';
echo ' # Location' >> $privatebin_nginx_site echo ' # Location';
echo ' location / {' >> $privatebin_nginx_site echo ' location / {'; } >> "$privatebin_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m' nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site { echo " try_files \$uri \$uri/ @privatebin;";
echo ' }' >> $privatebin_nginx_site echo ' }';
echo '' >> $privatebin_nginx_site echo '';
echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site echo ' location ~ /\.(ht|git) {';
echo ' deny all;' >> $privatebin_nginx_site echo ' deny all;';
echo ' }' >> $privatebin_nginx_site echo ' }';
echo '}' >> $privatebin_nginx_site echo '}'; } >> "$privatebin_nginx_site"
function_check configure_php function_check configure_php
configure_php configure_php
function_check create_site_certificate function_check create_site_certificate
create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes' create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes'
function_check nginx_ensite function_check nginx_ensite
nginx_ensite $PRIVATEBIN_DOMAIN_NAME nginx_ensite "$PRIVATEBIN_DOMAIN_NAME"
cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
# Change some defaults # Change some defaults
sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|languagedefault =.*|languagedefault = "en"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|limit = 10|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|limit = 300|limit = 0|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|batchsize =.*|batchsize = 100|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
mkdir -p /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
secure_privatebin secure_privatebin

View File

@ -57,12 +57,13 @@ function logging_off_profanity {
} }
function remove_user_profanity { function remove_user_profanity {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_profanity { function add_user_profanity {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
@ -82,19 +83,19 @@ function change_password_profanity {
read_config_param DEFAULT_DOMAIN_NAME read_config_param DEFAULT_DOMAIN_NAME
${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"
# TODO: this is currently interactive. Really there needs to be a # TODO: this is currently interactive. Really there needs to be a
# non-interactive password change option for prosodyctl # non-interactive password change option for prosodyctl
clear clear
echo '' echo ''
echo $'Currently Prosody requires password changes to be done interactively' echo $'Currently Prosody requires password changes to be done interactively'
prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME} prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}"
XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ -f $XMPP_CLIENT_ACCOUNTS ]; then if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
fi fi
} }
@ -110,11 +111,11 @@ function upgrade_profanity {
rm -rf /tmp/* rm -rf /tmp/*
CURR_LIBMESODE_COMMIT=$(cat $COMPLETION_FILE | grep "libmesode commit" | awk -F ':' '{print $2}') CURR_LIBMESODE_COMMIT=$(grep "libmesode commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/libmesode "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO set_repo_commit "$INSTALL_DIR/libmesode" "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
cd $INSTALL_DIR/libmesode cd "$INSTALL_DIR/libmesode" || exit 42682682
./bootstrap.sh ./bootstrap.sh
./configure ./configure
make make
@ -124,42 +125,42 @@ function upgrade_profanity {
rm -rf /tmp/* rm -rf /tmp/*
CURR_PROFANITY_COMMIT=$(cat $COMPLETION_FILE | grep "profanity commit" | awk -F ':' '{print $2}') CURR_PROFANITY_COMMIT=$(grep "profanity commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/profanity "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO set_repo_commit "$INSTALL_DIR/profanity" "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
cd $INSTALL_DIR/profanity cd "$INSTALL_DIR/profanity" || exit 248242684
./bootstrap.sh ./bootstrap.sh
./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
make make
make install make install
fi fi
CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(cat $COMPLETION_FILE | grep "profanity omemo plugin commit" | awk -F ':' '{print $2}') CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(grep "profanity omemo plugin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then
# upgrade omemo plugins for all users # upgrade omemo plugins for all users
set_repo_commit $INSTALL_DIR/profanity-omemo-plugin "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO set_repo_commit "$INSTALL_DIR/profanity-omemo-plugin" "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
cd $INSTALL_DIR/profanity-omemo-plugin cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 2468246284
sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
pip uninstall -y profanity-omemo-plugin pip uninstall -y profanity-omemo-plugin
./install.sh ./install.sh
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME/.local/share/profanity/plugins ]; then if [ ! -d "/home/$USERNAME/.local/share/profanity/plugins" ]; then
mkdir -p /home/$USERNAME/.local/share/profanity/plugins mkdir -p "/home/$USERNAME/.local/share/profanity/plugins"
fi fi
if [ -f $INSTALL_DIR/profanity-omemo-plugin/omemo.py ]; then if [ -f "$INSTALL_DIR/profanity-omemo-plugin/omemo.py" ]; then
rm $INSTALL_DIR/profanity-omemo-plugin/omemo.* rm "$INSTALL_DIR/profanity-omemo-plugin/omemo.*"
fi fi
cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$USERNAME/.local/share/profanity/plugins cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$USERNAME/.local/share/profanity/plugins"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.local chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.local"
fi fi
done done
if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then
rm /etc/skel/.local/share/profanity/plugins/omemo.* rm /etc/skel/.local/share/profanity/plugins/omemo.*
fi fi
cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/etc/skel/.local/share/profanity/plugins"
fi fi
chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_* chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
@ -183,11 +184,11 @@ function restore_remote_profanity {
function remove_profanity { function remove_profanity {
if [ -f /usr/local/bin/profanity ]; then if [ -f /usr/local/bin/profanity ]; then
cd $INSTALL_DIR/profanity cd "$INSTALL_DIR/profanity" || exit 4628462848
make uninstall make uninstall
remove_completion_param install_profanity remove_completion_param install_profanity
sed -i '/profanity/d' $COMPLETION_FILE sed -i '/profanity/d' "$COMPLETION_FILE"
fi fi
} }
@ -197,8 +198,8 @@ function install_profanity {
return return
fi fi
# install profanity from source in order to get OMEMO support # install profanity from source in order to get OMEMO support
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p $INSTALL_DIR mkdir -p "$INSTALL_DIR"
fi fi
apt-get -yq install automake autoconf autoconf-archive libtool build-essential apt-get -yq install automake autoconf autoconf-archive libtool build-essential
@ -207,15 +208,15 @@ function install_profanity {
# dependency for profanity not available in debian # dependency for profanity not available in debian
if [ -d /repos/libmesode ]; then if [ -d /repos/libmesode ]; then
mkdir $INSTALL_DIR/libmesode mkdir "$INSTALL_DIR/libmesode"
cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode cp -r -p /repos/libmesode/. "$INSTALL_DIR/libmesode"
cd $INSTALL_DIR/libmesode cd "$INSTALL_DIR/libmesode" || exit 46287642846872
git pull git pull
else else
git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode git_clone "$LIBMESODE_REPO" "$INSTALL_DIR/libmesode"
fi fi
cd $INSTALL_DIR/libmesode cd "$INSTALL_DIR/libmesode" || exit 2468246284
git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
./bootstrap.sh ./bootstrap.sh
./configure ./configure
@ -225,15 +226,15 @@ function install_profanity {
# build profanity # build profanity
if [ -d /repos/profanity ]; then if [ -d /repos/profanity ]; then
mkdir $INSTALL_DIR/profanity mkdir "$INSTALL_DIR/profanity"
cp -r -p /repos/profanity/. $INSTALL_DIR/profanity cp -r -p /repos/profanity/. "$INSTALL_DIR/profanity"
cd $INSTALL_DIR/profanity cd "$INSTALL_DIR/profanity" || exit 2468246824
git pull git pull
else else
git_clone $PROFANITY_REPO $INSTALL_DIR/profanity git_clone "$PROFANITY_REPO" "$INSTALL_DIR/profanity"
fi fi
cd $INSTALL_DIR/profanity cd "$INSTALL_DIR/profanity" || exit 54287452858
git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
./bootstrap.sh ./bootstrap.sh
./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
@ -249,116 +250,116 @@ function install_profanity {
apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
if [ -d /repos/profanity-omemo ]; then if [ -d /repos/profanity-omemo ]; then
mkdir $INSTALL_DIR/profanity-omemo-plugin mkdir "$INSTALL_DIR/profanity-omemo-plugin"
cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin cp -r -p /repos/profanity-omemo/. "$INSTALL_DIR/profanity-omemo-plugin"
cd $INSTALL_DIR/profanity-omemo-plugin cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 24682462842
git pull git pull
else else
git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin git_clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$INSTALL_DIR/profanity-omemo-plugin"
fi fi
cd $INSTALL_DIR/profanity-omemo-plugin cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 6428468248
git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then if [ ! -f "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" ]; then
echo $'prof_omemo_plugin.py not found' echo $'prof_omemo_plugin.py not found'
exit 389225 exit 389225
fi fi
sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
./install.sh ./install.sh
mkdir -p /etc/skel/.local/share/profanity/plugins mkdir -p /etc/skel/.local/share/profanity/plugins
cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins
cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$MY_USERNAME/.local/share/profanity/plugins cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$MY_USERNAME/.local/share/profanity/plugins"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ ! -d $XMPP_CLIENT_DIR ]; then if [ ! -d "$XMPP_CLIENT_DIR" ]; then
mkdir -p $XMPP_CLIENT_DIR mkdir -p "$XMPP_CLIENT_DIR"
fi fi
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname) XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME") #MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS { echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]";
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS echo 'enabled=true';
echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}";
echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS echo "server=$XMPP_ONION_HOSTNAME";
# There is a bug where profanity doesn't refresh the screen # There is a bug where profanity doesn't refresh the screen
# after gpg-agent has asked for a password, so for now # after gpg-agent has asked for a password, so for now
# don't set the gpg key by default # don't set the gpg key by default
#echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS echo "pgp.keyid=";
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS echo 'resource=profanity';
echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}";
echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS echo "muc.nick=${MY_USERNAME}";
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS echo 'presence.last=online';
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS echo 'presence.login=online';
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.online=0';
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.chat=0';
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.away=0';
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.xa=0';
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
if [ ${#XMPP_PASSWORD} -gt 2 ]; then if [ ${#XMPP_PASSWORD} -gt 2 ]; then
echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
fi fi
fi fi
if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> "$XMPP_CLIENT_ACCOUNTS"
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS echo 'enabled=false' >> "$XMPP_CLIENT_ACCOUNTS"
else else
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS echo 'enabled=true' >> "$XMPP_CLIENT_ACCOUNTS"
fi fi
echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS { echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}";
echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS echo "server=$XMPP_ONION_HOSTNAME";
# There is a bug where profanity doesn't refresh the screen # There is a bug where profanity doesn't refresh the screen
# after gpg-agent has asked for a password, so for now # after gpg-agent has asked for a password, so for now
# don't set the gpg key by default # don't set the gpg key by default
#echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS echo "pgp.keyid=";
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS echo 'resource=profanity';
echo "muc.service=${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS echo "muc.service=${XMPP_ONION_HOSTNAME}";
echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS echo "muc.nick=${MY_USERNAME}";
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS echo 'presence.last=online';
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS echo 'presence.login=online';
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.online=0';
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.chat=0';
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.away=0';
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.xa=0';
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS echo 'priority.dnd=0'; } >> "$XMPP_CLIENT_ACCOUNTS"
if [ ${#XMPP_PASSWORD} -gt 2 ]; then if [ ${#XMPP_PASSWORD} -gt 2 ]; then
echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
fi fi
fi fi
if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then if [ ! -d "/home/$MY_USERNAME/.config/profanity" ]; then
mkdir -p /home/$MY_USERNAME/.config/profanity mkdir -p "/home/$MY_USERNAME/.config/profanity"
fi fi
echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc echo '[connection]' > "/home/$MY_USERNAME/.config/profanity/profrc"
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
else else
echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
fi fi
echo '' >> /home/$MY_USERNAME/.config/profanity/profrc { echo '';
echo '[plugins]' >> /home/$MY_USERNAME/.config/profanity/profrc echo '[plugins]';
echo 'load=prof_omemo_plugin.py;' >> /home/$MY_USERNAME/.config/profanity/profrc echo 'load=prof_omemo_plugin.py;';
echo '' >> /home/$MY_USERNAME/.config/profanity/profrc echo '';
echo '[otr]' >> /home/$MY_USERNAME/.config/profanity/profrc echo '[otr]';
echo 'policy=opportunistic' >> /home/$MY_USERNAME/.config/profanity/profrc echo 'policy=opportunistic';
echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc echo 'log=off';
echo '' >> /home/$MY_USERNAME/.config/profanity/profrc echo '';
echo '[pgp]' >> /home/$MY_USERNAME/.config/profanity/profrc echo '[pgp]';
echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc echo 'log=off';
echo '' >> /home/$MY_USERNAME/.config/profanity/profrc echo '';
echo '[ui]' >> /home/$MY_USERNAME/.config/profanity/profrc echo '[ui]';
echo 'enc.warn=true' >> /home/$MY_USERNAME/.config/profanity/profrc echo 'enc.warn=true'; } >> "/home/$MY_USERNAME/.config/profanity/profrc"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_* chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -61,15 +61,15 @@ function logging_off_radicale {
function remove_user_radicale { function remove_user_radicale {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp radicale "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale
if grep -q "${remove_username}:" ${RADICALE_USERS}; then if grep -q "${remove_username}:" ${RADICALE_USERS}; then
sed -i "/${remove_username}:/d" ${RADICALE_USERS} sed -i "/${remove_username}:/d" ${RADICALE_USERS}
if [ -d /var/www/radicale/collections/${remove_username} ]; then if [ -d "/var/www/radicale/collections/${remove_username}" ]; then
rm -rf /var/www/radicale/collections/${remove_username} rm -rf "/var/www/radicale/collections/${remove_username}"
fi fi
if [ -f /var/www/radicale/collections/${remove_username}.props ]; then if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then
rm /var/www/radicale/collections/${remove_username}.props rm "/var/www/radicale/collections/${remove_username}.props"
fi fi
systemctl restart radicale systemctl restart radicale
fi fi
@ -79,7 +79,7 @@ function add_user_radicale {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a radicale -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password"
if [ ! -f ${RADICALE_USERS} ]; then if [ ! -f ${RADICALE_USERS} ]; then
touch ${RADICALE_USERS} touch ${RADICALE_USERS}
@ -88,13 +88,13 @@ function add_user_radicale {
if ! grep -q "$new_username:" ${RADICALE_USERS}; then if ! grep -q "$new_username:" ${RADICALE_USERS}; then
htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password" htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password"
echo '{"ICAL:calendar-color": "#9e50df"}' > /var/www/radicale/collections/${new_username}.props echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props"
mkdir /var/www/radicale/collections/${new_username} mkdir "/var/www/radicale/collections/${new_username}"
echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > /var/www/radicale/collections/${new_username}/calendar.props echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props"
echo 'BEGIN:VCALENDAR' > /var/www/radicale/collections/${new_username}/calendar { echo 'BEGIN:VCALENDAR';
echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN' >> /var/www/radicale/collections/${new_username}/calendar echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN';
echo 'VERSION:2.0' >> /var/www/radicale/collections/${new_username}/calendar echo 'VERSION:2.0';
echo 'END:VCALENDAR' >> /var/www/radicale/collections/${new_username}/calendar echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar"
chown -R www-data:www-data /var/www/radicale chown -R www-data:www-data /var/www/radicale
chmod -R 755 /var/www/radicale/* chmod -R 755 /var/www/radicale/*
@ -107,7 +107,7 @@ function change_password_radicale {
existing_username="$1" existing_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $existing_username -a radicale -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password"
if grep -q "${existing_username}:" ${RADICALE_USERS}; then if grep -q "${existing_username}:" ${RADICALE_USERS}; then
sed -i "/${existing_username}:/d" ${RADICALE_USERS} sed -i "/${existing_username}:/d" ${RADICALE_USERS}
@ -127,14 +127,14 @@ function reconfigure_radicale {
rm -rf /var/log/radicale/* rm -rf /var/log/radicale/*
# create an admin password # create an admin password
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD" add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
touch /var/log/radicale/radicale.log touch /var/log/radicale/radicale.log
chown -R www-data:www-data /var/log/radicale chown -R www-data:www-data /var/log/radicale
@ -145,7 +145,7 @@ function upgrade_radicale {
return return
fi fi
if ! grep -q "radicale version:" $COMPLETION_FILE; then if ! grep -q "radicale version:" "$COMPLETION_FILE"; then
return return
fi fi
@ -155,7 +155,7 @@ function upgrade_radicale {
fi fi
# get the source # get the source
cd /var/www/radicale cd /var/www/radicale || exit 62784628468
wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
# check the hash # check the hash
@ -170,7 +170,7 @@ function upgrade_radicale {
exit 73529 exit 73529
fi fi
rm Radicale-${RADICALE_VERSION}.tar.gz rm Radicale-${RADICALE_VERSION}.tar.gz
cd Radicale-${RADICALE_VERSION} cd "Radicale-${RADICALE_VERSION}" || exit 264824684
# move the old command # move the old command
mv /usr/local/bin/radicale /usr/local/bin/radicale_previous mv /usr/local/bin/radicale /usr/local/bin/radicale_previous
@ -186,9 +186,9 @@ function upgrade_radicale {
fi fi
# remove the old source # remove the old source
rm -rf Radicale-${CURR_RADICALE_VERSION} rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282
sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" ${COMPLETION_FILE} sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}"
chown -R www-data:www-data /var/www/radicale chown -R www-data:www-data /var/www/radicale
systemctl restart radicale systemctl restart radicale
systemctl restart nginx systemctl restart nginx
@ -219,6 +219,7 @@ function restore_local_radicale {
else else
cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/ cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive function_check backup_unmount_drive
backup_unmount_drive backup_unmount_drive
@ -233,6 +234,7 @@ function restore_local_radicale {
else else
cp -r $temp_restore_dir/* /var/www/radicale/* cp -r $temp_restore_dir/* /var/www/radicale/*
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive function_check backup_unmount_drive
backup_unmount_drive backup_unmount_drive
@ -264,6 +266,7 @@ function restore_remote_radicale {
else else
cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/ cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 236746 exit 236746
fi fi
@ -276,6 +279,7 @@ function restore_remote_radicale {
else else
cp -r $temp_restore_dir/* /var/www/radicale cp -r $temp_restore_dir/* /var/www/radicale
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 3674284 exit 3674284
fi fi
@ -332,17 +336,17 @@ function remove_radicale {
fi fi
remove_completion_param install_radicale remove_completion_param install_radicale
sed -i '/radicale/d' $COMPLETION_FILE sed -i '/radicale/d' "$COMPLETION_FILE"
sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
systemctl restart nginx systemctl restart nginx
} }
function install_radicale { function install_radicale {
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
# obtain a cert for the default domain # obtain a cert for the default domain
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
echo $'Obtaining certificate for the main domain' echo $'Obtaining certificate for the main domain'
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
fi fi
fi fi
@ -368,7 +372,7 @@ function install_radicale {
fi fi
# get the source # get the source
cd /var/www/radicale cd /var/www/radicale || exit 462874628
wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
# check the hash # check the hash
@ -383,7 +387,7 @@ function install_radicale {
exit 623252 exit 623252
fi fi
rm Radicale-${RADICALE_VERSION}.tar.gz rm Radicale-${RADICALE_VERSION}.tar.gz
cd Radicale-${RADICALE_VERSION} cd "Radicale-${RADICALE_VERSION}" || exit 872462842
python setup.py install python setup.py install
if [ ! -f /usr/local/bin/radicale ]; then if [ ! -f /usr/local/bin/radicale ]; then
echo $'Radicale did not install' echo $'Radicale did not install'
@ -398,52 +402,52 @@ function install_radicale {
fi fi
# create the configuration # create the configuration
echo '[server]' > ${RADICALE_DIRECTORY}/config { echo '[server]';
echo 'hosts=localhost:52322' >> ${RADICALE_DIRECTORY}/config echo 'hosts=localhost:52322';
echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config echo 'ssl = False';
echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config echo 'daemon = False';
echo 'base_prefix=/radicale/' >> ${RADICALE_DIRECTORY}/config echo 'base_prefix=/radicale/';
echo '' >> ${RADICALE_DIRECTORY}/config echo '';
echo '[storage]' >> ${RADICALE_DIRECTORY}/config echo '[storage]';
echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config echo 'type = filesystem';
echo "filesystem_folder = /var/www/radicale/collections" >> ${RADICALE_DIRECTORY}/config echo "filesystem_folder = /var/www/radicale/collections";
echo '' >> ${RADICALE_DIRECTORY}/config echo '';
echo '[well-known]' >> ${RADICALE_DIRECTORY}/config echo '[well-known]';
echo "caldav = '/%(user)s/caldav/'" >> ${RADICALE_DIRECTORY}/config echo "caldav = '/%(user)s/caldav/'";
echo "carddav = '/%(user)s/carddav/'" >> ${RADICALE_DIRECTORY}/config echo "carddav = '/%(user)s/carddav/'";
echo '' >> ${RADICALE_DIRECTORY}/config echo '';
echo '#[auth]' >> ${RADICALE_DIRECTORY}/config echo '#[auth]';
echo '#imap_hostname = localhost' >> ${RADICALE_DIRECTORY}/config echo '#imap_hostname = localhost';
echo '#imap_port = 143' >> ${RADICALE_DIRECTORY}/config echo '#imap_port = 143';
echo '#imap_ssl = False' >> ${RADICALE_DIRECTORY}/config echo '#imap_ssl = False';
echo '' >> ${RADICALE_DIRECTORY}/config echo '';
echo '[logging]' >> ${RADICALE_DIRECTORY}/config echo '[logging]';
echo 'debug = False' >> ${RADICALE_DIRECTORY}/config echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config"
# create an admin password # create an admin password
if [ ${#RADICALE_PASSWORD} -lt 8 ]; then if [ ${#RADICALE_PASSWORD} -lt 8 ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD" add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
echo '[Unit]' > /etc/systemd/system/radicale.service { echo '[Unit]';
echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service echo 'Description=Radicale CalDAV Server';
echo 'After=network.target' >> /etc/systemd/system/radicale.service echo 'After=network.target';
echo '' >> /etc/systemd/system/radicale.service echo '';
echo '[Service]' >> /etc/systemd/system/radicale.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/radicale.service echo 'Type=simple';
echo 'User=www-data' >> /etc/systemd/system/radicale.service echo 'User=www-data';
echo 'Group=www-data' >> /etc/systemd/system/radicale.service echo 'Group=www-data';
echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config";
echo 'Restart=on-failure' >> /etc/systemd/system/radicale.service echo 'Restart=on-failure';
echo 'RestartSec=10' >> /etc/systemd/system/radicale.service echo 'RestartSec=10';
echo '' >> /etc/systemd/system/radicale.service echo '';
echo '[Install]' >> /etc/systemd/system/radicale.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service
addresses_str=$"Addresses" addresses_str=$"Addresses"
echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props
@ -461,107 +465,107 @@ function install_radicale {
systemctl enable radicale systemctl enable radicale
systemctl start radicale systemctl start radicale
if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
# create a new site config # create a new site config
RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT}) RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT})
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
echo 'server {' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} { echo 'server {';
echo " listen 443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " listen 443 ssl;";
echo " #listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " #listen [::]:443 ssl;";
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} { echo '';
echo " server_name ${DEFAULT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " server_name ${DEFAULT_DOMAIN_NAME};";
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' error_log /dev/null;';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' # Start radicale';
echo ' location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location @radicale {';
echo ' auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' auth_basic "Radicale";';
echo ' auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' auth_basic_user_file /var/www/radicale/users;';
echo ' proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' proxy_pass http://localhost:52322;';
echo ' proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' proxy_buffering off;';
echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header X-Forwarded-Proto \$scheme;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location /radicale {';
echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " try_files \$uri @radicale;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location /.well-known/carddav {';
echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " try_files \$uri @radicale;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location /.well-known/caldav {';
echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " try_files \$uri @radicale;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo ' # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' # End radicale';
echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '}';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
else else
echo -n '' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
fi fi
echo 'server {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} { echo 'server {';
echo " listen localhost:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " listen localhost:${RADICALE_ONION_PORT} default_server;";
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo " server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " server_name ${RADICALE_ONION_HOSTNAME};";
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' error_log /dev/null;';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' # Start radicale';
echo ' location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location @radicale {';
echo ' auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' auth_basic "Radicale";';
echo ' auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' auth_basic_user_file /var/www/radicale/users;';
echo ' proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' proxy_pass http://localhost:52322;';
echo ' proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' proxy_buffering off;';
echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " proxy_set_header X-Forwarded-Proto \$scheme;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location /radicale {';
echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " try_files \$uri @radicale;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location /.well-known/carddav {';
echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " try_files \$uri @radicale;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '';
echo ' location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' location /.well-known/caldav {';
echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo " try_files \$uri @radicale;";
echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' }';
echo ' # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo ' # End radicale';
echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}" set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
else else
# alter the existing site config # alter the existing site config
if ! grep -q "# Start radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
sed -i '/]:443/a # Start radicale\n location @radicale {\n auth_basic "Radicale";\n auth_basic_user_file \/var\/www\/radicale\/users;\n proxy_pass http:\/\/localhost:52322;\n proxy_buffering off;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }\n\n location \/radicale {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/carddav {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/caldav {\n try_files $uri @radicale;\n }\n # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} sed -i "/]:443/a # Start radicale\\n location @radicale {\\n auth_basic \"Radicale\";\\n auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n proxy_pass http:\\/\\/localhost:52322;\\n proxy_buffering off;\\n proxy_set_header Host \$host;\\n proxy_set_header X-Real-IP \$remote_addr;\\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n proxy_set_header X-Forwarded-Proto \$scheme;\\n }\\n\\n location \\/radicale {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/carddav {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/caldav {\\n try_files \$uri @radicale;\\n }\\n # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
sed -i '/listen localhost/a # Start radicale\n location @radicale {\n auth_basic "Radicale";\n auth_basic_user_file \/var\/www\/radicale\/users;\n proxy_pass http:\/\/localhost:52322;\n proxy_buffering off;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }\n\n location \/radicale {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/carddav {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/caldav {\n try_files $uri @radicale;\n }\n # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} sed -i "/listen localhost/a # Start radicale\\n location @radicale {\\n auth_basic \"Radicale\";\\n auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n proxy_pass http:\\/\\/localhost:52322;\\n proxy_buffering off;\\n proxy_set_header Host \$host;\\n proxy_set_header X-Real-IP \$remote_addr;\\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n proxy_set_header X-Forwarded-Proto \$scheme;\\n }\\n\\n location \\/radicale {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/carddav {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/caldav {\\n try_files \$uri @radicale;\\n }\\n # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
fi fi
fi fi
# create a certificate # create a certificate
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH} "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}"
check_certificates $DEFAULT_DOMAIN_NAME check_certificates "$DEFAULT_DOMAIN_NAME"
fi fi
fi fi
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
fi fi
@ -572,13 +576,13 @@ function install_radicale {
systemctl restart nginx systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
# keep track of the version so we can check for upgrades # keep track of the version so we can check for upgrades
if ! grep -q "radicale version:" ${COMPLETION_FILE}; then if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then
echo "radicale version:${RADICALE_VERSION}" >> ${COMPLETION_FILE} echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}"
else else
sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" ${COMPLETION_FILE} sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}"
fi fi
APP_INSTALLED=1 APP_INSTALLED=1

View File

@ -76,39 +76,40 @@ function install_interactive_riot {
RIOT_DETAILS_COMPLETE= RIOT_DETAILS_COMPLETE=
while [ ! $RIOT_DETAILS_COMPLETE ] while [ ! $RIOT_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Riot Web user interface for Matrix" \ --title $"Riot Web user interface for Matrix" \
--form $"\nPlease enter your details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \ --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
$"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
$"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \ $"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
2> $data 2> "$data"
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Riot Web user interface for Matrix" \ --title $"Riot Web user interface for Matrix" \
--form $"\nPlease enter your details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \ --form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
$"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
RIOT_DOMAIN_NAME=$(cat $data | sed -n 1p) RIOT_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ $RIOT_DOMAIN_NAME ]; then if [ "$RIOT_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $RIOT_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$RIOT_DOMAIN_NAME" ]]; then
RIOT_DOMAIN_NAME= RIOT_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
RIOT_CODE=$(cat $data | sed -n 2p) RIOT_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$RIOT_CODE" validate_freedns_code "$RIOT_CODE"
if [ ! $VALID_CODE ]; then if [ ! "$VALID_CODE" ]; then
RIOT_DOMAIN_NAME= RIOT_DOMAIN_NAME=
fi fi
fi fi
@ -117,6 +118,7 @@ function install_interactive_riot {
if [ $RIOT_DOMAIN_NAME ]; then if [ $RIOT_DOMAIN_NAME ]; then
RIOT_DETAILS_COMPLETE="yes" RIOT_DETAILS_COMPLETE="yes"
fi fi
rm -f "$data"
done done
# save the results in the config file # save the results in the config file
@ -132,14 +134,14 @@ function reconfigure_riot {
function riot_download { function riot_download {
# download # download
if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
wget ${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz -O $INSTALL_DIR/${RIOT_FILENAME}.tar.gz wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz"
fi fi
if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
echo $'Unable to download Riot Web from releases' echo $'Unable to download Riot Web from releases'
exit 62836 exit 62836
fi fi
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 2468724628
# check the hash # check the hash
curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}') curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}')
@ -149,17 +151,17 @@ function riot_download {
fi fi
tar -xzvf ${RIOT_FILENAME}.tar.gz tar -xzvf ${RIOT_FILENAME}.tar.gz
if [ ! -d $INSTALL_DIR/${RIOT_FILENAME} ]; then if [ ! -d "$INSTALL_DIR/${RIOT_FILENAME}" ]; then
echo $'Unable to extract Riot Web tarball' echo $'Unable to extract Riot Web tarball'
exit 542826 exit 542826
fi fi
cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs cp -r "$INSTALL_DIR/${RIOT_FILENAME}/*" "/var/www/$RIOT_DOMAIN_NAME/htdocs"
chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs"
} }
function upgrade_riot { function upgrade_riot {
if ! grep -q 'riot version:' $COMPLETION_FILE; then if ! grep -q 'riot version:' "$COMPLETION_FILE"; then
return return
fi fi
@ -171,7 +173,7 @@ function upgrade_riot {
fi fi
riot_download riot_download
sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE} sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}"
riot_remove_bad_links riot_remove_bad_links
systemctl restart nginx systemctl restart nginx
@ -207,7 +209,7 @@ function remove_riot {
fi fi
remove_completion_param install_riot remove_completion_param install_riot
sed -i '/riot /d' $COMPLETION_FILE sed -i '/riot /d' "$COMPLETION_FILE"
} }
function install_riot { function install_riot {
@ -216,7 +218,7 @@ function install_riot {
fi fi
# check that matrix has been installed # check that matrix has been installed
if [ ! $MATRIX_DOMAIN_NAME ]; then if [ ! "$MATRIX_DOMAIN_NAME" ]; then
exit 687292 exit 687292
fi fi
if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then
@ -235,32 +237,32 @@ function install_riot {
mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs
fi fi
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir $INSTALL_DIR mkdir "$INSTALL_DIR"
fi fi
riot_download riot_download
cd /var/www/$RIOT_DOMAIN_NAME/htdocs cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 4628462876
if [[ $ONION_ONLY == 'no' ]]; then if [[ "$ONION_ONLY" == 'no' ]]; then
riot_config_file="config.${RIOT_DOMAIN_NAME}.json" riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
cp config.sample.json $riot_config_file cp config.sample.json $riot_config_file
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," "$riot_config_file"
else else
riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json" riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
cp config.sample.json $riot_config_file cp config.sample.json "$riot_config_file"
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," "$riot_config_file"
fi fi
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" "$riot_config_file"
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" "$riot_config_file"
sed -i 's|https://piwik.riot.im/||g' $riot_config_file sed -i 's|https://piwik.riot.im/||g' "$riot_config_file"
RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT}) RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
@ -268,68 +270,68 @@ function install_riot {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $RIOT_DOMAIN_NAME nginx_http_redirect $RIOT_DOMAIN_NAME
echo 'server {' >> $riot_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $riot_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $riot_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $RIOT_DOMAIN_NAME;" >> $riot_nginx_site echo " server_name $RIOT_DOMAIN_NAME;";
echo '' >> $riot_nginx_site echo '';
echo ' # Security' >> $riot_nginx_site echo ' # Security'; } >> $riot_nginx_site
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $RIOT_DOMAIN_NAME nginx_ssl $RIOT_DOMAIN_NAME
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $RIOT_DOMAIN_NAME nginx_disable_sniffing $RIOT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $riot_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $riot_nginx_site echo '';
echo ' # Logs' >> $riot_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $riot_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $riot_nginx_site echo ' error_log /dev/null;';
echo '' >> $riot_nginx_site echo '';
echo ' # Root' >> $riot_nginx_site echo ' # Root';
echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
echo '' >> $riot_nginx_site echo '';
echo ' index index.html;' >> $riot_nginx_site echo ' index index.html;';
echo '' >> $riot_nginx_site echo '';
echo ' location / {' >> $riot_nginx_site echo ' location / {'; } >> $riot_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $RIOT_DOMAIN_NAME '15m' nginx_limits $RIOT_DOMAIN_NAME '15m'
echo ' }' >> $riot_nginx_site { echo ' }';
echo '}' >> $riot_nginx_site echo '}';
echo '' >> $riot_nginx_site echo ''; } >> $riot_nginx_site
else else
echo -n '' > $riot_nginx_site echo -n '' > $riot_nginx_site
fi fi
echo 'server {' >> $riot_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$RIOT_ONION_PORT default_server;" >> $riot_nginx_site echo " listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
echo " server_name $RIOT_ONION_HOSTNAME;" >> $riot_nginx_site echo " server_name $RIOT_ONION_HOSTNAME;";
echo '' >> $riot_nginx_site echo ''; } >> $riot_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $RIOT_DOMAIN_NAME nginx_disable_sniffing $RIOT_DOMAIN_NAME
echo '' >> $riot_nginx_site { echo '';
echo ' # Logs' >> $riot_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $riot_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $riot_nginx_site echo ' error_log /dev/null;';
echo '' >> $riot_nginx_site echo '';
echo ' # Root' >> $riot_nginx_site echo ' # Root';
echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
echo '' >> $riot_nginx_site echo '';
echo ' index index.html;' >> $riot_nginx_site echo ' index index.html;';
echo '' >> $riot_nginx_site echo '';
echo ' location / {' >> $riot_nginx_site echo ' location / {'; } >> $riot_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $RIOT_DOMAIN_NAME '15m' nginx_limits $RIOT_DOMAIN_NAME '15m'
echo ' }' >> $riot_nginx_site echo ' }' >> "$riot_nginx_site"
echo '}' >> $riot_nginx_site echo '}' >> "$riot_nginx_site"
sed '/Content-Security-Policy/d' $riot_nginx_site sed '/Content-Security-Policy/d' "$riot_nginx_site"
sed -i 's| DENY;| SAMEORIGIN;|g' $riot_nginx_site sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site"
sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' $riot_nginx_site sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site"
sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' $riot_nginx_site sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' "$riot_nginx_site"
function_check create_site_certificate function_check create_site_certificate
if [ ! -f /etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem ]; then if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then
create_site_certificate $RIOT_DOMAIN_NAME 'yes' create_site_certificate "$RIOT_DOMAIN_NAME" 'yes'
fi fi
function_check nginx_ensite function_check nginx_ensite
@ -344,10 +346,10 @@ function install_riot {
systemctl restart nginx systemctl restart nginx
set_completion_param "riot domain" "$RIOT_DOMAIN_NAME" set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"
if ! grep -q "riot version:" ${COMPLETION_FILE}; then if ! grep -q "riot version:" "${COMPLETION_FILE}"; then
echo "riot version:${RIOT_VERSION}" >> ${COMPLETION_FILE} echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}"
else else
sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" ${COMPLETION_FILE} sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}"
fi fi
APP_INSTALLED=1 APP_INSTALLED=1
} }

View File

@ -62,12 +62,13 @@ function logging_off_rss {
} }
function remove_user_rss { function remove_user_rss {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_rss { function add_user_rss {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
@ -77,26 +78,27 @@ function install_interactive_rss {
} }
function change_password_rss { function change_password_rss {
curr_username="$1" echo -n ''
new_user_password="$2" # curr_username="$1"
# new_user_password="$2"
#${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password" #${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password"
} }
function rss_create_database { function rss_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else else
if [ ! $RSS_READER_ADMIN_PASSWORD ]; then if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi fi
fi fi
if [ ! $RSS_READER_ADMIN_PASSWORD ]; then if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
return return
fi fi
function_check create_database function_check create_database
create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME create_database ttrss "$RSS_READER_ADMIN_PASSWORD" "$MY_USERNAME"
} }
function reconfigure_rss { function reconfigure_rss {
@ -131,8 +133,8 @@ function upgrade_rss {
# remove any previous install # remove any previous install
if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
sed -i '/rss mobile reader commit/d' $COMPLETION_FILE sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
rm -rf $RSS_READER_PATH/g2ttree-mobile rm -rf $RSS_READER_PATH/g2ttree-mobile
fi fi
fi fi
@ -184,6 +186,7 @@ function restore_local_rss {
fi fi
cp -r $temp_restore_dir/* /etc/share/tt-rss/ cp -r $temp_restore_dir/* /etc/share/tt-rss/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -193,12 +196,12 @@ function restore_local_rss {
exit 528823 exit 528823
fi fi
if [ -d /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME} ]; then if [ -d /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${2}.key ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${2}.key"
ln -s /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${2}.pem ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${2}.pem"
else else
# Ensure that the bundled SSL cert is being used # Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${RSS_READER_DOMAIN_NAME}.bundle.crt ]; then if [ -f /etc/ssl/certs/${RSS_READER_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${2} sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${2}"
fi fi
fi fi
fi fi
@ -207,14 +210,14 @@ function restore_local_rss {
function_check rss_modifications function_check rss_modifications
rss_modifications rss_modifications
if [ -d $USB_MOUNT/backup/ttrss ]; then if [ -d "$USB_MOUNT/backup/ttrss" ]; then
chown -R www-data:www-data /etc/share/tt-rss chown -R www-data:www-data /etc/share/tt-rss
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
MARIADB_PASSWORD= MARIADB_PASSWORD=
} }
@ -245,7 +248,7 @@ function backup_remote_rss {
function restore_remote_rss { function restore_remote_rss {
temp_restore_dir=/root/tempttrss temp_restore_dir=/root/tempttrss
if grep -q "rss reader domain" $COMPLETION_FILE; then if grep -q "rss reader domain" "$COMPLETION_FILE"; then
echo $"Restoring ttrss" echo $"Restoring ttrss"
function_check get_mariadb_password function_check get_mariadb_password
get_mariadb_password get_mariadb_password
@ -263,6 +266,7 @@ function restore_remote_rss {
fi fi
cp -r $temp_restore_dir/* /etc/share/tt-rss/ cp -r $temp_restore_dir/* /etc/share/tt-rss/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 6391 exit 6391
fi fi
@ -280,14 +284,14 @@ function restore_remote_rss {
function_check rss_modifications function_check rss_modifications
rss_modifications rss_modifications
if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then if [ -d "$SERVER_DIRECTORY/backup/ttrss" ]; then
chown -R www-data:www-data /etc/share/tt-rss chown -R www-data:www-data /etc/share/tt-rss
fi fi
if [ -d /root/tempttrss ]; then if [ -d /root/tempttrss ]; then
rm -rf /root/tempttrss rm -rf /root/tempttrss
fi fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
MARIADB_PASSWORD= MARIADB_PASSWORD=
@ -313,9 +317,9 @@ function remove_rss {
function_check drop_database function_check drop_database
drop_database ttrss drop_database ttrss
remove_completion_param install_rss remove_completion_param install_rss
sed -i '/RSS /d' $COMPLETION_FILE sed -i '/RSS /d' "$COMPLETION_FILE"
sed -i '/rss /d' $COMPLETION_FILE sed -i '/rss /d' "$COMPLETION_FILE"
sed -i '/rss_/d' $COMPLETION_FILE sed -i '/rss_/d' "$COMPLETION_FILE"
remove_backup_database_local ttrss remove_backup_database_local ttrss
} }
@ -329,15 +333,15 @@ function rss_modifications {
# ensure that socks5 proxy is used # ensure that socks5 proxy is used
if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then
sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php"
rss_modified=1 rss_modified=1
fi fi
if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then
sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php"
rss_modified=1 rss_modified=1
fi fi
if [ $rss_modified ]; then if [ $rss_modified ]; then
cd $RSS_READER_PATH cd $RSS_READER_PATH || exit 564286428
git commit -a -m"Modify for Tor proxying" git commit -a -m"Modify for Tor proxying"
fi fi
chown -R www-data:www-data $RSS_READER_PATH chown -R www-data:www-data $RSS_READER_PATH
@ -358,12 +362,12 @@ function install_rss_main {
if [ ! -d /etc/share ]; then if [ ! -d /etc/share ]; then
mkdir /etc/share mkdir /etc/share
fi fi
cd /etc/share cd /etc/share || exit 46284628
if [ -d /repos/rss ]; then if [ -d /repos/rss ]; then
mkdir tt-rss mkdir tt-rss
cp -r -p /repos/rss/. tt-rss cp -r -p /repos/rss/. tt-rss
cd tt-rss cd tt-rss || exit 462846822
git pull git pull
else else
function_check git_clone function_check git_clone
@ -374,7 +378,7 @@ function install_rss_main {
echo $'Could not clone RSS reader repo' echo $'Could not clone RSS reader repo'
exit 52925 exit 52925
fi fi
cd $RSS_READER_PATH cd $RSS_READER_PATH || exit 42479825792593
git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
set_completion_param "rss reader commit" "$RSS_READER_COMMIT" set_completion_param "rss reader commit" "$RSS_READER_COMMIT"
@ -397,151 +401,151 @@ function install_rss_main {
USE_V2_ONION_ADDRESS=1 USE_V2_ONION_ADDRESS=1
RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT}) RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME { echo 'server {';
echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;";
echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;";
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' error_log /dev/null;';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' root /etc/share/ttrss-mobile;';
echo ' index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' index index.html index.php;';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location / {';
echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " try_files \$uri \$uri/ @ttrss;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo ' location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location /tt-rss {';
echo ' try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " try_files \$uri \$uri/ @ttrss_base;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location @ttrss {';
echo ' rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " rewrite ^(.*)\$ /index.html?p=\$1 last;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo ' location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location @ttrss_base {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location ~ /\.(git) {';
echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Frame-Options SAMEORIGIN;';
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;';
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' client_max_body_size 15m;';
echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '}';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo 'server {';
echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;";
echo " server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " server_name $RSS_READER_ONION_HOSTNAME;";
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' error_log /dev/null;';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' root /etc/share/tt-rss;';
echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' index index.php;';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' fastcgi_read_timeout 30;';
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " set \$mobile_rewrite do_not_perform;";
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' ## chi http_user_agent for mobile / smart phones ##';
echo ' if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {";
echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " set \$mobile_rewrite perform;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {";
echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " set \$mobile_rewrite perform;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " if (\$mobile_rewrite = perform) {";
echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;";
echo ' break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' break;';
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location / {';
echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " try_files \$uri \$uri/ @ttrss;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location @ttrss {';
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location ~ /\.(git) {';
echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' deny all;';
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }';
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Frame-Options SAMEORIGIN;';
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;';
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' client_max_body_size 15m;';
echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME"
if [ ! -f $RSS_READER_PATH/config.php ]; then if [ ! -f $RSS_READER_PATH/config.php ]; then
# generate a config file # generate a config file
RSS_FEED_CRYPT_KEY="$(create_password 24)" RSS_FEED_CRYPT_KEY="$(create_password 24)"
echo '<?php' > $RSS_READER_PATH/config.php { echo '<?php';
echo " define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php echo " define('_CURL_HTTP_PROXY', '127.0.0.1:9050');";
echo " define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php echo " define('DB_TYPE', 'mysql');";
echo " define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php echo " define('DB_HOST', 'localhost');";
echo " define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php echo " define('DB_USER', 'root');";
echo " define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php echo " define('DB_NAME', 'ttrss');";
echo " define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php echo " define('DB_PASS', '${MARIADB_PASSWORD}');";
echo " define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php echo " define('DB_PORT', '3306');";
echo " define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php echo " define('MYSQL_CHARSET', 'UTF8');";
echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');";
echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');";
echo " define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php echo " define('SINGLE_USER_MODE', false);";
echo " define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php echo " define('SIMPLE_UPDATE_MODE', false);";
echo " define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php echo " define('PHP_EXECUTABLE', '/usr/bin/php');";
echo " define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php echo " define('LOCK_DIRECTORY', 'lock');";
echo " define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php echo " define('CACHE_DIR', 'cache');";
echo " define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php echo " define('ICONS_DIR', \"feed-icons\");";
echo " define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php echo " define('ICONS_URL', \"feed-icons\");";
echo " define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php echo " define('AUTH_AUTO_CREATE', true);";
echo " define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php echo " define('AUTH_AUTO_LOGIN', true);";
echo " define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php echo " define('FORCE_ARTICLE_PURGE', 0);";
echo " define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php echo " define('PUBSUBHUBBUB_HUB', '');";
echo " define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php echo " define('PUBSUBHUBBUB_ENABLED', false);";
echo " define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php echo " define('SPHINX_SERVER', 'localhost:9312');";
echo " define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php echo " define('SPHINX_INDEX', 'ttrss, delta');";
echo " define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php echo " define('ENABLE_REGISTRATION', false);";
echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');";
echo " define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php echo " define('REG_MAX_USERS', 10);";
echo " define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php echo " define('SESSION_COOKIE_LIFETIME', 86400);";
echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');";
echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');";
echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');";
echo " define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php echo " define('SMTP_SERVER', '');";
echo " define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php echo " define('SMTP_LOGIN', '');";
echo " define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php echo " define('SMTP_PASSWORD', '');";
echo " define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php echo " define('SMTP_SECURE', '');";
echo " define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php echo " define('CHECK_FOR_UPDATES', false);";
echo " define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php echo " define('ENABLE_GZIP_OUTPUT', false);";
echo " define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php echo " define('PLUGINS', 'auth_internal, note, gnusocial');";
echo " define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php echo " define('LOG_DESTINATION', 'sql');";
echo " define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php echo " define('CONFIG_VERSION', 26);"; } > $RSS_READER_PATH/config.php
fi fi
# initialize the database # initialize the database
@ -569,28 +573,28 @@ function install_rss_main {
systemctl restart nginx systemctl restart nginx
# daemon to update feeds # daemon to update feeds
echo '[Unit]' > /etc/systemd/system/ttrss.service { echo '[Unit]';
echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service echo 'Description=ttrss_backend';
echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service echo 'After=network.target mariadb.service';
echo 'After=tor.service' >> /etc/systemd/system/ttrss.service echo 'After=tor.service';
echo '' >> /etc/systemd/system/ttrss.service echo '';
echo '[Service]' >> /etc/systemd/system/ttrss.service echo '[Service]';
echo 'User=www-data' >> /etc/systemd/system/ttrss.service echo 'User=www-data';
echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon";
echo '' >> /etc/systemd/system/ttrss.service echo '';
echo '[Install]' >> /etc/systemd/system/ttrss.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service
systemctl enable ttrss systemctl enable ttrss
systemctl daemon-reload systemctl daemon-reload
systemctl start ttrss systemctl start ttrss
${PROJECT_NAME}-pass -u $MY_USERNAME -a rss -p "$RSS_READER_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD"
install_completed rss_main install_completed rss_main
} }
function install_rss_gnusocial { function install_rss_gnusocial {
if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
return return
fi fi
@ -604,23 +608,23 @@ function install_rss_gnusocial {
set_repo_commit $RSS_READER_GNUSOCIAL_PATH "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO set_repo_commit $RSS_READER_GNUSOCIAL_PATH "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
if [ ! -d $INSTALL_DIR ]; then if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p $INSTALL_DIR mkdir -p "$INSTALL_DIR"
fi fi
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 7246284
function_check git_clone function_check git_clone
git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then if [ ! -d "$INSTALL_DIR/ttrss-gnusocial" ]; then
echo $'Could not clone repo for RSS reader gnusocial plugin' echo $'Could not clone repo for RSS reader gnusocial plugin'
exit 52838 exit 52838
fi fi
cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH cp -r "$INSTALL_DIR/ttrss-gnusocial" $RSS_READER_GNUSOCIAL_PATH
cd $RSS_READER_GNUSOCIAL_PATH cd "$RSS_READER_GNUSOCIAL_PATH" || exit 782462424
git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT"
chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
@ -642,22 +646,22 @@ function install_rss_mobile_reader {
# remove any previous install # remove any previous install
if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
sed -i '/rss mobile reader commit/d' $COMPLETION_FILE sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
rm -rf $RSS_READER_PATH/g2ttree-mobile rm -rf $RSS_READER_PATH/g2ttree-mobile
fi fi
fi fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
cd /etc/share cd /etc/share || exit 7498264462
if [ -d /repos/rss-mobile ]; then if [ -d /repos/rss-mobile ]; then
mkdir ttrss-mobile mkdir ttrss-mobile
cp -r -p /repos/rss-mobile/. ttrss-mobile cp -r -p /repos/rss-mobile/. ttrss-mobile
cd ttrss-mobile cd ttrss-mobile || exit 462846284682
git pull git pull
else else
function_check git_clone function_check git_clone
@ -668,7 +672,7 @@ function install_rss_mobile_reader {
echo $'Could not clone RSS mobile reader repo' echo $'Could not clone RSS mobile reader repo'
exit 24816 exit 24816
fi fi
cd $RSS_MOBILE_READER_PATH cd "$RSS_MOBILE_READER_PATH" || exit 462846246824
git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT" set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"

View File

@ -61,39 +61,44 @@ function scuttlebot_create_invite {
invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g') invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
clear clear
echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n' echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
# shellcheck disable=SC2034
read -n1 -r -p $"Press any key to continue..." key read -n1 -r -p $"Press any key to continue..." key
} }
function configure_interactive_scuttlebot { function configure_interactive_scuttlebot {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Scuttlebot" \ --title $"Scuttlebot" \
--radiolist $"Choose an operation:" 10 50 2 \ --radiolist $"Choose an operation:" 10 50 2 \
1 $"Create an invite" off \ 1 $"Create an invite" off \
2 $"Exit" on 2> $data 2 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) scuttlebot_create_invite;; 1) scuttlebot_create_invite;;
2) break;; 2) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
function remove_user_scuttlebot { function remove_user_scuttlebot {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_scuttlebot { function add_user_scuttlebot {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
@ -109,8 +114,8 @@ function install_interactive_scuttlebot {
} }
function change_password_scuttlebot { function change_password_scuttlebot {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
@ -123,7 +128,7 @@ function reconfigure_scuttlebot {
} }
function upgrade_scuttlebot { function upgrade_scuttlebot {
if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
return return
fi fi
@ -134,11 +139,10 @@ function upgrade_scuttlebot {
return return
fi fi
npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
if [ ! "$?" = "0" ]; then
return return
fi fi
sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE} sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
} }
function backup_local_scuttlebot { function backup_local_scuttlebot {
@ -218,71 +222,72 @@ function remove_scuttlebot {
fi fi
remove_completion_param install_scuttlebot remove_completion_param install_scuttlebot
sed -i '/scuttlebot /d' $COMPLETION_FILE sed -i '/scuttlebot /d' "$COMPLETION_FILE"
} }
function git_ssb_script { function git_ssb_script {
if [[ "$1" == "mesh" ]]; then if [[ "$1" == "mesh" ]]; then
# shellcheck disable=SC2154
git_ssb_script_name=$rootdir/usr/bin/git-ssb-create git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
else else
git_ssb_script_name=/usr/bin/git-ssb-create git_ssb_script_name=/usr/bin/git-ssb-create
git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
fi fi
echo '#!/bin/bash' > $git_ssb_script_name { echo '#!/bin/bash';
echo 'reponame="$1"' >> $git_ssb_script_name echo "reponame=\"\$1\"";
echo '' >> $git_ssb_script_name echo '';
echo 'if [[ "$reponame" != "" ]]; then' >> $git_ssb_script_name echo "if [[ \"\$reponame\" != \"\" ]]; then";
echo ' mkdir $reponame' >> $git_ssb_script_name echo " mkdir \$reponame";
echo ' cd $reponame' >> $git_ssb_script_name echo " cd \$reponame";
echo ' git init' >> $git_ssb_script_name echo ' git init';
echo ' git ssb create ssb $reponame' >> $git_ssb_script_name echo " git ssb create ssb \$reponame";
echo ' git push --tags ssb master' >> $git_ssb_script_name echo ' git push --tags ssb master';
echo 'fi' >> $git_ssb_script_name echo 'fi';
echo 'exit 0' >> $git_ssb_script_name echo 'exit 0'; } > $git_ssb_script_name
chmod +x $git_ssb_script_name chmod +x $git_ssb_script_name
echo '[Unit]' > $git_ssb_daemon_filename { echo '[Unit]';
echo 'Description=Git SSB (SSB git web interface)' >> $git_ssb_daemon_filename echo 'Description=Git SSB (SSB git web interface)';
echo 'After=syslog.target' >> $git_ssb_daemon_filename echo 'After=syslog.target';
echo 'After=network.target' >> $git_ssb_daemon_filename echo 'After=network.target';
echo 'After=scuttlebot.target' >> $git_ssb_daemon_filename echo 'After=scuttlebot.target';
echo '' >> $git_ssb_daemon_filename echo '';
echo '[Service]' >> $git_ssb_daemon_filename echo '[Service]';
echo 'Type=simple' >> $git_ssb_daemon_filename echo 'Type=simple';
echo 'User=scuttlebot' >> $git_ssb_daemon_filename echo 'User=scuttlebot';
echo 'Group=scuttlebot' >> $git_ssb_daemon_filename echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot" >> $git_ssb_daemon_filename echo "WorkingDirectory=/etc/scuttlebot";
echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT" >> $git_ssb_daemon_filename echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
echo 'Restart=always' >> $git_ssb_daemon_filename echo 'Restart=always';
echo 'Environment="USER=scuttlebot"' >> $git_ssb_daemon_filename echo 'Environment="USER=scuttlebot"';
echo '' >> $git_ssb_daemon_filename echo '';
echo '[Install]' >> $git_ssb_daemon_filename echo '[Install]';
echo 'WantedBy=multi-user.target' >> $git_ssb_daemon_filename echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
} }
function scuttlebot_git_setup { function scuttlebot_git_setup {
if [[ "$1" == "mesh" ]]; then if [[ "$1" == "mesh" ]]; then
if [ ! -d $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
mkdir $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
fi fi
if [ ! -f $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
echo $'Could not find foundation.css' echo $'Could not find foundation.css'
exit 347687245 exit 347687245
fi fi
cp $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
echo 'server {' > $git_ssb_nginx_site { echo 'server {';
echo " listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site echo " listen $NGINX_GIT_SSB_PORT default_server;";
echo " server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site echo " server_name P${PEER_ID}.local;";
echo '' >> $git_ssb_nginx_site echo '';
echo ' access_log /dev/null;' >> $git_ssb_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $git_ssb_nginx_site echo ' error_log /dev/null;';
echo '' >> $git_ssb_nginx_site echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site echo ' add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
else else
if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
exit 7357225 exit 7357225
@ -300,15 +305,15 @@ function scuttlebot_git_setup {
git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME} git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html" nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
echo 'server {' >> $git_ssb_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $git_ssb_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $git_ssb_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site echo " server_name $SCUTTLEBOT_DOMAIN_NAME;";
echo '' >> $git_ssb_nginx_site echo ''; } >> $git_ssb_nginx_site
function_check nginx_compress function_check nginx_compress
nginx_compress $SCUTTLEBOT_DOMAIN_NAME nginx_compress $SCUTTLEBOT_DOMAIN_NAME
echo '' >> $git_ssb_nginx_site echo '' >> "$git_ssb_nginx_site"
echo ' # Security' >> $git_ssb_nginx_site echo ' # Security' >> "$git_ssb_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $SCUTTLEBOT_DOMAIN_NAME nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
@ -316,45 +321,45 @@ function scuttlebot_git_setup {
nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
fi fi
echo '' >> $git_ssb_nginx_site { echo '';
echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
echo '' >> $git_ssb_nginx_site echo '';
echo ' location = / {' >> $git_ssb_nginx_site echo ' location = / {';
echo " proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site echo " proxy_pass http://localhost:${GIT_SSB_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $git_ssb_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_http_version 1.1;' >> $git_ssb_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site echo ' proxy_set_header Connection upgrade;';
echo ' }' >> $git_ssb_nginx_site echo ' }';
echo '}' >> $git_ssb_nginx_site echo '}'; } >> $git_ssb_nginx_site
if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
echo '' >> $git_ssb_nginx_site { echo '';
echo 'server {' >> $git_ssb_nginx_site echo 'server {';
echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
echo '' >> $git_ssb_nginx_site echo '';
echo ' access_log /dev/null;' >> $git_ssb_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $git_ssb_nginx_site echo ' error_log /dev/null;';
echo '' >> $git_ssb_nginx_site echo '';
echo ' add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '' >> $git_ssb_nginx_site echo '';
echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
echo '' >> $git_ssb_nginx_site echo '';
echo ' location = / {' >> $git_ssb_nginx_site echo ' location = / {';
echo " proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site echo " proxy_pass http://localhost:${GIT_SSB_PORT};";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header Host $host;' >> $git_ssb_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_http_version 1.1;' >> $git_ssb_nginx_site echo ' proxy_http_version 1.1;';
echo ' proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site echo ' proxy_set_header Connection upgrade;';
echo ' }' >> $git_ssb_nginx_site echo ' }';
echo '}' >> $git_ssb_nginx_site echo '}'; } >> $git_ssb_nginx_site
fi fi
if [[ "$1" != "mesh" ]]; then if [[ "$1" != "mesh" ]]; then
nginx_ensite git_ssb nginx_ensite git_ssb
@ -364,23 +369,23 @@ function scuttlebot_git_setup {
function mesh_install_dat { function mesh_install_dat {
get_npm_arch get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_dat cat <<EOF > "$rootdir/usr/bin/install_dat"
#!/bin/bash #!/bin/bash
npm install --arch=$NPM_ARCH -g dat npm install --arch=$NPM_ARCH -g dat
npm install --arch=$NPM_ARCH -g @garbados/dat-boi npm install --arch=$NPM_ARCH -g @garbados/dat-boi
npm install --arch=$NPM_ARCH -g add-to-systemd npm install --arch=$NPM_ARCH -g add-to-systemd
add-to-systemd dat-boi --user $(whoami) `which dat-boi` add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
EOF EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
chroot "$rootdir" /usr/bin/install_dat chroot "$rootdir" /usr/bin/install_dat
rm $rootdir/usr/bin/install_dat rm "$rootdir/usr/bin/install_dat"
} }
function install_dat { function install_dat {
npm install -g dat npm install -g dat
npm install -g @garbados/dat-boi npm install -g @garbados/dat-boi
npm install -g add-to-systemd npm install -g add-to-systemd
add-to-systemd dat-boi --user $(whoami) `which dat-boi` add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
} }
function mesh_install_scuttlebot { function mesh_install_scuttlebot {
@ -390,7 +395,7 @@ function mesh_install_scuttlebot {
get_npm_arch get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_scuttlebot cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
#!/bin/bash #!/bin/bash
npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION} npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
npm install --arch=$NPM_ARCH -g git-ssb npm install --arch=$NPM_ARCH -g git-ssb
@ -398,37 +403,37 @@ npm install --arch=$NPM_ARCH -g git-remote-ssb
EOF EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
chroot "$rootdir" /usr/bin/install_scuttlebot chroot "$rootdir" /usr/bin/install_scuttlebot
rm $rootdir/usr/bin/install_scuttlebot rm "$rootdir/usr/bin/install_scuttlebot"
if [ ! -f $rootdir/usr/local/bin/sbot ]; then if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
echo $'Scuttlebot was not installed' echo $'Scuttlebot was not installed'
exit 528253 exit 528253
fi fi
if [ ! -d $rootdir/etc/scuttlebot ]; then if [ ! -d "$rootdir/etc/scuttlebot" ]; then
mkdir -p $rootdir/etc/scuttlebot mkdir -p "$rootdir/etc/scuttlebot"
fi fi
# an unprivileged user to run as # an unprivileged user to run as
chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
# daemon # daemon
echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service { echo '[Unit]';
echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'Description=Scuttlebot (messaging system)';
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'After=syslog.target';
echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'After=network.target';
echo '' >> $rootdir/etc/systemd/system/scuttlebot.service echo '';
echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service echo '[Service]';
echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'Type=simple';
echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'User=scuttlebot';
echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service echo "WorkingDirectory=/etc/scuttlebot";
echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'ExecStart=/usr/local/bin/sbot server';
echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'Restart=always';
echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'Environment="USER=scuttlebot"';
echo '' >> $rootdir/etc/systemd/system/scuttlebot.service echo '';
echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"
scuttlebot_git_setup mesh scuttlebot_git_setup mesh
git_ssb_script mesh git_ssb_script mesh
@ -455,22 +460,22 @@ function install_scuttlebot {
useradd -d /etc/scuttlebot/ scuttlebot useradd -d /etc/scuttlebot/ scuttlebot
# daemon # daemon
echo '[Unit]' > /etc/systemd/system/scuttlebot.service { echo '[Unit]';
echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service echo 'Description=Scuttlebot (messaging system)';
echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service echo 'After=syslog.target';
echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service echo 'After=network.target';
echo '' >> /etc/systemd/system/scuttlebot.service echo '';
echo '[Service]' >> /etc/systemd/system/scuttlebot.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service echo 'Type=simple';
echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service echo 'User=scuttlebot';
echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service echo "WorkingDirectory=/etc/scuttlebot";
echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service echo 'ExecStart=/usr/local/bin/sbot server';
echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service echo 'Restart=always';
echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service echo 'Environment="USER=scuttlebot"';
echo '' >> /etc/systemd/system/scuttlebot.service echo '';
echo '[Install]' >> /etc/systemd/system/scuttlebot.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service
chown -R scuttlebot:scuttlebot /etc/scuttlebot chown -R scuttlebot:scuttlebot /etc/scuttlebot
@ -489,24 +494,24 @@ function install_scuttlebot {
exit 73528 exit 73528
fi fi
echo '{' > /etc/scuttlebot/.ssb/config { echo '{';
echo " \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config echo " \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
echo " \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config echo " \"port\": ${SCUTTLEBOT_PORT},";
echo ' "timeout": 30000,' >> /etc/scuttlebot/.ssb/config echo ' "timeout": 30000,';
echo ' "pub": true,' >> /etc/scuttlebot/.ssb/config echo ' "pub": true,';
echo ' "local": true,' >> /etc/scuttlebot/.ssb/config echo ' "local": true,';
echo ' "friends": {' >> /etc/scuttlebot/.ssb/config echo ' "friends": {';
echo ' "dunbar": 150,' >> /etc/scuttlebot/.ssb/config echo ' "dunbar": 150,';
echo ' "hops": 3' >> /etc/scuttlebot/.ssb/config echo ' "hops": 3';
echo ' },' >> /etc/scuttlebot/.ssb/config echo ' },';
echo ' "gossip": {' >> /etc/scuttlebot/.ssb/config echo ' "gossip": {';
echo ' "connections": 2' >> /etc/scuttlebot/.ssb/config echo ' "connections": 2';
echo ' },' >> /etc/scuttlebot/.ssb/config echo ' },';
echo ' "master": [],' >> /etc/scuttlebot/.ssb/config echo ' "master": [],';
echo ' "logging": {' >> /etc/scuttlebot/.ssb/config echo ' "logging": {';
echo ' "level": "error"' >> /etc/scuttlebot/.ssb/config echo ' "level": "error"';
echo ' }' >> /etc/scuttlebot/.ssb/config echo ' }';
echo '}' >> /etc/scuttlebot/.ssb/config echo '}'; } > /etc/scuttlebot/.ssb/config
chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot.service systemctl restart scuttlebot.service
@ -527,10 +532,10 @@ function install_scuttlebot {
systemctl restart nginx systemctl restart nginx
if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE} echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
else else
sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE} sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
fi fi
APP_INSTALLED=1 APP_INSTALLED=1

File diff suppressed because it is too large Load Diff

View File

@ -66,12 +66,12 @@ function syncthing_create_ids_file {
SYNCTHING_ID=$(cat ~/.syncthing-server-id) SYNCTHING_ID=$(cat ~/.syncthing-server-id)
if [ ! -f $SYNCTHING_CONFIG_FILE ]; then if [ ! -f $SYNCTHING_CONFIG_FILE ]; then
echo $'# Your syncthing configuration file' > $SYNCTHING_CONFIG_FILE { echo $'# Your syncthing configuration file';
echo '#' >> $SYNCTHING_CONFIG_FILE echo '#';
echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID" >> $SYNCTHING_CONFIG_FILE echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID";
echo '#' >> $SYNCTHING_CONFIG_FILE echo '#';
echo '# Paste the IDs of your devices below' >> $SYNCTHING_CONFIG_FILE echo '# Paste the IDs of your devices below';
echo '#' >> $SYNCTHING_CONFIG_FILE echo '#'; } > $SYNCTHING_CONFIG_FILE
fi fi
} }
@ -94,12 +94,13 @@ function syncthing_show_id {
SYNCTHING_ID=$(cat ~/.syncthing-server-id) SYNCTHING_ID=$(cat ~/.syncthing-server-id)
dialog --title $"Device ID for ${PROJECT_NAME}" \ dialog --title $"Device ID for ${PROJECT_NAME}" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"In a desktop terminal press shift and select the ID below,\nthen right click and copy.\n\nWithin Connectbot select Menu/Copy and then highlight the ID below\n\n$SYNCTHING_ID\n\nAlternatively press Enter to display a QR code which can be scanned." 13 78 --msgbox $"In a desktop terminal press shift and select the ID below,\\nthen right click and copy.\\n\\nWithin Connectbot select Menu/Copy and then highlight the ID below\\n\\n$SYNCTHING_ID\\n\\nAlternatively press Enter to display a QR code which can be scanned." 13 78
clear clear
echo $'Your Syncthing ID code' echo $'Your Syncthing ID code'
echo '' echo ''
echo -n "$SYNCTHING_ID" | qrencode -t UTF8 echo -n "$SYNCTHING_ID" | qrencode -t UTF8
echo '' echo ''
# shellcheck disable=SC2034
read -n1 -rsp $"Press any key to continue..." key read -n1 -rsp $"Press any key to continue..." key
} }
@ -110,21 +111,23 @@ function syncthing_add_id {
syncthing_create_ids_file syncthing_create_ids_file
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Add a Syncthing device ID" \ --title $"Add a Syncthing device ID" \
--form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \ --form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
$"Device ID:" 1 1 "" 1 26 80 80 \ $"Device ID:" 1 1 "" 1 26 80 80 \
$"Description (optional):" 2 1 "" 2 26 80 80 \ $"Description (optional):" 2 1 "" 2 26 80 80 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p) SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
SYNCTHING_DESCRIPTION=$(cat $data | sed -n 2p) SYNCTHING_DESCRIPTION=$(sed -n 2p < "$data")
rm -f "$data"
if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
return return
@ -164,19 +167,21 @@ function syncthing_remove_id {
syncthing_create_ids_file syncthing_create_ids_file
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Remove a Syncthing device ID" \ --title $"Remove a Syncthing device ID" \
--form $"Paste the device ID which is to be removed below" 8 80 1 \ --form $"Paste the device ID which is to be removed below" 8 80 1 \
$"Device ID:" 1 1 "" 1 14 80 80 \ $"Device ID:" 1 1 "" 1 14 80 80 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p) SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
rm -f "$data"
if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
return return
@ -212,8 +217,7 @@ function run_client_syncthing {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"File Synchronization" \ --title $"File Synchronization" \
--radiolist $"Choose an operation:" 12 70 6 \ --radiolist $"Choose an operation:" 12 70 6 \
@ -221,19 +225,23 @@ function run_client_syncthing {
2 $"Add an ID for another machine or device" off \ 2 $"Add an ID for another machine or device" off \
3 $"Remove an ID for another machine or device" off \ 3 $"Remove an ID for another machine or device" off \
4 $"Manually edit device IDs" off \ 4 $"Manually edit device IDs" off \
5 $"Back to main menu" on 2> $data 5 $"Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) syncthing_show_id;; 1) syncthing_show_id;;
2) syncthing_add_id;; 2) syncthing_add_id;;
3) syncthing_remove_id;; 3) syncthing_remove_id;;
4) syncthing_manual_edit;; 4) syncthing_manual_edit;;
5) break;; 5) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -260,21 +268,21 @@ function backup_local_syncthing {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/Sync ]; then if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME" echo $"Backing up syncthing files for $USERNAME"
backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME backup_directory_to_usb "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings # ensure that device IDs will be backed up as part of user config settings
if [ ! -d /home/$USERNAME/.config/syncthing ]; then if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
mkdir -p /home/$USERNAME/.config/syncthing mkdir -p "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthingids ]; then if [ -f "/home/$USERNAME/.syncthingids" ]; then
cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
fi fi
fi fi
@ -288,7 +296,7 @@ function restore_local_syncthing {
fi fi
temp_restore_dir=/root/tempsyncthing temp_restore_dir=/root/tempsyncthing
if [ -d $USB_MOUNT/backup/syncthingconfig ]; then if [ -d "$USB_MOUNT/backup/syncthingconfig" ]; then
echo $"Restoring syncthing configuration" echo $"Restoring syncthing configuration"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir}config syncthingconfig restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
@ -297,9 +305,7 @@ function restore_local_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH mkdir -p $SYNCTHING_CONFIG_PATH
fi fi
cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/ if ! cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/; then
if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
systemctl start syncthing systemctl start syncthing
@ -309,7 +315,7 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}config rm -rf ${temp_restore_dir}config
fi fi
if [ -d $USB_MOUNT/backup/syncthingshared ]; then if [ -d "$USB_MOUNT/backup/syncthingshared" ]; then
echo $"Restoring syncthing shared files" echo $"Restoring syncthing shared files"
restore_directory_from_usb ${temp_restore_dir}shared syncthingshared restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
#cp -r ${temp_restore_dir}shared/* / #cp -r ${temp_restore_dir}shared/* /
@ -321,28 +327,29 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}shared rm -rf ${temp_restore_dir}shared
fi fi
if [ -d $USB_MOUNT/backup/syncthing ]; then if [ -d "$USB_MOUNT/backup/syncthing" ]; then
for d in $USB_MOUNT/backup/syncthing/*/ ; do for d in $USB_MOUNT/backup/syncthing/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring syncthing files for $USERNAME" echo $"Restoring syncthing files for $USERNAME"
restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME restore_directory_from_usb "${temp_restore_dir}" "syncthing/$USERNAME"
if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then if [ -d "${temp_restore_dir}/home/$USERNAME/Sync" ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ cp -r "${temp_restore_dir}/home/$USERNAME/Sync" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/Sync ]; then if [ ! -d "/home/$USERNAME/Sync" ]; then
mkdir /home/$USERNAME/Sync mkdir "/home/$USERNAME/Sync"
fi fi
if [ -d /root/Sync ]; then if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/ cp -r /root/Sync/* "/home/$USERNAME/Sync/"
rm -rf /root/Sync rm -rf /root/Sync
else else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
set_user_permissions set_user_permissions
@ -354,13 +361,13 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
# restore device IDs from config settings # restore device IDs from config settings
if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
fi fi
if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
fi fi
fi fi
done done
@ -389,21 +396,21 @@ function backup_remote_syncthing {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/Sync ]; then if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME" echo $"Backing up syncthing files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings # ensure that device IDs will be backed up as part of user config settings
if [ ! -d /home/$USERNAME/.config/syncthing ]; then if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
mkdir -p /home/$USERNAME/.config/syncthing mkdir -p "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthingids ]; then if [ -f "/home/$USERNAME/.syncthingids" ]; then
cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
fi fi
fi fi
@ -416,7 +423,7 @@ function restore_remote_syncthing {
systemctl stop cron systemctl stop cron
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then if [ -d "$SERVER_DIRECTORY/backup/syncthingconfig" ]; then
echo $"Restoring syncthing configuration" echo $"Restoring syncthing configuration"
temp_restore_dir=/root/tempsyncthingconfig temp_restore_dir=/root/tempsyncthingconfig
function_check restore_directory_from_friend function_check restore_directory_from_friend
@ -425,8 +432,7 @@ function restore_remote_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH mkdir -p $SYNCTHING_CONFIG_PATH
fi fi
cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/ if ! cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/; then
if [ ! "$?" = "0" ]; then
systemctl start syncthing systemctl start syncthing
systemctl start cron systemctl start cron
exit 6833 exit 6833
@ -434,7 +440,7 @@ function restore_remote_syncthing {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then if [ -d "$SERVER_DIRECTORY/backup/syncthingshared" ]; then
echo $"Restoring syncthing shared files" echo $"Restoring syncthing shared files"
temp_restore_dir=/root/tempsyncthingshared temp_restore_dir=/root/tempsyncthingshared
function_check restore_directory_from_friend function_check restore_directory_from_friend
@ -446,30 +452,31 @@ function restore_remote_syncthing {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then if [ -d "$SERVER_DIRECTORY/backup/syncthing" ]; then
for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring syncthing files for $USERNAME" echo $"Restoring syncthing files for $USERNAME"
temp_restore_dir=/root/tempsyncthing temp_restore_dir=/root/tempsyncthing
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME restore_directory_from_friend "$temp_restore_dir" "syncthing/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then if [ -d "$temp_restore_dir/home/$USERNAME/Sync" ]; then
cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/Sync" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/Sync ]; then if [ ! -d "/home/$USERNAME/Sync" ]; then
mkdir /home/$USERNAME/Sync mkdir "/home/$USERNAME/Sync"
fi fi
if [ -d /root/Sync ]; then if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/ cp -r /root/Sync/* "/home/$USERNAME/Sync/"
rm -rf /root/Sync rm -rf /root/Sync
else else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
systemctl start syncthing systemctl start syncthing
@ -479,13 +486,13 @@ function restore_remote_syncthing {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
# restore device IDs from config settings # restore device IDs from config settings
if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
fi fi
if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
fi fi
echo $"Restore of syncthing files for $USERNAME complete" echo $"Restore of syncthing files for $USERNAME complete"
fi fi
@ -512,12 +519,12 @@ function remove_syncthing {
} }
function configure_firewall_for_syncthing { function configure_firewall_for_syncthing {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
firewall_add Syncthing ${SYNCTHING_PORT} firewall_add Syncthing ${SYNCTHING_PORT}
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function install_syncthing_repo { function install_syncthing_repo {
@ -537,22 +544,22 @@ function install_syncthing {
# This probably does need to run as root so that it can access the Sync directories # This probably does need to run as root so that it can access the Sync directories
# in each user's home directory # in each user's home directory
echo '[Unit]' > /etc/systemd/system/syncthing.service { echo '[Unit]';
echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service echo 'Description=Syncthing - Open Source Continuous File Synchronization';
echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service echo 'Documentation=man:syncthing(1)';
echo 'After=network.target' >> /etc/systemd/system/syncthing.service echo 'After=network.target';
echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service echo 'Wants=syncthing-inotify@.service';
echo '' >> /etc/systemd/system/syncthing.service echo '';
echo '[Service]' >> /etc/systemd/system/syncthing.service echo '[Service]';
echo 'User=root' >> /etc/systemd/system/syncthing.service echo 'User=root';
echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service echo "Environment='all_proxy=socks5://localhost:9050'";
echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0';
echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service echo 'RestartForceExitStatus=3 4';
echo '' >> /etc/systemd/system/syncthing.service echo '';
echo '[Install]' >> /etc/systemd/system/syncthing.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/syncthing.service
systemctl enable syncthing systemctl enable syncthing
systemctl daemon-reload systemctl daemon-reload
systemctl start syncthing systemctl start syncthing

View File

@ -72,52 +72,52 @@ function add_user_tahoelafs {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a tahoelafs -p "$new_user_password"
if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "'/${new_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username} echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${new_username}"
echo '0' echo '0'
} }
function remove_user_tahoelafs { function remove_user_tahoelafs {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp tahoelafs
if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "/${remove_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
} }
function change_password_tahoelafs { function change_password_tahoelafs {
change_username="$1" change_username="$1"
change_password="$2" change_password="$2"
${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password" "${PROJECT_NAME}-pass" -u "$change_username" -a tahoelafs -p "$change_password"
if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "/tahoe-${change_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username} echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${change_username}"
} }
function add_tahoelafs_storage_node_interactive { function add_tahoelafs_storage_node_interactive {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Add Tahoe-LAFS storage node" \ --title $"Add Tahoe-LAFS storage node" \
--form $"\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \ --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
$"Hostname:" 1 1 "" 1 14 53 40 \ $"Hostname:" 1 1 "" 1 14 53 40 \
$"Public Key:" 2 1 "" 2 14 53 255 \ $"Public Key:" 2 1 "" 2 14 53 255 \
$"Nickname:" 3 1 "" 3 14 53 255 \ $"Nickname:" 3 1 "" 3 14 53 255 \
$"FURL:" 4 1 "" 4 14 53 255 \ $"FURL:" 4 1 "" 4 14 53 255 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
255) return;; 255) return;;
esac esac
storage_hostname=$(cat $data | sed -n 1p) storage_hostname=$(sed -n 1p < "$data")
public_key="$(cat $data | sed -n 2p)" public_key=$(sed -n 2p < "$data")
nick=$(cat $data | sed -n 3p) nick=$(sed -n 3p < "$data")
furl=$(cat $data | sed -n 4p) furl=$(sed -n 4p < "$data")
rm -f "$data"
if [ ${#public_key} -eq 0 ]; then if [ ${#public_key} -eq 0 ]; then
return return
@ -142,23 +142,26 @@ function edit_tahoelafs_shares {
read_config_param TAHOELAFS_SHARES_HAPPY read_config_param TAHOELAFS_SHARES_HAPPY
read_config_param TAHOELAFS_SHARES_TOTAL read_config_param TAHOELAFS_SHARES_TOTAL
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Tahoe-LAFS shares" \ --title $"Tahoe-LAFS shares" \
--form $"\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \ --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
$"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \ $"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \
$"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \ $"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \
$"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \ $"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
tl_needed="$(cat $data | sed -n 1p)" tl_needed=$(sed -n 1p < "$data")
tl_happy="$(cat $data | sed -n 2p)" tl_happy=$(sed -n 2p < "$data")
tl_total="$(cat $data | sed -n 3p)" tl_total=$(sed -n 3p < "$data")
rm -f "$data"
if [ ${#tl_needed} -gt 0 ]; then if [ ${#tl_needed} -gt 0 ]; then
TAHOELAFS_SHARES_NEEDED=${tl_needed} TAHOELAFS_SHARES_NEEDED=${tl_needed}
fi fi
@ -185,88 +188,90 @@ function edit_tahoelafs_shares {
} }
function configure_interactive_tahoelafs { function configure_interactive_tahoelafs {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Tahoe-LAFS" \ --title $"Tahoe-LAFS" \
--radiolist $"The least authority is always the best" 11 50 5 \ --radiolist $"The least authority is always the best" 11 50 5 \
1 "Add a storage node" off \ 1 "Add a storage node" off \
2 "Manually edit storage nodes" off \ 2 "Manually edit storage nodes" off \
3 "Shares settings" off \ 3 "Shares settings" off \
4 "Back to main menu" on 2> $data 4 "Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) add_tahoelafs_storage_node_interactive;; 1) add_tahoelafs_storage_node_interactive;;
2) edit_tahoelafs_nodes;; 2) edit_tahoelafs_nodes;;
3) edit_tahoelafs_shares;; 3) edit_tahoelafs_shares;;
esac esac
rm -f "$data"
} }
function tahoelafs_setup_client_config { function tahoelafs_setup_client_config {
config_file=$1 config_file="$1"
nick="$2" nick="$2"
echo '[node]' > $config_file { echo '[node]';
echo "nickname = $nick" >> $config_file echo "nickname = $nick";
echo 'reveal-IP-address = false' >> $config_file echo 'reveal-IP-address = false';
echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1" >> $config_file echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1";
echo 'web.static = public_html' >> $config_file echo 'web.static = public_html';
echo 'tub.port = disabled' >> $config_file echo 'tub.port = disabled';
echo 'tub.location = disabled' >> $config_file echo 'tub.location = disabled';
echo '' >> $config_file echo '';
echo '[client]' >> $config_file echo '[client]';
echo 'introducer.furl =' >> $config_file echo 'introducer.furl =';
echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
echo '' >> $config_file echo '';
echo '[storage]' >> $config_file echo '[storage]';
echo 'enabled = false' >> $config_file echo 'enabled = false';
echo 'reserved_space = 3G' >> $config_file echo 'reserved_space = 3G';
echo '' >> $config_file echo '';
echo '[helper]' >> $config_file echo '[helper]';
echo 'enabled = false' >> $config_file echo 'enabled = false';
echo '' >> $config_file echo '';
echo '[connections]' >> $config_file echo '[connections]';
echo 'tcp = tor' >> $config_file echo 'tcp = tor'; } > "$config_file"
} }
function tahoelafs_setup_storage_config { function tahoelafs_setup_storage_config {
config_file=$1 config_file="$1"
nick="$2" nick="$2"
echo '[node]' > $config_file { echo '[node]';
echo "nickname = $nick" >> $config_file echo "nickname = $nick";
echo 'reveal-IP-address = false' >> $config_file echo 'reveal-IP-address = false';
echo 'web.port =' >> $config_file echo 'web.port =';
echo 'web.static = public_html' >> $config_file echo 'web.static = public_html';
echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1" >> $config_file echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1";
echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}" >> $config_file echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}";
echo '' >> $config_file echo '';
echo '[client]' >> $config_file echo '[client]';
echo 'introducer.furl =' >> $config_file echo 'introducer.furl =';
echo 'helper.furl =' >> $config_file echo 'helper.furl =';
echo '' >> $config_file echo '';
echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
echo '' >> $config_file echo '';
echo '[storage]' >> $config_file echo '[storage]';
echo 'enabled = true' >> $config_file echo 'enabled = true';
echo 'reserved_space = 3G' >> $config_file echo 'reserved_space = 3G';
echo 'expire.enabled = true' >> $config_file echo 'expire.enabled = true';
echo 'expire.mode = age' >> $config_file echo 'expire.mode = age';
echo 'expire.override_lease_duration = 3 months' >> $config_file echo 'expire.override_lease_duration = 3 months';
echo '' >> $config_file echo '';
echo '[helper]' >> $config_file echo '[helper]';
echo 'enabled = false' >> $config_file echo 'enabled = false';
echo '' >> $config_file echo '';
echo '[connections]' >> $config_file echo '[connections]';
echo 'tcp = tor' >> $config_file echo 'tcp = tor'; } > "$config_file"
chown -R tahoelafs:debian-tor $TAHOE_DIR chown -R tahoelafs:debian-tor $TAHOE_DIR
} }
@ -304,6 +309,7 @@ function restore_local_tahoelafs {
else else
cp -r $temp_restore_dir/* $TAHOE_DIR/ cp -r $temp_restore_dir/* $TAHOE_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d ${TAHOE_DIR}-old ]; then if [ -d ${TAHOE_DIR}-old ]; then
mv ${TAHOE_DIR}-old $TAHOE_DIR mv ${TAHOE_DIR}-old $TAHOE_DIR
@ -346,14 +352,15 @@ function restore_remote_tahoelafs {
else else
cp -r $temp_restore_dir/* $TAHOE_DIR/ cp -r $temp_restore_dir/* $TAHOE_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d ${$TAHOE_DIR}-old ]; then if [ -d "${TAHOE_DIR}-old" ]; then
mv ${TAHOE_DIR}-old $TAHOE_DIR mv "${TAHOE_DIR}-old" $TAHOE_DIR
fi fi
exit 623925 exit 623925
fi fi
if [ -d ${$TAHOE_DIR}-old ]; then if [ -d "${TAHOE_DIR}-old" ]; then
rm -rf ${$TAHOE_DIR}-old rm -rf "${TAHOE_DIR}-old"
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
chown -R tahoelafs:debian-tor $TAHOE_DIR chown -R tahoelafs:debian-tor $TAHOE_DIR
@ -398,7 +405,7 @@ function remove_tahoelafs {
remove_completion_param install_tahoelafs remove_completion_param install_tahoelafs
function_check remove_onion_service function_check remove_onion_service
remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT} remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick) remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} "$(get_tahoelafs_nick)"
sed -i '/HidServAuth /d' /etc/tor/torrc sed -i '/HidServAuth /d' /etc/tor/torrc
groupdel -f tahoelafs groupdel -f tahoelafs
@ -437,23 +444,23 @@ function create_tahoelafs_stealth_node {
exit 682362 exit 682362
fi fi
if [ ! -f ${node_dir}/tahoe.cfg ]; then if [ ! -f "${node_dir}/tahoe.cfg" ]; then
su -c "mkdir ${node_dir}" - tahoelafs su -c "mkdir ${node_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs
tahoelafs_setup_storage_config ${node_dir}/tahoe.cfg ${node_nick} tahoelafs_setup_storage_config "${node_dir}/tahoe.cfg" "${node_nick}"
fi fi
if [ ! -f ${client_dir}/tahoe.cfg ]; then if [ ! -f "${client_dir}/tahoe.cfg" ]; then
su -c "mkdir ${client_dir}" - tahoelafs su -c "mkdir ${client_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs
tahoelafs_setup_client_config ${client_dir}/tahoe.cfg ${client_nick} tahoelafs_setup_client_config "${client_dir}/tahoe.cfg" "${client_nick}"
fi fi
} }
function create_tahoelafs_introducer { function create_tahoelafs_introducer {
introducer_dir="$1" introducer_dir="$1"
if [ -f ${introducer_dir}/tahoe.cfg ]; then if [ -f "${introducer_dir}/tahoe.cfg" ]; then
return return
fi fi
@ -470,7 +477,7 @@ function create_tahoelafs_storage_node {
return return
fi fi
if [ -f ${node_dir}/tahoe.cfg ]; then if [ -f "${node_dir}/tahoe.cfg" ]; then
return return
fi fi
@ -487,15 +494,15 @@ function create_tahoelafs_client {
return return
fi fi
if [ -f ${client_dir}/tahoe.cfg ]; then if [ -f "${client_dir}/tahoe.cfg" ]; then
return return
fi fi
su -c "mkdir ${client_dir}" - tahoelafs su -c "mkdir ${client_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs
sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' $client_dir/tahoe.cfg sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' "$client_dir/tahoe.cfg"
sed -i 's|tub.port =.*|tub.port = disabled|g' $client_dir/tahoe.cfg sed -i 's|tub.port =.*|tub.port = disabled|g' "$client_dir/tahoe.cfg"
sed -i 's|tub.location =.*|tub.location = disabled|g' $client_dir/tahoe.cfg sed -i 's|tub.location =.*|tub.location = disabled|g' "$client_dir/tahoe.cfg"
} }
function get_tahoelafs_furl { function get_tahoelafs_furl {
@ -510,11 +517,11 @@ function get_tahoelafs_nick {
} }
function get_tahoelafs_storage_hostname { function get_tahoelafs_storage_hostname {
echo "$(cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname)" cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname
} }
function get_tahoelafs_public_key { function get_tahoelafs_public_key {
echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')" grep 'v0-' "$TAHOE_DIR/storage/node.pubkey" | sed 's|pub-||g'
} }
function add_tahoelafs_server { function add_tahoelafs_server {
@ -549,10 +556,10 @@ function add_tahoelafs_server {
fi fi
echo '# storage' >> ${tahoelafs_storage_file} echo '# storage' >> ${tahoelafs_storage_file}
fi fi
echo " ${public_key}:" >> ${tahoelafs_storage_file} { echo " ${public_key}:";
echo " ann:" >> ${tahoelafs_storage_file} echo " ann:";
echo " nickname: ${nick}" >> ${tahoelafs_storage_file} echo " nickname: ${nick}";
echo " anonymous-storage-FURL: ${furl}" >> ${tahoelafs_storage_file} echo " anonymous-storage-FURL: ${furl}"; } >> "${tahoelafs_storage_file}"
chown tahoelafs:debian-tor ${tahoelafs_storage_file} chown tahoelafs:debian-tor ${tahoelafs_storage_file}
if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then
@ -566,27 +573,27 @@ function create_tahoelafs_daemon {
TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service
echo "Creating daemon: $TAHOELAFS_DAEMON_FILE" echo "Creating daemon: $TAHOELAFS_DAEMON_FILE"
echo '[Unit]' > $TAHOELAFS_DAEMON_FILE { echo '[Unit]';
echo "Description=Tahoe-LAFS ${daemon_name}" >> $TAHOELAFS_DAEMON_FILE echo "Description=Tahoe-LAFS ${daemon_name}";
echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE echo 'After=syslog.target';
echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE echo 'After=network.target';
echo '' >> $TAHOELAFS_DAEMON_FILE echo '';
echo '[Service]' >> $TAHOELAFS_DAEMON_FILE echo '[Service]';
echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE echo 'Type=simple';
echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE echo "User=tahoelafs";
echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE echo "Group=debian-tor";
echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE echo "WorkingDirectory=${TAHOE_DIR}";
echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}";
echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}";
echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE echo 'Restart=on-failure';
echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE echo 'RestartSec=10';
echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"";
echo '' >> $TAHOELAFS_DAEMON_FILE echo '';
echo '[Install]' >> $TAHOELAFS_DAEMON_FILE echo '[Install]';
echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE echo 'WantedBy=multi-user.target'; } > "$TAHOELAFS_DAEMON_FILE"
systemctl enable tahoelafs-${daemon_name} systemctl enable "tahoelafs-${daemon_name}"
systemctl daemon-reload systemctl daemon-reload
systemctl start tahoelafs-${daemon_name} systemctl start "tahoelafs-${daemon_name}"
} }
function create_tahoelafs_web { function create_tahoelafs_web {
@ -596,44 +603,44 @@ function create_tahoelafs_web {
TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login' TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login'
tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs
echo 'server {' > $tahoelafs_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;" >> $tahoelafs_nginx_site echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
echo " server_name $TAHOELAFS_ONION_HOSTNAME;" >> $tahoelafs_nginx_site echo " server_name $TAHOELAFS_ONION_HOSTNAME;";
echo '' >> $tahoelafs_nginx_site echo ''; } > "$tahoelafs_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing tahoelafs nginx_disable_sniffing tahoelafs
echo '' >> $tahoelafs_nginx_site { echo '';
echo ' # Logs' >> $tahoelafs_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $tahoelafs_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $tahoelafs_nginx_site echo ' error_log /dev/null;';
echo '' >> $tahoelafs_nginx_site echo '';
echo ' # Root' >> $tahoelafs_nginx_site echo ' # Root';
echo " root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site echo " root /var/www/tahoelafs/htdocs;";
echo '' >> $tahoelafs_nginx_site echo '';
echo ' location / {' >> $tahoelafs_nginx_site echo ' location / {';
echo " auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site echo " auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site echo ' auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;'; } >> "$tahoelafs_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits tahoelafs '15m' nginx_limits tahoelafs '15m'
echo ' rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site { echo " rewrite /(.*) /\$1 break;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $tahoelafs_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $tahoelafs_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $http_host;' >> $tahoelafs_nginx_site echo " proxy_set_header Host \$http_host;";
echo ' proxy_set_header X-NginX-Proxy true;' >> $tahoelafs_nginx_site echo ' proxy_set_header X-NginX-Proxy true;';
echo " proxy_pass http://localhost:${TAHOELAFS_PORT};" >> $tahoelafs_nginx_site echo " proxy_pass http://localhost:${TAHOELAFS_PORT};";
echo ' proxy_redirect off;' >> $tahoelafs_nginx_site echo ' proxy_redirect off;';
echo ' }' >> $tahoelafs_nginx_site echo ' }';
echo '}' >> $tahoelafs_nginx_site echo '}'; } >> "$tahoelafs_nginx_site"
TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" TAHOELAFS_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
touch /etc/nginx/.htpasswd-tahoelafs touch /etc/nginx/.htpasswd-tahoelafs
fi fi
if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "/${MY_USERNAME}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME} echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${MY_USERNAME}"
function_check nginx_ensite function_check nginx_ensite
nginx_ensite tahoelafs nginx_ensite tahoelafs
@ -641,7 +648,7 @@ function create_tahoelafs_web {
} }
function install_tahoelafs { function install_tahoelafs {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
return return
fi fi
@ -687,12 +694,12 @@ function install_tahoelafs {
client_nick=${MY_USERNAME}-client client_nick=${MY_USERNAME}-client
# create an onion address for storage node # create an onion address for storage node
TAHOELAFS_STORAGE_ONION_HOSTNAME=$(add_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_PORT} ${TAHOELAFS_STORAGE_ONION_PORT} ${node_nick}) TAHOELAFS_STORAGE_ONION_HOSTNAME=$(add_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_PORT} ${TAHOELAFS_STORAGE_ONION_PORT} "${node_nick}")
# create an onion address for client node # create an onion address for client node
TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT}) TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick} create_tahoelafs_stealth_node "$TAHOE_DIR/storage" "$TAHOE_DIR/client" "${node_nick}" "${client_nick}"
# start the storage node # start the storage node
su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs

View File

@ -74,12 +74,12 @@ function logging_off_tox {
function remove_user_tox { function remove_user_tox {
remove_username="$1" remove_username="$1"
if [ -d /home/$remove_username/.config/tox ]; then if [ -d "/home/$remove_username/.config/tox" ]; then
if [ -d /home/$remove_username/.config/tox/chatlogs ]; then if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
shred -zu /home/$remove_username/.config/tox/chatlogs/* shred -zu "/home/$remove_username/.config/tox/chatlogs/*"
rm -rf /home/$remove_username/.config/tox/chatlogs rm -rf "/home/$remove_username/.config/tox/chatlogs"
fi fi
shred -zu /home/$remove_username/.config/tox/* shred -zu "/home/$remove_username/.config/tox/*"
fi fi
} }
@ -87,27 +87,27 @@ function add_user_tox {
new_username="$1" new_username="$1"
# Note: password isn't used # Note: password isn't used
new_user_password="$2" #new_user_password="$2"
USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox
if [ ! -f $USER_TOX_FILE ]; then if [ ! -f "$USER_TOX_FILE" ]; then
mkdir -p /home/${new_username}/.config/tox mkdir -p "/home/${new_username}/.config/tox"
chown -R ${new_username}:${new_username} /home/${new_username}/.config chown -R "${new_username}":"${new_username}" "/home/${new_username}/.config"
su -c "toxid -u ${new_username} -n data" - $new_username su -c "toxid -u ${new_username} -n data" - "$new_username"
su -c "toxid --setuser ${new_username}" - $new_username su -c "toxid --setuser ${new_username}" - "$new_username"
fi fi
} }
function run_client_tox { function run_client_tox {
# create a tox user # create a tox user
USER_TOX_FILE=/home/${USER}/.config/tox/data.tox USER_TOX_FILE=/home/${USER}/.config/tox/data.tox
if [ ! -f $USER_TOX_FILE ]; then if [ ! -f "$USER_TOX_FILE" ]; then
mkdir -p /home/${USER}/.config/tox mkdir -p "/home/${USER}/.config/tox"
chown -R ${USER}:${USER} /home/${USER}/.config chown -R "${USER}":"${USER}" "/home/${USER}/.config"
toxid -u ${USER} -n data toxid -u "${USER}" -n data
toxid --setuser ${USER} toxid --setuser "${USER}"
fi fi
toxic -f $USER_TOX_FILE --force-tcp --SOCKS5-proxy 127.0.0.1 9050 toxic -f "$USER_TOX_FILE" --force-tcp --SOCKS5-proxy 127.0.0.1 9050
} }
function install_interactive_tox { function install_interactive_tox {
@ -121,16 +121,17 @@ function configure_interactive_tox {
fi fi
bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE) bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE)
dialog --title $"Tox Bootstrap Node ID" \ dialog --title $"Tox Bootstrap Node ID" \
--msgbox $"\n$bootstrap_id\n\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70 --msgbox $"\\n$bootstrap_id\\n\\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
} }
function mesh_tox_qtox { function mesh_tox_qtox {
if [ ! ${rootdir}$INSTALL_DIR ]; then # shellcheck disable=SC2154
if [ ! "${rootdir}$INSTALL_DIR" ]; then
INSTALL_DIR=${rootdir}/root/build INSTALL_DIR=${rootdir}/root/build
fi fi
if [ ! -d ${rootdir}$INSTALL_DIR ]; then if [ ! -d "${rootdir}$INSTALL_DIR" ]; then
mkdir -p ${rootdir}$INSTALL_DIR mkdir -p "${rootdir}$INSTALL_DIR"
fi fi
chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
@ -149,30 +150,30 @@ function mesh_tox_qtox {
chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
if [ -d /repos/qtox ]; then if [ -d /repos/qtox ]; then
mkdir ${rootdir}$INSTALL_DIR/qtox mkdir "${rootdir}$INSTALL_DIR/qtox"
cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox cp -r -p /repos/qtox/. "${rootdir}$INSTALL_DIR/qtox"
cd ${rootdir}$INSTALL_DIR/qtox cd "${rootdir}$INSTALL_DIR/qtox" || exit 264826826
git pull git pull
else else
git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox git clone "$QTOX_REPO" "${rootdir}$INSTALL_DIR/qtox"
fi fi
if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then if [ ! -d "${rootdir}$INSTALL_DIR/qtox" ]; then
exit 72428 exit 72428
fi fi
cd ${rootdir}${INSTALL_DIR}/qtox cd "${rootdir}${INSTALL_DIR}/qtox" || exit 235745728
git checkout $QTOX_COMMIT -b $QTOX_COMMIT git checkout $QTOX_COMMIT -b $QTOX_COMMIT
chroot ${rootdir} /bin/bash -x <<EOF chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/qtox cd ${INSTALL_DIR}/qtox
export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
cmake . cmake .
make make
make install make install
EOF EOF
if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then if [ ! -f "${rootdir}/usr/local/bin/qtox" ]; then
exit 75784 exit 75784
fi fi
cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox cp "${rootdir}/usr/local/bin/qtox" "${rootdir}/usr/bin/qtox"
} }
function reconfigure_tox { function reconfigure_tox {
@ -181,10 +182,10 @@ function reconfigure_tox {
function upgrade_tox { function upgrade_tox {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
if [[ $(commit_has_changed $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
cd $INSTALL_DIR/toxcore cd "$INSTALL_DIR/toxcore" || exit 53683563
sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
autoreconf -i autoreconf -i
./configure --enable-daemon ./configure --enable-daemon
make make
@ -194,9 +195,9 @@ function upgrade_tox {
fi fi
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO set_repo_commit "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
if [[ $(commit_has_changed $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then if [[ $(commit_has_changed "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
cd $INSTALL_DIR/toxic cd "$INSTALL_DIR/toxic" || exit 4684618
make make
make install make install
fi fi
@ -221,12 +222,11 @@ function backup_local_tox {
} }
function restore_local_tox { function restore_local_tox {
if [ -d $USB_MOUNT/backup/tox ]; then if [ -d "$USB_MOUNT/backup/tox" ]; then
echo $"Restoring Tox node settings" echo $"Restoring Tox node settings"
function_check restore_directory_from_usb function_check restore_directory_from_usb
#restore_directory_from_usb / tox #restore_directory_from_usb / tox
restore_directory_from_usb /var/lib/tox-bootstrapd tox if ! restore_directory_from_usb /var/lib/tox-bootstrapd tox; then
if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
function_check backup_unmount_drive function_check backup_unmount_drive
@ -234,8 +234,7 @@ function restore_local_tox {
exit 6393 exit 6393
fi fi
cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
systemctl restart tox-bootstrapd.service if ! systemctl restart tox-bootstrapd.service; then
if [ ! "$?" = "0" ]; then
systemctl status tox-bootstrapd.service systemctl status tox-bootstrapd.service
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -259,17 +258,15 @@ function backup_remote_tox {
} }
function restore_remote_tox { function restore_remote_tox {
if [ -d $SERVER_DIRECTORY/backup/tox ]; then if [ -d "$SERVER_DIRECTORY/backup/tox" ]; then
echo $"Restoring Tox node settings" echo $"Restoring Tox node settings"
function_check restore_directory_from_friend function_check restore_directory_from_friend
#restore_directory_from_friend / tox #restore_directory_from_friend / tox
restore_directory_from_friend /var/lib/tox-bootstrapd tox if ! restore_directory_from_friend /var/lib/tox-bootstrapd tox; then
if [ ! "$?" = "0" ]; then
exit 93653 exit 93653
fi fi
cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
systemctl restart tox-bootstrapd.service if ! systemctl restart tox-bootstrapd.service; then
if [ ! "$?" = "0" ]; then
systemctl status tox-bootstrapd.service systemctl status tox-bootstrapd.service
exit 59369 exit 59369
fi fi
@ -283,8 +280,7 @@ function remove_tox_node {
function_check remove_onion_service function_check remove_onion_service
remove_onion_service tox ${TOX_PORT} remove_onion_service tox ${TOX_PORT}
${PROJECT_NAME}-mesh-install -f tox_node --remove yes if ! "${PROJECT_NAME}-mesh-install" -f tox_node --remove yes; then
if [ ! "$?" = "0" ]; then
echo $'Failed to remove tox node' echo $'Failed to remove tox node'
exit 763836 exit 763836
fi fi
@ -293,21 +289,20 @@ function remove_tox_node {
} }
function remove_tox_avahi { function remove_tox_avahi {
cd $INSTALL_DIR/toxid cd "$INSTALL_DIR/toxid" || exit 82456275
make uninstall make uninstall
rm -rf $INSTALL_DIR/toxid rm -rf "$INSTALL_DIR/toxid"
sed -i '/tox_avahi/d' $COMPLETION_FILE sed -i '/tox_avahi/d' "$COMPLETION_FILE"
} }
function remove_tox_client { function remove_tox_client {
${PROJECT_NAME}-mesh-install -f tox_client --remove yes if ! "${PROJECT_NAME}-mesh-install" -f tox_client --remove yes; then
if [ ! "$?" = "0" ]; then
echo $'Could not remove Tox client' echo $'Could not remove Tox client'
exit 737253 exit 737253
fi fi
sed -i '/install_tox_client/d' $COMPLETION_FILE sed -i '/install_tox_client/d' "$COMPLETION_FILE"
sed -i '/Tox /d' $COMPLETION_FILE sed -i '/Tox /d' "$COMPLETION_FILE"
sed -i '/Toxic /d' $COMPLETION_FILE sed -i '/Toxic /d' "$COMPLETION_FILE"
} }
function remove_tox { function remove_tox {
@ -317,8 +312,8 @@ function remove_tox {
} }
function configure_firewall_for_tox { function configure_firewall_for_tox {
if [ ! $INSTALLING_MESH ]; then if [ ! "$INSTALLING_MESH" ]; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
fi fi
@ -331,21 +326,21 @@ function configure_firewall_for_tox {
return return
fi fi
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN TOX_PORT=$TOX_PORT_MAIN
fi fi
if [ ! $TOX_PORT ]; then if [ ! "$TOX_PORT" ]; then
echo $'No Tox port was specified' echo $'No Tox port was specified'
exit 32856 exit 32856
fi fi
firewall_add Tox ${TOX_PORT} firewall_add Tox "${TOX_PORT}"
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function tox_avahi { function tox_avahi {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
@ -355,24 +350,23 @@ function tox_avahi {
fi fi
# install a command to obtain the Tox ID # install a command to obtain the Tox ID
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 131497953
if [ -d /repos/toxid ]; then if [ -d /repos/toxid ]; then
mkdir $INSTALL_DIR/toxid mkdir "$INSTALL_DIR/toxid"
cp -r -p /repos/toxid/. $INSTALL_DIR/toxid cp -r -p /repos/toxid/. "$INSTALL_DIR/toxid"
cd $INSTALL_DIR/toxid cd "$INSTALL_DIR/toxid" || exit 468276424526
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $TOXID_REPO $INSTALL_DIR/toxid git_clone "$TOXID_REPO" "$INSTALL_DIR/toxid"
fi fi
if [ ! -d $INSTALL_DIR/toxid ]; then if [ ! -d "$INSTALL_DIR/toxid" ]; then
exit 63921 exit 63921
fi fi
cd $INSTALL_DIR/toxid cd "$INSTALL_DIR/toxid" || exit 4782462846
make if ! make; then
if [ ! "$?" = "0" ]; then
exit 58432 exit 58432
fi fi
make install make install
@ -387,7 +381,7 @@ function tox_avahi {
systemctl restart avahi-daemon systemctl restart avahi-daemon
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function install_tox_node { function install_tox_node {
@ -399,13 +393,13 @@ function install_tox_node {
mesh_tox_node mesh_tox_node
# onion address for bootstrapping # onion address for bootstrapping
TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT}) add_onion_service tox "${TOX_PORT}" "${TOX_PORT}"
systemctl restart tox-bootstrapd.service systemctl restart tox-bootstrapd.service
sleep 3 sleep 3
TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}') TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
echo $'Could not obtain the tox node public key' echo $'Could not obtain the tox node public key'
exit 6529 exit 6529
@ -435,58 +429,58 @@ function install_tox_client {
function mesh_tox_node { function mesh_tox_node {
# obtain commits from the main file # obtain commits from the main file
TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
fi fi
if [ ! $TOXCORE_COMMIT ]; then if [ ! "$TOXCORE_COMMIT" ]; then
echo $'No Tox commit was specified' echo $'No Tox commit was specified'
exit 76325 exit 76325
fi fi
TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}') TOXID_REPO_MAIN=$(grep "TOXID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
TOXID_REPO=$TOXID_REPO_MAIN TOXID_REPO=$TOXID_REPO_MAIN
fi fi
if [ ! $TOXID_REPO ]; then if [ ! "$TOXID_REPO" ]; then
echo $'No ToxID repo was specified' echo $'No ToxID repo was specified'
exit 78252 exit 78252
fi fi
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN TOX_PORT=$TOX_PORT_MAIN
fi fi
if [ ! $TOX_PORT ]; then if [ ! "$TOX_PORT" ]; then
echo $'No Tox port was specified' echo $'No Tox port was specified'
exit 32856 exit 32856
fi fi
TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}') TOXCORE_REPO_MAIN=$(grep "TOXCORE_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
TOXCORE_REPO=$TOXCORE_REPO_MAIN TOXCORE_REPO=$TOXCORE_REPO_MAIN
fi fi
if [ ! $TOXCORE_REPO ]; then if [ ! "$TOXCORE_REPO" ]; then
echo $'No Tox repo was specified' echo $'No Tox repo was specified'
exit 16865 exit 16865
fi fi
if [ ! $TOXCORE_COMMIT ]; then if [ ! "$TOXCORE_COMMIT" ]; then
echo $'No Tox commit was specified' echo $'No Tox commit was specified'
exit 76325 exit 76325
fi fi
if [ ! $TOXCORE_REPO ]; then if [ ! "$TOXCORE_REPO" ]; then
echo $'No Tox repo was specified' echo $'No Tox repo was specified'
exit 16865 exit 16865
fi fi
if [ $rootdir ]; then if [ "$rootdir" ]; then
chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev chroot "${rootdir}" apt-get -yq install build-essential libtool autotools-dev
chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
else else
apt-get -yq install build-essential libtool autotools-dev apt-get -yq install build-essential libtool autotools-dev
apt-get -yq install automake checkinstall check git yasm apt-get -yq install automake checkinstall check git yasm
@ -495,27 +489,26 @@ function mesh_tox_node {
apt-get -yq install libopus-dev libvpx-dev apt-get -yq install libopus-dev libvpx-dev
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR} ]; then if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
mkdir -p ${rootdir}${INSTALL_DIR} mkdir -p "${rootdir}${INSTALL_DIR}"
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then if [ ! -d "${rootdir}${INSTALL_DIR}/toxcore" ]; then
if [ -d /repos/toxcore ]; then if [ -d /repos/toxcore ]; then
mkdir ${rootdir}${INSTALL_DIR}/toxcore mkdir "${rootdir}${INSTALL_DIR}/toxcore"
cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore cp -r -p /repos/toxcore/. "${rootdir}${INSTALL_DIR}/toxcore"
cd ${rootdir}${INSTALL_DIR}/toxcore cd "${rootdir}${INSTALL_DIR}/toxcore" || exit 2468246284
git pull git pull
else else
git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore if ! git clone "${TOXCORE_REPO}" "${rootdir}${INSTALL_DIR}/toxcore"; then
if [ ! "$?" = "0" ]; then exit 4292521
exit 429252
fi fi
fi fi
fi fi
cd ${rootdir}$INSTALL_DIR/toxcore cd "${rootdir}$INSTALL_DIR/toxcore" || exit 46824624
git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT git checkout "$TOXCORE_COMMIT" -b "$TOXCORE_COMMIT"
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /bin/bash -x <<EOF chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/toxcore cd ${INSTALL_DIR}/toxcore
autoreconf -i autoreconf -i
./configure --enable-daemon ./configure --enable-daemon
@ -532,28 +525,28 @@ make install
EOF EOF
fi fi
cp $rootdir/usr/local/lib/libtoxcore* $rootdir/usr/lib/ cp "$rootdir/usr/local/lib/libtoxcore*" "$rootdir/usr/lib/"
cp ${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/ cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} systemctl enable tox-bootstrapd.service chroot "${rootdir}" systemctl enable tox-bootstrapd.service
else else
systemctl enable tox-bootstrapd.service systemctl enable tox-bootstrapd.service
fi fi
SECONDS=0 SECONDS=0
if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
duration=$SECONDS duration=$SECONDS
echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo $'Unable to make toxcore' echo $'Unable to make toxcore'
exit 73835 exit 73835
fi fi
duration=$SECONDS duration=$SECONDS
echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxcore compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd chroot "${rootdir}" /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd chroot "${rootdir}" /bin/chmod 700 /var/lib/tox-bootstrapd
else else
chmod 600 /etc/shadow chmod 600 /etc/shadow
chmod 600 /etc/gshadow chmod 600 /etc/gshadow
@ -564,87 +557,89 @@ EOF
fi fi
# remove Maildir # remove Maildir
if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then if [ -d "$rootdir/var/lib/tox-bootstrapd/Maildir" ]; then
rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir rm -rf "$rootdir/var/lib/tox-bootstrapd/Maildir"
fi fi
# create configuration file # create configuration file
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG { echo "port = $TOX_PORT";
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"';
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"';
echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_ipv6 = true';
echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_ipv4_fallback = true';
echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_lan_discovery = true';
echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_tcp_relay = true';
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG echo "tcp_relay_ports = [443, 3389, $TOX_PORT]";
echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_motd = true';
echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG echo 'motd = "tox-bootstrapd"'; } > "$TOX_BOOTSTRAP_CONFIG"
if [ $TOX_NODES ]; then if [ $TOX_NODES ]; then
echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG echo 'bootstrap_nodes = (' >> "$TOX_BOOTSTRAP_CONFIG"
toxcount=0 toxcount=0
while [ "x${TOX_NODES[toxcount]}" != "x" ] while [ "x${TOX_NODES[toxcount]}" != "x" ]
do do
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') # shellcheck disable=SC2102
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') nodes_str=$(echo $TOX_NODES[toxcount])
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') toxval_ipv4=$(awk "$nodes_str" -F ',' '{print $1}')
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') toxval_ipv6=$(awk "$nodes_str" -F ',' '{print $2}')
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') toxval_port=$(awk "$nodes_str" -F ',' '{print $3}')
echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG toxval_pubkey=$(awk "$nodes_str" -F ',' '{print $4}')
toxval_maintainer=$(awk "$nodes_str" -F ',' '{print $5}')
echo "{ // $toxval_maintainer" >> "$TOX_BOOTSTRAP_CONFIG"
if [[ $toxval_ipv6 != 'NONE' ]]; then if [[ $toxval_ipv6 != 'NONE' ]]; then
echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG echo " address = \"$toxval_ipv6\"" >> "$TOX_BOOTSTRAP_CONFIG"
else else
echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG echo " address = \"$toxval_ipv4\"" >> "$TOX_BOOTSTRAP_CONFIG"
fi fi
echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG echo " port = $toxval_port" >> "$TOX_BOOTSTRAP_CONFIG"
echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG echo " public_key = \"$toxval_pubkey\"" >> "$TOX_BOOTSTRAP_CONFIG"
toxcount=$(( $toxcount + 1 )) toxcount=$((toxcount + 1))
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
echo "}," >> $TOX_BOOTSTRAP_CONFIG echo "}," >> "$TOX_BOOTSTRAP_CONFIG"
else else
echo "}" >> $TOX_BOOTSTRAP_CONFIG echo "}" >> "$TOX_BOOTSTRAP_CONFIG"
fi fi
done done
echo ')' >> $TOX_BOOTSTRAP_CONFIG echo ')' >> "$TOX_BOOTSTRAP_CONFIG"
fi fi
if [ -f $rootdir/var/lib/tox-bootstrapd/keys ]; then if [ -f "$rootdir/var/lib/tox-bootstrapd/keys" ]; then
chmod 700 $rootdir/var/lib/tox-bootstrapd/keys chmod 700 "$rootdir/var/lib/tox-bootstrapd/keys"
fi fi
} }
function mesh_tox_avahi { function mesh_tox_avahi {
if [ ! -d $rootdir/etc/avahi ]; then if [ ! -d "$rootdir/etc/avahi" ]; then
echo $'tox_avahi: avahi is not installed' echo $'tox_avahi: avahi is not installed'
exit 87359 exit 87359
fi fi
if [ ! $TOXID_REPO ]; then if [ ! "$TOXID_REPO" ]; then
echo $'No ToxID repo was specified' echo $'No ToxID repo was specified'
exit 78252 exit 78252
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR} ]; then if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
mkdir -p ${rootdir}${INSTALL_DIR} mkdir -p "${rootdir}${INSTALL_DIR}"
fi fi
if [ -d /repos/toxid ]; then if [ -d /repos/toxid ]; then
mkdir ${rootdir}${INSTALL_DIR}/toxid mkdir "${rootdir}${INSTALL_DIR}/toxid"
cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid cp -r -p /repos/toxid/. "${rootdir}${INSTALL_DIR}/toxid"
cd ${rootdir}${INSTALL_DIR}/toxid cd "${rootdir}${INSTALL_DIR}/toxid" || exit 2468246
git pull git pull
else else
git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid git clone "${TOXID_REPO}" "${rootdir}${INSTALL_DIR}/toxid"
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then if [ ! -d "${rootdir}${INSTALL_DIR}/toxid" ]; then
echo $'Unable to clone toxid repo' echo $'Unable to clone toxid repo'
exit 768352 exit 768352
fi fi
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /bin/bash -x <<EOF chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/toxid cd ${INSTALL_DIR}/toxid
make make
make install make install
@ -657,45 +652,46 @@ make install
EOF EOF
fi fi
if [ ! -f $rootdir/usr/local/bin/toxid ]; then if [ ! -f "$rootdir/usr/local/bin/toxid" ]; then
echo $'toxid not found' echo $'toxid not found'
exit 74370 exit 74370
fi fi
if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then if [ ! -f "$rootdir/usr/local/bin/toxavahi" ]; then
exit 3621729 exit 3621729
fi fi
MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
echo '#!/bin/bash' > $MESH_SYNC_COMMAND { echo '#!/bin/bash';
echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND echo '/usr/local/bin/toxavahi 2> /dev/null';
echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
chmod +x $MESH_SYNC_COMMAND chmod +x "$MESH_SYNC_COMMAND"
if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab { echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null";
echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/cro echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
fi fi
} }
function mesh_tox_client { function mesh_tox_client {
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
# obtain commits from the main file # obtain commits from the main file
TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') TOXIC_COMMIT_MAIN=$(grep "TOXIC_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
fi fi
TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}') TOXIC_REPO_MAIN=$(grep "TOXIC_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
TOXIC_REPO=$TOXIC_REPO_MAIN TOXIC_REPO=$TOXIC_REPO_MAIN
fi fi
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
chroot ${rootdir} apt-get -yq install libqrencode-dev chroot "${rootdir}" apt-get -yq install libqrencode-dev
else else
apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
@ -704,57 +700,57 @@ function mesh_tox_client {
TEMP_SCRIPT_NAME=fbtmp728353.sh TEMP_SCRIPT_NAME=fbtmp728353.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT { echo '#!/bin/bash';
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT echo "mkdir -p $INSTALL_DIR";
echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT echo 'if [ -d /repos/toxic ]; then';
echo " mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " mkdir $INSTALL_DIR/toxic";
echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic";
echo " cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " cd $INSTALL_DIR/toxic";
echo ' git pull' >> $TEMP_SCRIPT echo ' git pull';
echo 'else' >> $TEMP_SCRIPT echo 'else';
echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic";
echo 'fi' >> $TEMP_SCRIPT echo 'fi';
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo "cd $INSTALL_DIR/toxic";
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
echo 'make' >> $TEMP_SCRIPT echo 'make';
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT echo 'if [ ! "$?" = "0" ]; then';
echo ' exit 1' >> $TEMP_SCRIPT echo ' exit 1';
echo 'fi' >> $TEMP_SCRIPT echo 'fi';
echo 'make install' >> $TEMP_SCRIPT echo 'make install';
echo 'exit 0' >> $TEMP_SCRIPT echo 'exit 0'; } > "$TEMP_SCRIPT"
chmod +x $TEMP_SCRIPT chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/ cp "$TEMP_SCRIPT" "$rootdir/root/"
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
SECONDS=0 SECONDS=0
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /root/$TEMP_SCRIPT_NAME chroot "${rootdir}" "/root/$TEMP_SCRIPT_NAME"
else else
/root/$TEMP_SCRIPT_NAME /root/$TEMP_SCRIPT_NAME
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
cat -n /root/fbtmp728353.sh cat -n /root/fbtmp728353.sh
duration=$SECONDS duration=$SECONDS
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxic client compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo $'Unable to make tox client' echo $'Unable to make tox client'
rm $TEMP_SCRIPT rm $TEMP_SCRIPT
exit 74872 exit 74872
fi fi
rm $TEMP_SCRIPT rm $TEMP_SCRIPT
if [ ! -f $rootdir$TOXIC_FILE ]; then if [ ! -f "$rootdir$TOXIC_FILE" ]; then
echo $"Tox client was not installed to $TOXIC_FILE" echo $"Tox client was not installed to $TOXIC_FILE"
exit 63278 exit 63278
fi fi
duration=$SECONDS duration=$SECONDS
echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxic client compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
} }
function enable_tox_repo { function enable_tox_repo {
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > "$rootdir/etc/apt/sources.list.d/tox.list"
cat >> "$rootdir/root/gettoxkey.sh" <<EOF
cat >> $rootdir/root/gettoxkey.sh <<EOF
#!/bin/bash #!/bin/bash
wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
apt-key add /root/tox.key apt-key add /root/tox.key
@ -769,30 +765,30 @@ EOF
function install_tox { function install_tox {
configure_firewall_for_tox configure_firewall_for_tox
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_tox_node mesh_tox_node
mesh_tox_avahi mesh_tox_avahi
mesh_tox_client mesh_tox_client
else else
avoid_tor_restart= avoid_tor_restart=
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
if [[ $ONION_ONLY != 'no' ]]; then if [[ $ONION_ONLY != 'no' ]]; then
avoid_tor_restart=1 avoid_tor_restart=1
fi fi
fi fi
if [ $avoid_tor_restart ]; then if [ $avoid_tor_restart ]; then
${PROJECT_NAME}-logging on --onion "${PROJECT_NAME}-logging" on --onion
else else
${PROJECT_NAME}-logging on "${PROJECT_NAME}-logging" on
fi fi
install_tox_node install_tox_node
if [ $avoid_tor_restart ]; then if [ $avoid_tor_restart ]; then
${PROJECT_NAME}-logging off --onion "${PROJECT_NAME}-logging" off --onion
else else
${PROJECT_NAME}-logging off "${PROJECT_NAME}-logging" off
fi fi
tox_avahi tox_avahi

View File

@ -68,22 +68,24 @@ function logging_off_turtl {
} }
function change_password_turtl { function change_password_turtl {
change_username="$1" echo -n ''
new_user_password="$2" # change_username="$1"
# new_user_password="$2"
} }
function remove_user_turtl { function remove_user_turtl {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_turtl { function add_user_turtl {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
function install_interactive_turtl { function install_interactive_turtl {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -128,7 +130,7 @@ function configure_interactive_turtl_signups {
dialog --title $"Allow new turtl signups" \ dialog --title $"Allow new turtl signups" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nAllow registration of new users?" 10 60 --yesno $"\\nAllow registration of new users?" 10 60
sel=$? sel=$?
case $sel in case $sel in
0) 0)
@ -146,15 +148,14 @@ function configure_interactive_turtl_signups {
} }
function configure_interactive_turtl_storage { function configure_interactive_turtl_storage {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Change storage limit" \ dialog --title $"Change storage limit" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>$data --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
STORAGE=$(<$data) STORAGE=$(<"$data")
if [ ${#STORAGE} -gt 0 ]; then if [ ${#STORAGE} -gt 0 ]; then
TURTL_STORAGE_LIMIT_MB=$STORAGE TURTL_STORAGE_LIMIT_MB=$STORAGE
sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
@ -164,27 +165,31 @@ function configure_interactive_turtl_storage {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_turtl { function configure_interactive_turtl {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"turtl app settings" \ --title $"turtl app settings" \
--radiolist $"Choose an operation:" 12 70 3 \ --radiolist $"Choose an operation:" 12 70 3 \
1 $"Enable/disable new user registrations" off \ 1 $"Enable/disable new user registrations" off \
2 $"Change storage limit" off \ 2 $"Change storage limit" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) configure_interactive_turtl_signups;; 1) configure_interactive_turtl_signups;;
2) configure_interactive_turtl_storage;; 2) configure_interactive_turtl_storage;;
3) return;; 3) rm -f "$data"
return;;
esac esac
rm -f "$data"
} }
function reconfigure_turtl { function reconfigure_turtl {
@ -255,7 +260,7 @@ function restore_local_turtl {
else else
cp -r ${temp_restore_dir}/* /etc/turtl/ cp -r ${temp_restore_dir}/* /etc/turtl/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -273,6 +278,7 @@ function restore_local_turtl {
cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/ cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -318,6 +324,7 @@ function restore_remote_turtl {
cp -r ${temp_restore_dir}/* /etc/turtl/ cp -r ${temp_restore_dir}/* /etc/turtl/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d /etc/turtl_previous ]; then if [ -d /etc/turtl_previous ]; then
mv /etc/turtl_previous $TURTL_BASE_DIR mv /etc/turtl_previous $TURTL_BASE_DIR
@ -338,6 +345,7 @@ function restore_remote_turtl {
cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/ cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
exit 26783 exit 26783
@ -358,7 +366,7 @@ function remove_turtl {
remove_rethinkdb remove_rethinkdb
remove_app turtl remove_app turtl
remove_completion_param install_turtl remove_completion_param install_turtl
sed -i '/turtl/d' $COMPLETION_FILE sed -i '/turtl/d' "$COMPLETION_FILE"
nginx_dissite $TURTL_DOMAIN_NAME nginx_dissite $TURTL_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@ -444,18 +452,18 @@ __ENDCONFIG__
exit 6238234 exit 6238234
fi fi
echo '[Unit]' > /etc/systemd/system/turtl.service { echo '[Unit]';
echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service echo 'Description=Note taking service';
echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service echo 'Documentation=http://turtl.it';
echo 'Requires=network.target' >> /etc/systemd/system/turtl.service echo 'Requires=network.target';
echo 'Requires=rethinkdb.service' >> /etc/systemd/system/turtl.service echo 'Requires=rethinkdb.service';
echo 'After=network.target' >> /etc/systemd/system/turtl.service echo 'After=network.target';
echo 'After=rethinkdb.service' >> /etc/systemd/system/turtl.service echo 'After=rethinkdb.service';
echo '' >> /etc/systemd/system/turtl.service echo '';
echo '[Service]' >> /etc/systemd/system/turtl.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/turtl.service echo 'Type=simple';
echo 'User=turtl' >> /etc/systemd/system/turtl.service echo 'User=turtl';
echo "WorkingDirectory=$TURTL_BASE_DIR/api/" >> /etc/systemd/system/turtl.service echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service
if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
@ -466,9 +474,9 @@ __ENDCONFIG__
echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
fi fi
fi fi
echo '' >> /etc/systemd/system/turtl.service { echo '';
echo '[Install]' >> /etc/systemd/system/turtl.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turtl.service echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
chmod +x /etc/systemd/system/turtl.service chmod +x /etc/systemd/system/turtl.service
chown -R turtl:turtl $TURTL_BASE_DIR chown -R turtl:turtl $TURTL_BASE_DIR
@ -484,7 +492,7 @@ function install_turtl_api {
if [ ! -d $TURTL_BASE_DIR ]; then if [ ! -d $TURTL_BASE_DIR ]; then
mkdir -p $TURTL_BASE_DIR mkdir -p $TURTL_BASE_DIR
fi fi
cd $TURTL_BASE_DIR cd "$TURTL_BASE_DIR" || exit 745726542
mkdir cd $TURTL_BASE_DIR/data mkdir cd $TURTL_BASE_DIR/data
check_architecture=$(uname -a) check_architecture=$(uname -a)
@ -600,21 +608,21 @@ __ENDCONFIG__
chown -R rethinkdb:rethinkdb /var/lib/rethinkdb chown -R rethinkdb:rethinkdb /var/lib/rethinkdb
# install turtl API # install turtl API
cd $TURTL_BASE_DIR/ cd "$TURTL_BASE_DIR/" || exit 6428462
if [ -d /repos/turtl ]; then if [ -d /repos/turtl ]; then
mkdir $TURTL_BASE_DIR/api mkdir $TURTL_BASE_DIR/api
cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
cd $TURTL_BASE_DIR/api cd "$TURTL_BASE_DIR/api" || exit 57141845
git pull git pull
else else
git clone $TURTL_REPO $TURTL_BASE_DIR/api git clone $TURTL_REPO $TURTL_BASE_DIR/api
fi fi
cd $TURTL_BASE_DIR/api cd "$TURTL_BASE_DIR/api" || exit 35814614
git checkout $TURTL_COMMIT -b $TURTL_COMMIT git checkout $TURTL_COMMIT -b $TURTL_COMMIT
set_completion_param "turtl commit" "$TURTL_COMMIT" set_completion_param "turtl commit" "$TURTL_COMMIT"
cd $TURTL_BASE_DIR/quicklisp/local-projects cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
git clone git://github.com/orthecreedence/cl-hash-util git clone git://github.com/orthecreedence/cl-hash-util
if [[ "$check_architecture" != *"arm"* ]]; then if [[ "$check_architecture" != *"arm"* ]]; then
if [[ "$check_architecture" == *"64"* ]]; then if [[ "$check_architecture" == *"64"* ]]; then
@ -627,20 +635,20 @@ __ENDCONFIG__
fi fi
# config # config
echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"' > $TURTL_BASE_DIR/api/config/config.footer { echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"';
echo ' "When set, will enable CORS for resource:// origins if they match the given' >> $TURTL_BASE_DIR/api/config/config.footer echo ' "When set, will enable CORS for resource:// origins if they match the given';
echo ' string. Entries should be comma separated (this string is passed verbatim in' >> $TURTL_BASE_DIR/api/config/config.footer echo ' string. Entries should be comma separated (this string is passed verbatim in';
echo ' the Access-Control-Allow-Origin header).")' >> $TURTL_BASE_DIR/api/config/config.footer echo ' the Access-Control-Allow-Origin header).")';
echo '(defparameter *public-actions*' >> $TURTL_BASE_DIR/api/config/config.footer echo '(defparameter *public-actions*';
echo " \`((:post . ,(concatenate 'string *api-path* \"/users\"))" >> $TURTL_BASE_DIR/api/config/config.footer echo " \`((:post . ,(concatenate 'string *api-path* \"/users\"))";
echo " (:post . ,(concatenate 'string *api-path* \"/log/error\"))" >> $TURTL_BASE_DIR/api/config/config.footer echo " (:post . ,(concatenate 'string *api-path* \"/log/error\"))";
echo ' (:post . "/cla/sign")' >> $TURTL_BASE_DIR/api/config/config.footer echo ' (:post . "/cla/sign")';
echo ' (:get . "/ping")' >> $TURTL_BASE_DIR/api/config/config.footer echo ' (:get . "/ping")';
echo ' (:get . "/admin")' >> $TURTL_BASE_DIR/api/config/config.footer echo ' (:get . "/admin")';
echo " (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))" >> $TURTL_BASE_DIR/api/config/config.footer echo " (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))";
echo " \"A list of public resources/actions that do not require authentication.\")" >> $TURTL_BASE_DIR/api/config/config.footer echo " \"A list of public resources/actions that do not require authentication.\")";
echo "(defvar *analytics* '(:enabled t" >> $TURTL_BASE_DIR/api/config/config.footer echo "(defvar *analytics* '(:enabled t";
echo ' :db "analytics"))' >> $TURTL_BASE_DIR/api/config/config.footer echo ' :db "analytics"))'; } > "$TURTL_BASE_DIR/api/config/config.footer"
cp $TURTL_BASE_DIR/asdf.lisp $TURTL_BASE_DIR/api cp $TURTL_BASE_DIR/asdf.lisp $TURTL_BASE_DIR/api
echo '(load (compile-file "asdf.lisp"))' > $TURTL_BASE_DIR/api/launch.lisp echo '(load (compile-file "asdf.lisp"))' > $TURTL_BASE_DIR/api/launch.lisp
@ -657,54 +665,54 @@ function install_turtl_nginx {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $TURTL_DOMAIN_NAME nginx_http_redirect $TURTL_DOMAIN_NAME
echo 'server {' >> $turtl_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $turtl_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $turtl_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name ${TURTL_DOMAIN_NAME};" >> $turtl_nginx_site echo " server_name ${TURTL_DOMAIN_NAME};";
echo '' >> $turtl_nginx_site echo '';
echo ' # Security' >> $turtl_nginx_site echo ' # Security'; } >> "$turtl_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $TURTL_DOMAIN_NAME nginx_ssl $TURTL_DOMAIN_NAME
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME nginx_disable_sniffing $TURTL_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turtl_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $turtl_nginx_site echo '';
echo ' # Logs' >> $turtl_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $turtl_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $turtl_nginx_site echo ' error_log /dev/null;';
echo '' >> $turtl_nginx_site echo '';
echo ' location / {' >> $turtl_nginx_site echo ' location / {'; } >> "$turtl_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $TURTL_DOMAIN_NAME '15m' nginx_limits $TURTL_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site { echo " proxy_pass http://localhost:${TURTL_PORT}/;";
echo ' proxy_set_header Host $host;' >> $turtl_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;' >> $turtl_nginx_site echo ' proxy_buffering off;';
echo ' }' >> $turtl_nginx_site echo ' }';
echo '}' >> $turtl_nginx_site echo '}'; } >> "$turtl_nginx_site"
else else
echo -n '' > $turtl_nginx_site echo -n '' > $turtl_nginx_site
fi fi
echo 'server {' >> $turtl_nginx_site { echo 'server {';
echo " listen 127.0.0.1:${TURTL_ONION_PORT};" >> $turtl_nginx_site echo " listen 127.0.0.1:${TURTL_ONION_PORT};";
echo " server_name ${TURTL_ONION_HOSTNAME};" >> $turtl_nginx_site echo " server_name ${TURTL_ONION_HOSTNAME};";
echo '' >> $turtl_nginx_site echo ''; } >> $turtl_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME nginx_disable_sniffing $TURTL_DOMAIN_NAME
echo '' >> $turtl_nginx_site { echo '';
echo ' # Logs' >> $turtl_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $turtl_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $turtl_nginx_site echo ' error_log /dev/null;';
echo '' >> $turtl_nginx_site echo '';
echo ' location / {' >> $turtl_nginx_site echo ' location / {'; } >> $turtl_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $TURTL_DOMAIN_NAME '15m' nginx_limits $TURTL_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site { echo " proxy_pass http://localhost:${TURTL_PORT}/;";
echo ' proxy_set_header Host $host;' >> $turtl_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;' >> $turtl_nginx_site echo ' proxy_buffering off;';
echo ' }' >> $turtl_nginx_site echo ' }';
echo '}' >> $turtl_nginx_site echo '}'; } >> $turtl_nginx_site
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $TURTL_DOMAIN_NAME add_ddns_domain $TURTL_DOMAIN_NAME

View File

@ -62,27 +62,27 @@ function backup_local_vim {
echo $"Backing up Vim config for $USERNAME" echo $"Backing up Vim config for $USERNAME"
# create a temporary directory # create a temporary directory
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# copy config files into the directory # copy config files into the directory
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# backup the directory # backup the directory
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME backup_directory_to_usb "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
# remove temporary directory # remove temporary directory
if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
fi fi
fi fi
done done
@ -90,24 +90,25 @@ function backup_local_vim {
function restore_local_vim { function restore_local_vim {
temp_restore_dir=/root/tempvim temp_restore_dir=/root/tempvim
if [ -d $USB_MOUNT/backup/vim ]; then if [ -d "$USB_MOUNT/backup/vim" ]; then
for d in $USB_MOUNT/backup/vim/*/ ; do for d in $USB_MOUNT/backup/vim/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Vim config for $USERNAME" echo $"Restoring Vim config for $USERNAME"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir vim/$USERNAME restore_directory_from_usb "$temp_restore_dir" "vim/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -116,14 +117,14 @@ function restore_local_vim {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
fi fi
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
fi fi
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
done done
@ -137,27 +138,27 @@ function backup_remote_vim {
echo $"Backing up Vim config for $USERNAME" echo $"Backing up Vim config for $USERNAME"
# create a temporary directory # create a temporary directory
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# copy config files into the directory # copy config files into the directory
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# backup the directory # backup the directory
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME backup_directory_to_friend "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
# remove temporary directory # remove temporary directory
if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
fi fi
fi fi
done done
@ -165,24 +166,25 @@ function backup_remote_vim {
function restore_remote_vim { function restore_remote_vim {
temp_restore_dir=/root/tempvim temp_restore_dir=/root/tempvim
if [ -d $USB_MOUNT/backup/vim ]; then if [ -d "$USB_MOUNT/backup/vim" ]; then
for d in $USB_MOUNT/backup/vim/*/ ; do for d in $USB_MOUNT/backup/vim/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Vim config for $USERNAME" echo $"Restoring Vim config for $USERNAME"
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir vim/$USERNAME restore_directory_from_friend "$temp_restore_dir vim/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -191,14 +193,14 @@ function restore_remote_vim {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
fi fi
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
fi fi
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
done done
@ -210,7 +212,7 @@ function remove_vim {
# This may change with Debian Stretch # This may change with Debian Stretch
# apt-get -yq remove --purge vim # apt-get -yq remove --purge vim
update-alternatives --set editor /usr/bin/nano update-alternatives --set editor /usr/bin/nano
sed -i '/install_vim/d' $COMPLETION_FILE sed -i '/install_vim/d' "$COMPLETION_FILE"
# remove Vim as the mutt email editor # remove Vim as the mutt email editor
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
@ -220,9 +222,9 @@ function remove_vim {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q "set editor=" /home/$USERNAME/.muttrc; then if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
sed -i '/set editor=/d' /home/$USERNAME/.muttrc sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
fi fi
fi fi
fi fi
@ -244,11 +246,11 @@ function install_vim {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
echo "set editor=\"$VIM_MUTT_EDITOR\"" >> /home/$USERNAME/.muttrc echo "set editor=\"$VIM_MUTT_EDITOR\"" >> "/home/$USERNAME/.muttrc"
else else
sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" /home/$USERNAME/.muttrc sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" "/home/$USERNAME/.muttrc"
fi fi
fi fi
fi fi

View File

@ -82,23 +82,24 @@ function install_interactive_vpn {
VPN_DETAILS_COMPLETE= VPN_DETAILS_COMPLETE=
while [ ! $VPN_DETAILS_COMPLETE ] while [ ! $VPN_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}') currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}')
if [ $currtlsport ]; then if [ "$currtlsport" ]; then
VPN_TLS_PORT=$currtlsport VPN_TLS_PORT=$currtlsport
fi fi
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"VPN Configuration" \ --title $"VPN Configuration" \
--form $"\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \ --form $"\\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
$"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \ $"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
tlsport=$(cat $data | sed -n 1p) tlsport=$(sed -n 1p < "$data")
if [ ${#tlsport} -gt 1 ]; then if [ ${#tlsport} -gt 1 ]; then
if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then
VPN_TLS_PORT="$tlsport" VPN_TLS_PORT="$tlsport"
@ -106,27 +107,27 @@ function install_interactive_vpn {
write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT" write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
fi fi
fi fi
rm -f "$data"
done done
clear clear
APP_INSTALLED=1 APP_INSTALLED=1
} }
function vpn_change_tls_port { function vpn_change_tls_port {
if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then if ! grep -q "VPN-TLS" "$FIREWALL_CONFIG"; then
EXISTING_VPN_TLS_PORT=443 EXISTING_VPN_TLS_PORT=443
else else
EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}') EXISTING_VPN_TLS_PORT=$(grep "VPN-TLS" "$FIREWALL_CONFIG" | awk -F '=' '{print $2}')
fi fi
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"VPN Configuration" \ dialog --title $"VPN Configuration" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data --inputbox $'Change TLS port' 10 50 "$EXISTING_VPN_TLS_PORT" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
tlsport=$(<$data) tlsport=$(<"$data")
if [ ${#tlsport} -gt 0 ]; then if [ ${#tlsport} -gt 0 ]; then
if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then
clear clear
@ -137,22 +138,22 @@ function vpn_change_tls_port {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/stunnel-client.conf ]; then if [ -f "/home/$USERNAME/stunnel-client.conf" ]; then
cp /etc/stunnel/stunnel-client.conf /home/$USERNAME/stunnel-client.conf cp "/etc/stunnel/stunnel-client.conf" "/home/$USERNAME/stunnel-client.conf"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel-client.conf chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel-client.conf"
fi fi
done done
if [ $VPN_TLS_PORT -eq 443 ]; then if [ "$VPN_TLS_PORT" -eq 443 ]; then
if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT} firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
fi fi
systemctl stop nginx systemctl stop nginx
systemctl disable nginx systemctl disable nginx
else else
if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT} firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
firewall_add VPN-TLS ${VPN_TLS_PORT} tcp firewall_add VPN-TLS "${VPN_TLS_PORT}" tcp
fi fi
systemctl enable nginx systemctl enable nginx
systemctl restart nginx systemctl restart nginx
@ -160,7 +161,7 @@ function vpn_change_tls_port {
systemctl restart stunnel systemctl restart stunnel
if [ $VPN_TLS_PORT -eq 443 ]; then if [ "$VPN_TLS_PORT" -eq 443 ]; then
dialog --title $"VPN Configuration" \ dialog --title $"VPN Configuration" \
--msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60 --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
else else
@ -171,52 +172,56 @@ function vpn_change_tls_port {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function vpn_regenerate_client_keys { function vpn_regenerate_client_keys {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Regenerate VPN keys for a user" \ dialog --title $"Regenerate VPN keys for a user" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'username' 10 50 2>$data --inputbox $'username' 10 50 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
USERNAME=$(<$data) USERNAME=$(<"$data")
if [ ${#USERNAME} -gt 0 ]; then if [ ${#USERNAME} -gt 0 ]; then
if [ -d /home/$USERNAME ]; then if [ -d "/home/$USERNAME" ]; then
clear clear
create_user_vpn_key $USERNAME create_user_vpn_key "$USERNAME"
dialog --title $"Regenerate VPN keys for a user" \ dialog --title $"Regenerate VPN keys for a user" \
--msgbox $"VPN keys were regenerated for $USERNAME" 6 60 --msgbox $"VPN keys were regenerated for $USERNAME" 6 60
fi fi
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_vpn { function configure_interactive_vpn {
read_config_param VPN_TLS_PORT read_config_param VPN_TLS_PORT
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"VPN Configuration" \ --title $"VPN Configuration" \
--radiolist $"Choose an operation:" 13 70 3 \ --radiolist $"Choose an operation:" 13 70 3 \
1 $"Change TLS port (currently $VPN_TLS_PORT)" off \ 1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
2 $"Regenerate keys for a user" off \ 2 $"Regenerate keys for a user" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) vpn_change_tls_port;; 1) vpn_change_tls_port;;
2) vpn_regenerate_client_keys;; 2) vpn_regenerate_client_keys;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -231,8 +236,8 @@ function upgrade_vpn {
function backup_local_vpn { function backup_local_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
fi fi
done done
@ -252,9 +257,9 @@ function restore_local_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi fi
done done
fi fi
@ -265,13 +270,13 @@ function restore_local_vpn {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/stunnel.pem ]; then if [ -f "/home/$USERNAME/stunnel.pem" ]; then
cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
fi fi
if [ -f /home/$USERNAME/stunnel.p12 ]; then if [ -f "/home/$USERNAME/stunnel.p12" ]; then
cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12 chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
fi fi
done done
fi fi
@ -280,8 +285,8 @@ function restore_local_vpn {
function backup_remote_vpn { function backup_remote_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
fi fi
done done
@ -301,9 +306,9 @@ function restore_remote_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi fi
done done
fi fi
@ -314,13 +319,13 @@ function restore_remote_vpn {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/stunnel.pem ]; then if [ -f "/home/$USERNAME/stunnel.pem" ]; then
cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
fi fi
if [ -f /home/$USERNAME/stunnel.p12 ]; then if [ -f "/home/$USERNAME/stunnel.p12" ]; then
cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12 chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
fi fi
done done
fi fi
@ -332,8 +337,8 @@ function remove_vpn {
rm /etc/systemd/system/stunnel.service rm /etc/systemd/system/stunnel.service
systemctl stop openvpn systemctl stop openvpn
if [ $VPN_TLS_PORT -ne 443 ]; then if [ "$VPN_TLS_PORT" -ne 443 ]; then
firewall_remove VPN-TLS $VPN_TLS_PORT firewall_remove VPN-TLS "$VPN_TLS_PORT"
else else
systemctl enable nginx systemctl enable nginx
systemctl restart nginx systemctl restart nginx
@ -354,10 +359,10 @@ function remove_vpn {
# remove any client keys # remove any client keys
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi fi
rm /home/$USERNAME/stunnel* rm "/home/$USERNAME/stunnel*"
done done
userdel -f vpn userdel -f vpn
groupdel -f vpn groupdel -f vpn
@ -370,107 +375,108 @@ function remove_vpn {
function create_user_vpn_key { function create_user_vpn_key {
username=$1 username=$1
if [ ! -d /home/$username ]; then if [ ! -d "/home/$username" ]; then
return return
fi fi
echo $"Creating VPN key for $username" echo $"Creating VPN key for $username"
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa || exit 4728468246
if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
rm /etc/openvpn/easy-rsa/keys/$username.crt rm "/etc/openvpn/easy-rsa/keys/$username.crt"
fi fi
if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
rm /etc/openvpn/easy-rsa/keys/$username.key rm "/etc/openvpn/easy-rsa/keys/$username.key"
fi fi
if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
rm /etc/openvpn/easy-rsa/keys/$username.csr rm "/etc/openvpn/easy-rsa/keys/$username.csr"
fi fi
sed -i 's| --interact||g' build-key sed -i 's| --interact||g' build-key
./build-key "$username" ./build-key "$username"
if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
echo $'VPN user cert not generated' echo $'VPN user cert not generated'
exit 783528 exit 783528
fi fi
user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt) user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
if [ ${#user_cert} -lt 10 ]; then if [ ${#user_cert} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/$username.crt cat "/etc/openvpn/easy-rsa/keys/$username.crt"
echo $'User cert generation failed' echo $'User cert generation failed'
exit 634659 exit 634659
fi fi
if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
echo $'VPN user key not generated' echo $'VPN user key not generated'
exit 682523 exit 682523
fi fi
user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key) user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
if [ ${#user_key} -lt 10 ]; then if [ ${#user_key} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/$username.key cat "/etc/openvpn/easy-rsa/keys/$username.key"
echo $'User key generation failed' echo $'User key generation failed'
exit 285838 exit 285838
fi fi
user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
echo 'client' > $user_vpn_cert_file { echo 'client';
echo 'dev tun' >> $user_vpn_cert_file echo 'dev tun';
echo 'proto tcp' >> $user_vpn_cert_file echo 'proto tcp';
echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file echo "remote localhost $STUNNEL_PORT";
echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
echo 'resolv-retry infinite' >> $user_vpn_cert_file echo 'resolv-retry infinite';
echo 'nobind' >> $user_vpn_cert_file echo 'nobind';
echo 'tun-mtu 1500' >> $user_vpn_cert_file echo 'tun-mtu 1500';
echo 'tun-mtu-extra 32' >> $user_vpn_cert_file echo 'tun-mtu-extra 32';
echo 'mssfix 1450' >> $user_vpn_cert_file echo 'mssfix 1450';
echo 'persist-key' >> $user_vpn_cert_file echo 'persist-key';
echo 'persist-tun' >> $user_vpn_cert_file echo 'persist-tun';
echo 'auth-nocache' >> $user_vpn_cert_file echo 'auth-nocache';
echo 'remote-cert-tls server' >> $user_vpn_cert_file echo 'remote-cert-tls server';
echo 'comp-lzo' >> $user_vpn_cert_file echo 'comp-lzo';
echo 'verb 3' >> $user_vpn_cert_file echo 'verb 3';
echo '' >> $user_vpn_cert_file echo ''; } > "$user_vpn_cert_file"
echo '<ca>' >> $user_vpn_cert_file {
cat /etc/openvpn/ca.crt >> $user_vpn_cert_file echo '<ca>';
echo '</ca>' >> $user_vpn_cert_file cat /etc/openvpn/ca.crt;
echo '</ca>';
echo '<cert>' >> $user_vpn_cert_file echo '<cert>';
cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file cat "/etc/openvpn/easy-rsa/keys/$username.crt;"
echo '</cert>' >> $user_vpn_cert_file echo '</cert>';
echo '<key>' >> $user_vpn_cert_file echo '<key>';
cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file cat "/etc/openvpn/easy-rsa/keys/$username.key;"
echo '</key>' >> $user_vpn_cert_file echo '</key>'; } >> "$user_vpn_cert_file"
chown $username:$username $user_vpn_cert_file chown "$username":"$username" "$user_vpn_cert_file"
# keep a backup # keep a backup
cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
#rm /etc/openvpn/easy-rsa/keys/$username.crt #rm /etc/openvpn/easy-rsa/keys/$username.crt
#rm /etc/openvpn/easy-rsa/keys/$username.csr #rm /etc/openvpn/easy-rsa/keys/$username.csr
shred -zu /etc/openvpn/easy-rsa/keys/$username.key shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
echo $"VPN key created at $user_vpn_cert_file" echo $"VPN key created at $user_vpn_cert_file"
} }
function add_user_vpn { function add_user_vpn {
new_username="$1" new_username="$1"
new_user_password="$2" # new_user_password="$2"
create_user_vpn_key $new_username create_user_vpn_key "$new_username"
if [ -f /etc/stunnel/stunnel.pem ]; then if [ -f /etc/stunnel/stunnel.pem ]; then
cp /etc/stunnel/stunnel.pem /home/$new_username/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$new_username/stunnel.pem"
chown $new_username:$new_username /home/$new_username/stunnel.pem chown "$new_username":"$new_username" "/home/$new_username/stunnel.pem"
fi fi
if [ -f /etc/stunnel/stunnel.p12 ]; then if [ -f /etc/stunnel/stunnel.p12 ]; then
cp /etc/stunnel/stunnel.p12 /home/$new_username/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$new_username/stunnel.p12"
chown $new_username:$new_username /home/$new_username/stunnel.p12 chown "$new_username":"$new_username" "/home/$new_username/stunnel.p12"
fi fi
cp /etc/stunnel/stunnel-client.conf /home/$new_username/stunnel-client.conf cp /etc/stunnel/stunnel-client.conf "/home/$new_username/stunnel-client.conf"
chown $new_username:$new_username /home/$new_username/stunnel-client.conf chown "$new_username":"$new_username" "/home/$new_username/stunnel-client.conf"
} }
function remove_user_vpn { function remove_user_vpn {
@ -516,15 +522,16 @@ function generate_stunnel_keys {
fi fi
chmod 640 /etc/stunnel/stunnel.p12 chmod 640 /etc/stunnel/stunnel.p12
cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$MY_USERNAME/stunnel.pem"
cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$MY_USERNAME/stunnel.p12"
chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel* chown "$MY_USERNAME":"$MY_USERNAME" "$prefix/home/$MY_USERNAME/stunnel*"
} }
function install_stunnel { function install_stunnel {
prefix= prefix=
prefixchroot= prefixchroot=
if [ $rootdir ]; then # shellcheck disable=SC2154
if [ "$rootdir" ]; then
prefix=$rootdir prefix=$rootdir
prefixchroot="chroot $rootdir" prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@ -532,53 +539,53 @@ function install_stunnel {
$prefixchroot apt-get -yq install stunnel4 $prefixchroot apt-get -yq install stunnel4
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
cd /etc/stunnel cd /etc/stunnel || exit 46284624
generate_stunnel_keys generate_stunnel_keys
fi fi
echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf { echo 'chroot = /var/lib/stunnel4';
echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf echo 'pid = /stunnel4.pid';
echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf echo 'setuid = stunnel4';
echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf echo 'setgid = stunnel4';
echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf echo 'socket = l:TCP_NODELAY=1';
echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf echo 'socket = r:TCP_NODELAY=1';
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf echo 'cert = /etc/stunnel/stunnel.pem';
echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf echo '[openvpn]';
echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf echo "accept = $VPN_TLS_PORT";
echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf echo 'connect = localhost:1194';
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf echo 'cert = /etc/stunnel/stunnel.pem';
echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel.conf"
sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4 sed -i 's|ENABLED=.*|ENABLED=1|g' "$prefix/etc/default/stunnel4"
echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf { echo '[openvpn]';
echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf echo 'client = yes';
echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "accept = $STUNNEL_PORT";
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT";
echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf echo 'cert = stunnel.pem';
echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel-client.conf"
echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service { echo '[Unit]';
echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service echo 'Description=SSL tunnel for network daemons';
echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html';
echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service echo 'DefaultDependencies=no';
echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service echo 'After=network.target';
echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service echo 'After=syslog.target';
echo '' >> $prefix/etc/systemd/system/stunnel.service echo '';
echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service echo 'WantedBy=multi-user.target';
echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service echo 'Alias=stunnel.target';
echo '' >> $prefix/etc/systemd/system/stunnel.service echo '';
echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service echo '[Service]';
echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service echo 'Type=forking';
echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service echo 'RuntimeDirectory=stunnel';
echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf';
echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf';
echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service echo 'ExecStop=/usr/bin/killall -9 stunnel';
echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service echo 'RemainAfterExit=yes'; } > "$prefix/etc/systemd/system/stunnel.service"
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
if [ $VPN_TLS_PORT -eq 443 ]; then if [ $VPN_TLS_PORT -eq 443 ]; then
systemctl stop nginx systemctl stop nginx
systemctl disable nginx systemctl disable nginx
@ -591,15 +598,15 @@ function install_stunnel {
systemctl daemon-reload systemctl daemon-reload
systemctl start stunnel systemctl start stunnel
cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf cp /etc/stunnel/stunnel-client.conf "/home/$MY_USERNAME/stunnel-client.conf"
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel* chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/stunnel*"
fi fi
} }
function vpn_generate_keys { function vpn_generate_keys {
# generate host keys # generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then if [ ! -f /etc/openvpn/dh2048.pem ]; then
${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem "${PROJECT_NAME}-dhparam" -o /etc/openvpn/dh2048.pem
fi fi
if [ ! -f /etc/openvpn/dh2048.pem ]; then if [ ! -f /etc/openvpn/dh2048.pem ]; then
echo $'vpn dhparams were not generated' echo $'vpn dhparams were not generated'
@ -607,7 +614,8 @@ function vpn_generate_keys {
fi fi
cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa || exit 5628756256
# shellcheck disable=SC1091
. ./vars . ./vars
./clean-all ./clean-all
vpn_openssl_version='1.0.0' vpn_openssl_version='1.0.0'
@ -651,13 +659,13 @@ function vpn_generate_keys {
fi fi
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
create_user_vpn_key ${MY_USERNAME} create_user_vpn_key "${MY_USERNAME}"
} }
function install_vpn { function install_vpn {
prefix= prefix=
prefixchroot= prefixchroot=
if [ $rootdir ]; then if [ "$rootdir" ]; then
prefix=$rootdir prefix=$rootdir
prefixchroot="chroot $rootdir" prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@ -668,50 +676,50 @@ function install_vpn {
$prefixchroot useradd -r -s /bin/false -g vpn vpn $prefixchroot useradd -r -s /bin/false -g vpn vpn
# server configuration # server configuration
echo 'port 1194' > $prefix/etc/openvpn/server.conf { echo 'port 1194';
echo 'proto tcp' >> $prefix/etc/openvpn/server.conf echo 'proto tcp';
echo 'dev tun' >> $prefix/etc/openvpn/server.conf echo 'dev tun';
echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf echo 'tun-mtu 1500';
echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf echo 'tun-mtu-extra 32';
echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf echo 'mssfix 1450';
echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf echo 'ca /etc/openvpn/ca.crt';
echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf echo 'cert /etc/openvpn/server.crt';
echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf echo 'key /etc/openvpn/server.key';
echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf echo 'dh /etc/openvpn/dh2048.pem';
echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf echo 'server 10.8.0.0 255.255.255.0';
echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp"';
echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf echo "push \"dhcp-option DNS 85.214.73.63\"";
echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf echo "push \"dhcp-option DNS 213.73.91.35\"";
echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf echo 'keepalive 5 30';
echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf echo 'comp-lzo';
echo 'persist-key' >> $prefix/etc/openvpn/server.conf echo 'persist-key';
echo 'persist-tun' >> $prefix/etc/openvpn/server.conf echo 'persist-tun';
echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf echo 'status /dev/null';
echo 'verb 3' >> $prefix/etc/openvpn/server.conf echo 'verb 3';
echo '' >> $prefix/etc/openvpn/server.conf echo ''; } > "$prefix/etc/openvpn/server.conf"
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
fi fi
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' "$prefix/etc/sysctl.conf"
cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn cp -r "$prefix/usr/share/easy-rsa/" "$prefix/etc/openvpn"
if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then if [ ! -d "$prefix/etc/openvpn/easy-rsa/keys" ]; then
mkdir $prefix/etc/openvpn/easy-rsa/keys mkdir "$prefix/etc/openvpn/easy-rsa/keys"
fi fi
# keys configuration # keys configuration
sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
vpn_generate_keys vpn_generate_keys
firewall_enable_vpn firewall_enable_vpn
@ -724,7 +732,7 @@ function install_vpn {
install_stunnel install_stunnel
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
systemctl restart openvpn systemctl restart openvpn
fi fi

View File

@ -1,498 +0,0 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Wekan kanban
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS=''
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
WEKAN_DOMAIN_NAME=
WEKAN_CODE=
WEKAN_PORT=8081
WEKAN_ONION_PORT=8120
WEKAN_REPO="https://github.com/wekan/wekan"
WEKAN_COMMIT='dc547c38d1f5ca72729f6d8f81eb03671ca15934'
FLOW_ROUTER_REPO="git://github.com/wekan/flow-router.git"
FLOW_ROUTER_COMMIT='0c1f6423ed9b68eb00cfb1a19492438917a38956'
WEKAN_DIR=/etc/wekan
wekan_variables=(ONION_ONLY
WEKAN_DOMAIN_NAME
WEKAN_CODE
DDNS_PROVIDER
MY_USERNAME)
function logging_on_wekan {
echo -n ''
}
function logging_off_wekan {
echo -n ''
}
function remove_user_wekan {
remove_username="$1"
}
function add_user_wekan {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_wekan {
if [[ $ONION_ONLY != "no" ]]; then
GIT_DOMAIN_NAME='wekan.local'
write_config_param "WEKAN_DOMAIN_NAME" "$WEKAN_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details wekan
fi
APP_INSTALLED=1
}
function change_password_wekan {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_wekan {
echo -n ''
}
function upgrade_wekan {
CURR_WEKAN_COMMIT=$(get_completion_param "wekan commit")
if [[ "$CURR_WEKAN_COMMIT" == "$WEKAN_COMMIT" ]]; then
return
fi
systemctl stop wekan
# update to the next commit
function_check set_repo_commit
set_repo_commit $WEKAN_DIR "wekan commit" "$WEKAN_COMMIT" $WEKAN_REPO
systemctl start wekan
}
function backup_local_wekan {
source_directory=$WEKAN_DIR/data
if [ -d $source_directory ]; then
systemctl stop wekan
dest_directory=wekan
function_check suspend_site
suspend_site wekan
function_check backup_database_to_usb
backup_database_to_usb wekan
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
systemctl start wekan
fi
}
function restore_local_wekan {
if [ -d $WEKAN_DIR ]; then
systemctl stop wekan
function_check restore_database
restore_database gogs ${WEKAN_DOMAIN_NAME}
temp_restore_dir=/root/tempwekan
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir wekan
if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then
cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/
else
cp -r $temp_restore_dir/* $WEKAN_DIR/data/
fi
rm -rf $temp_restore_dir
systemctl start wekan
fi
}
function backup_remote_wekan {
if grep -q "wekan domain" $COMPLETION_FILE; then
temp_backup_dir=$WEKAN_DIR/data
if [ -d $temp_backup_dir ]; then
systemctl stop wekan
function_check suspend_site
suspend_site wekan
echo $"Backing up Wekan installation"
function_check backup_database_to_friend
backup_database_to_friend wekan
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir wekan
function_check restart_site
restart_site
systemctl start wekan
else
echo $"wekan domain specified but not found in ${temp_backup_dir}"
fi
fi
}
function restore_remote_wekan {
if [ -d $WEKAN_DIR ]; then
systemctl stop wekan
function_check restore_database_from_friend
restore_database_from_friend wekan
temp_restore_dir=/root/tempwekan
function_check restore_directory_from_usb
restore_directory_from_friend $temp_restore_dir wekan
if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then
cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/
else
cp -r $temp_restore_dir/* $WEKAN_DIR/data/
fi
rm -rf $temp_restore_dir
systemctl start wekan
fi
}
function remove_wekan {
systemctl stop wekan
systemctl disable wekan
if [ -f /etc/systemd/system/wekan.service ]; then
rm /etc/systemd/system/wekan.service
fi
systemctl daemon-reload
function_check remove_nodejs
remove_nodejs wekan
nginx_dissite wekan
if [ -d $WEKAN_DIR ]; then
rm -rf $WEKAN_DIR
fi
if [ -f /etc/nginx/sites-available/wekan ]; then
rm /etc/nginx/sites-available/wekan
fi
function_check drop_database
drop_database wekan
function_check remove_onion_service
remove_onion_service wekan ${WEKAN_ONION_PORT}
remove_app wekan
remove_completion_param install_wekan
sed -i '/wekan/d' $COMPLETION_FILE
groupdel -f wekan
userdel -r wekan
remove_meteor
}
function wekan_create_database {
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
WEKAN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
if [ ! ${GIT_ADMIN_PASSWORD} ]; then
WEKAN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
if [ ! $WEKAN_ADMIN_PASSWORD ]; then
return
fi
function_check create_database
create_database gogs "$WEKAN_ADMIN_PASSWORD"
}
function install_wekan_main {
if [[ $(app_is_installed wekan_main) == "1" ]]; then
return
fi
if [ ! -d /var/www/wekan ]; then
mkdir /var/www/wekan
fi
if [ -d $WEKAN_DIR ]; then
rm -rf $WEKAN_DIR
fi
if [ -d /repos/wekan ]; then
mkdir -p $WEKAN_DIR
cp -r -p /repos/wekan/. $WEKAN_DIR
cd $WEKAN_DIR
git pull
else
function_check git_clone
git_clone $WEKAN_REPO $WEKAN_DIR
fi
if [ ! -d $WEKAN_DIR ]; then
echo $'Unable to clone wekan repo'
exit 783251
fi
# an unprivileged user to run as
groupadd wekan
useradd -c "Wekan account" -d $WEKAN_DIR/ -m -r -g wekan wekan
cd $WEKAN_DIR
git checkout $WEKAN_COMMIT -b $WEKAN_COMMIT
set_completion_param "wekan commit" "$WEKAN_COMMIT"
chown -R wekan:wekan $WEKAN_DIR
WEKAN_ONION_HOSTNAME=$(add_onion_service wekan 80 ${WEKAN_ONION_PORT})
set_completion_param "wekan onion domain" "$WEKAN_ONION_HOSTNAME"
wekan_nginx_site=/etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
if [[ ${ONION_ONLY} == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect ${WEKAN_DOMAIN_NAME}
echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " root /var/www/${WEKAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " server_name ${WEKAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
function_check nginx_ssl
nginx_ssl ${WEKAN_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${WEKAN_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
function_check nginx_limits
nginx_limits ${WEKAN_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
else
echo -n '' > /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
fi
echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " listen 127.0.0.1:${WEKAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " root /var/www/$WEKAN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " server_name $WEKAN_DOMAIN_NAME;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${WEKAN_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
function_check nginx_limits
nginx_limits ${WEKAN_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
function_check nginx_ensite
nginx_ensite wekan
install_completed wekan_main
}
function install_wekan {
apt-get -qy install build-essential c++ capnproto curl
function_check install_nodejs
install_nodejs wekan
install_wekan_main
install_meteor
cd $WEKAN_DIR
su -c 'npm install babel-runtime' - wekan
su -c 'npm install node-gyp' - wekan
su -c 'npm install node-pre-gyp' - wekan
su -c 'npm install fibers' - wekan
su -c 'npm install bcrypt' - wekan
su -c 'npm install bson' - wekan
su -c 'npm install es6-promise' - wekan
su -c 'npm install meteor-node-stubs' - wekan
su -c 'npm install winston' - wekan
su -c 'npm install winston-zulip' - wekan
su -c 'npm install xss' - wekan
# Remove any directories from previous installs
if [ -d $WEKAN_DIR/.meteor ]; then
rm -rf $WEKAN_DIR/.meteor
fi
if [ -d $WEKAN_DIR/app ]; then
rm -rf $WEKAN_DIR/app
fi
if [ -d $WEKAN_DIR/app_build ]; then
rm -rf $WEKAN_DIR/app_build
fi
# Get additional packages
mkdir -p $WEKAN_DIR/.meteor/packages
chown wekan:wekan --recursive $WEKAN_DIR/.meteor
cd $WEKAN_DIR/.meteor/packages
if [ ! -d /repos/flowrouter ]; then
su -c "git clone --depth 1 -b master $FLOW_ROUTER_REPO kadira-flow-router" - wekan
else
mkdir kadira-flow-router
cp -r -p /repos/flowrouter/. kadira-flow-router
cd kadira-flow-router
git pull
cd ..
fi
cd kadira-flow-router
git checkout $FLOW_ROUTER_COMMIT -b $FLOW_ROUTER_COMMIT
cd ..
if [ ! -d /repos/meteoruseraccounts ]; then
su -c "git clone --depth 1 -b master $METEOR_USERACCOUNTS_REPO meteor-useraccounts-core" - wekan
else
mkdir meteor-useraccounts-core
cp -r -p /repos/meteoruseraccounts/. meteor-useraccounts-core
cd meteor-useraccounts-core
git pull
cd ..
fi
cd meteor-useraccounts-core
git checkout $METEOR_USERACCOUNTS_COMMIT -b $METEOR_USERACCOUNTS_COMMIT
cd ..
if [ ! -f $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js ]; then
echo $"File not found: $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js"
exit 7289529
fi
sed -i 's/api\.versionsFrom/\/\/api.versionsFrom/' $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js
cd $WEKAN_DIR/.meteor
su -c "$WEKAN_DIR/.meteor/meteor -- help" - wekan
# Build app
if [ ! -d $WEKAN_DIR/app ]; then
echo $'No app subdirectory found'
exit 294569
fi
cd $WEKAN_DIR/app
su -c "$WEKAN_DIR/.meteor/meteor add standard-minifier-js" - wekan
su -c "$WEKAN_DIR/.meteor/meteor npm install" - wekan
su -c "$WEKAN_DIR/.meteor/meteor build --directory $WEKAN_DIR/app_build" - wekan
cp $WEKAN_DIR/app/fix-download-unicode/cfs_access-point.txt $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js
chown wekan:wekan $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js
sed -i "s|build\/Release\/bson|browser_build\/bson|g" $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/cfs_gridfs/node_modules/mongodb/node_modules/bson/ext/index.js
if [ ! -d $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt ]; then
echo $"No subdirectory found: $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt"
exit 479832
fi
cd $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt
su -c 'rm -rf node_modules/bcrypt' - wekan
su -c 'npm install bcrypt' - wekan
cd $WEKAN_DIR/app_build/bundle/programs/server/
su -c 'npm install' - wekan
mv $WEKAN_DIR/app_build/bundle ../build
if [ ! -f $WEKAN_DIR/build/main.js ]; then
echo $'main.js not found'
exit 7828252
fi
# Cleanup
rm -R $WEKAN_DIR/.meteor
rm -R $WEKAN_DIR/app
rm -R $WEKAN_DIR/app_build
chown -R wekan:wekan $WEKAN_DIR
function_check install_mariadb
install_mariadb
function_check get_mariadb_password
get_mariadb_password
function_check wekan_create_database
wekan_create_database
# daemon
echo '[Unit]' > /etc/systemd/system/wekan.service
echo 'Description=Wekan' >> /etc/systemd/system/wekan.service
echo 'After=syslog.target' >> /etc/systemd/system/wekan.service
echo 'After=network.target' >> /etc/systemd/system/wekan.service
echo '' >> /etc/systemd/system/wekan.service
echo '[Service]' >> /etc/systemd/system/wekan.service
echo 'User=wekan' >> /etc/systemd/system/wekan.service
echo 'Group=wekan' >> /etc/systemd/system/wekan.service
echo "WorkingDirectory=$WEKAN_DIR" >> /etc/systemd/system/wekan.service
echo "ExecStart=/usr/local/bin/node $WEKAN_DIR/build/main.js" >> /etc/systemd/system/wekan.service
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/wekan.service
echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/wekan.service
echo 'Restart=on-failure' >> /etc/systemd/system/wekan.service
echo '' >> /etc/systemd/system/wekan.service
echo '[Install]' >> /etc/systemd/system/wekan.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wekan.service
systemctl enable wekan.service
systemctl daemon-reload
systemctl start wekan.service
systemctl restart nginx
set_completion_param "wekan domain" "$WEKAN_DOMAIN_NAME"
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"

File diff suppressed because it is too large Load Diff

View File

@ -105,7 +105,7 @@ function remove_zeronet_blog {
rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog
fi fi
remove_completion_param install_zeronet_blog remove_completion_param install_zeronet_blog
sed -i '/zeronet blog/d' $COMPLETION_FILE sed -i '/zeronet blog/d' "$COMPLETION_FILE"
} }
function remove_zeronet_mail { function remove_zeronet_mail {
@ -113,7 +113,7 @@ function remove_zeronet_mail {
rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail
fi fi
remove_completion_param install_zeronet_mail remove_completion_param install_zeronet_mail
sed -i '/zeronet mail/d' $COMPLETION_FILE sed -i '/zeronet mail/d' "$COMPLETION_FILE"
} }
function remove_zeronet_forum { function remove_zeronet_forum {
@ -121,7 +121,7 @@ function remove_zeronet_forum {
rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk
fi fi
remove_completion_param install_zeronet_forum remove_completion_param install_zeronet_forum
sed -i '/zeronet forum/d' $COMPLETION_FILE sed -i '/zeronet forum/d' "$COMPLETION_FILE"
} }
function remove_zeronet { function remove_zeronet {
@ -133,20 +133,20 @@ function remove_zeronet {
firewall_remove ${TRACKER_PORT} firewall_remove ${TRACKER_PORT}
firewall_remove 1900 udp firewall_remove 1900 udp
${PROJECT_NAME}-mesh-install -f zeronet --remove yes "${PROJECT_NAME}-mesh-install" -f zeronet --remove yes
remove_completion_param install_zeronet remove_completion_param install_zeronet
remove_completion_param configure_firewall_for_zeronet remove_completion_param configure_firewall_for_zeronet
sed -i '/zeronet/d' $COMPLETION_FILE sed -i '/zeronet/d' "$COMPLETION_FILE"
} }
function configure_firewall_for_zeronet { function configure_firewall_for_zeronet {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
firewall_add ZeroNet ${ZERONET_PORT} firewall_add ZeroNet ${ZERONET_PORT}
firewall_add Tracker ${TRACKER_PORT} firewall_add Tracker ${TRACKER_PORT}
firewall_add Tracker 1900 udp firewall_add Tracker 1900 udp
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
function install_zeronet_blog { function install_zeronet_blog {
@ -161,14 +161,14 @@ function install_zeronet_blog {
ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog" ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
cd $MESH_INSTALL_DIR/zeronet cd "$MESH_INSTALL_DIR/zeronet" || exit 246284728
python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt
if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then
echo $'Unable to create blog' echo $'Unable to create blog'
exit 479 exit 479
fi fi
blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}') blog_address=$(grep "Site address" blog.txt | awk -F ':' '{print $2}')
blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}') blog_private_key=$(grep "Site private key" blog.txt | awk -F ':' '{print $2}')
ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/} ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/} ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
@ -197,24 +197,24 @@ function install_zeronet_blog {
echo $'ZeroBlog repo could not be cloned' echo $'ZeroBlog repo could not be cloned'
exit 6739 exit 6739
fi fi
cd $MESH_INSTALL_DIR/zeronet/ZeroBlog cd "$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 47298462874
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT" set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT"
echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS"
echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS cp -r "$MESH_INSTALL_DIR/zeronet/ZeroBlog/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS"
if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data" ]; then
mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
fi fi
cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json sed -i "s/Blogging platform Demo/Blogging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json"
python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY python zeronet.py siteSign "$ZERONET_BLOG_ADDRESS" "$ZERONET_BLOG_PRIVATE_KEY"
# Add an avahi service # Add an avahi service
function_check create_avahi_service function_check create_avahi_service
@ -223,11 +223,11 @@ function install_zeronet_blog {
chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
mkdir -p /home/$MY_USERNAME/.config/zeronet mkdir -p "/home/$MY_USERNAME/.config/zeronet"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
fi fi
echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myblog"
install_completed zeronet_blog install_completed zeronet_blog
} }
@ -244,14 +244,14 @@ function install_zeronet_mail {
ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail" ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
cd $MESH_INSTALL_DIR/zeronet cd "$MESH_INSTALL_DIR/zeronet" || exit 4628462862
python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt
if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then
echo $'Unable to create mail' echo $'Unable to create mail'
exit 479 exit 479
fi fi
mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}') mail_address=$(grep "Site address" mail.txt | awk -F ':' '{print $2}')
mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}') mail_private_key=$(grep "Site private key" mail.txt | awk -F ':' '{print $2}')
ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/} ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/} ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
@ -280,24 +280,24 @@ function install_zeronet_mail {
echo $'ZeroMail repo could not be cloned' echo $'ZeroMail repo could not be cloned'
exit 6739 exit 6739
fi fi
cd $MESH_INSTALL_DIR/zeronet/ZeroMail cd "$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 246284682
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT" set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT"
echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS"
echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS cp -r "$MESH_INSTALL_DIR/zeronet/ZeroMail/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS"
if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data" ]; then
mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
fi fi
cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json sed -i "s/Mailging platform Demo/Mailging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json"
python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY python zeronet.py siteSign "$ZERONET_MAIL_ADDRESS" "$ZERONET_MAIL_PRIVATE_KEY"
# Add an avahi service # Add an avahi service
function_check create_avahi_service function_check create_avahi_service
@ -306,11 +306,11 @@ function install_zeronet_mail {
chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
mkdir -p /home/$MY_USERNAME/.config/zeronet mkdir -p "/home/$MY_USERNAME/.config/zeronet"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
fi fi
echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/mymail"
install_completed zeronet_mail install_completed zeronet_mail
} }
@ -327,14 +327,14 @@ function install_zeronet_forum {
ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum" ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
cd $MESH_INSTALL_DIR/zeronet cd "$MESH_INSTALL_DIR/zeronet" || exit 472984624628
python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt
if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then
echo $'Unable to create forum' echo $'Unable to create forum'
exit 479 exit 479
fi fi
forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}') forum_address=$(grep "Site address" forum.txt | awk -F ':' '{print $2}')
forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}') forum_private_key=$(grep "Site private key" forum.txt | awk -F ':' '{print $2}')
ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/} ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/} ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
@ -368,13 +368,13 @@ function install_zeronet_forum {
echo $"Forum address: $ZERONET_FORUM_ADDRESS" echo $"Forum address: $ZERONET_FORUM_ADDRESS"
echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY" echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS cp -r "$MESH_INSTALL_DIR/zeronet/ZeroTalk/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS"
sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json sed -i 's/Messaging Board Demo/Messaging Board/g' "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json python zeronet.py siteSign "$ZERONET_FORUM_ADDRESS" "$ZERONET_FORUM_PRIVATE_KEY" --inner_path data/users/content.json
# Add an avahi service # Add an avahi service
function_check create_avahi_service function_check create_avahi_service
@ -383,11 +383,11 @@ function install_zeronet_forum {
chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
mkdir -p /home/$MY_USERNAME/.config/zeronet mkdir -p "/home/$MY_USERNAME/.config/zeronet"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
fi fi
echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myforum"
install_completed zeronet_forum install_completed zeronet_forum
} }
@ -397,7 +397,7 @@ function install_zeronet_main {
return return
fi fi
${PROJECT_NAME}-mesh-install -f zeronet "${PROJECT_NAME}-mesh-install" -f zeronet
systemctl daemon-reload systemctl daemon-reload
systemctl start tracker.service systemctl start tracker.service
systemctl start zeronet.service systemctl start zeronet.service
@ -408,117 +408,118 @@ function install_zeronet_main {
} }
function mesh_zeronet { function mesh_zeronet {
ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}') ZERONET_REPO_MAIN=$(grep "ZERONET_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then
ZERONET_REPO=$ZERONET_REPO_MAIN ZERONET_REPO=$ZERONET_REPO_MAIN
fi fi
if [ ! $ZERONET_REPO ]; then if [ ! "$ZERONET_REPO" ]; then
echo $'No ZeroNet repo was specified' echo $'No ZeroNet repo was specified'
exit 723539 exit 723539
fi fi
ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') ZERONET_COMMIT_MAIN=$(grep "ZERONET_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then
ZERONET_COMMIT=$ZERONET_COMMIT_MAIN ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
fi fi
if [ ! $ZERONET_COMMIT ]; then if [ ! "$ZERONET_COMMIT" ]; then
echo $'No ZeroNet commit was specified' echo $'No ZeroNet commit was specified'
exit 490439 exit 490439
fi fi
MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
fi fi
if [ ! $MESH_INSTALL_DIR ]; then if [ ! "$MESH_INSTALL_DIR" ]; then
echo $'No mesh install dir was specified' echo $'No mesh install dir was specified'
exit 432052 exit 432052
fi fi
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install python python-msgpack python-gevent chroot "$rootdir" apt-get -yq install python python-msgpack python-gevent
chroot "$rootdir" apt-get -yq install python-pip bittornado chroot "$rootdir" apt-get -yq install python-pip bittornado
chroot "$rootdir" pip install msgpack-python --upgrade chroot "$rootdir" pip install msgpack-python --upgrade
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/zeronet/" -s /bin/false zeronet
if [ -d /repos/zeronet ]; then if [ -d /repos/zeronet ]; then
mkdir $rootdir$MESH_INSTALL_DIR/zeronet mkdir "$rootdir$MESH_INSTALL_DIR/zeronet"
cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet cp -r -p /repos/zeronet/. "$rootdir$MESH_INSTALL_DIR/zeronet"
cd $rootdir$MESH_INSTALL_DIR/zeronet cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2648246284
git pull git pull
else else
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet git clone "$ZERONET_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet"
fi fi
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet" ]; then
echo 'WARNING: Unable to clone zeronet' echo 'WARNING: Unable to clone zeronet'
return return
fi fi
cd $rootdir$MESH_INSTALL_DIR/zeronet cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2468276484682
git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT git checkout "$ZERONET_COMMIT" -b "$ZERONET_COMMIT"
if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then if ! grep -q "ZeroNet commit" "$COMPLETION_FILE"; then
echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE echo "ZeroNet commit:$ZERONET_COMMIT" >> "$rootdir$COMPLETION_FILE"
else else
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" "$COMPLETION_FILE"
fi fi
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
# Hack to ensure that the file access port is opened # Hack to ensure that the file access port is opened
# This is because zeronet normally relies on an internet site # This is because zeronet normally relies on an internet site
# to do this, but on a purely local mesh the internet isn't available # to do this, but on a purely local mesh the internet isn't available
sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' "$rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py"
ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
echo '[Unit]' > $ZERONET_DAEMON { echo '[Unit]';
echo 'Description=Zeronet Server' >> $ZERONET_DAEMON echo 'Description=Zeronet Server';
echo 'After=syslog.target' >> $ZERONET_DAEMON echo 'After=syslog.target';
echo 'After=network.target' >> $ZERONET_DAEMON echo 'After=network.target';
echo '[Service]' >> $ZERONET_DAEMON echo '[Service]';
echo 'Type=simple' >> $ZERONET_DAEMON echo 'Type=simple';
echo 'User=zeronet' >> $ZERONET_DAEMON echo 'User=zeronet';
echo 'Group=zeronet' >> $ZERONET_DAEMON echo 'Group=zeronet';
echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet";
echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap";
echo '' >> $ZERONET_DAEMON echo '';
echo 'TimeoutSec=300' >> $ZERONET_DAEMON echo 'TimeoutSec=300';
echo '' >> $ZERONET_DAEMON echo '';
echo '[Install]' >> $ZERONET_DAEMON echo '[Install]';
echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON echo 'WantedBy=multi-user.target'; } > "$ZERONET_DAEMON"
TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
echo '[Unit]' > $TRACKER_DAEMON { echo '[Unit]';
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON echo 'Description=Torrent Tracker';
echo 'After=syslog.target' >> $TRACKER_DAEMON echo 'After=syslog.target';
echo 'After=network.target' >> $TRACKER_DAEMON echo 'After=network.target';
echo '[Service]' >> $TRACKER_DAEMON echo '[Service]';
echo 'Type=simple' >> $TRACKER_DAEMON echo 'Type=simple';
echo 'User=tracker' >> $TRACKER_DAEMON echo 'User=tracker';
echo 'Group=tracker' >> $TRACKER_DAEMON echo 'Group=tracker';
echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker";
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
echo '' >> $TRACKER_DAEMON echo '';
echo 'TimeoutSec=300' >> $TRACKER_DAEMON echo 'TimeoutSec=300';
echo '' >> $TRACKER_DAEMON echo '';
echo '[Install]' >> $TRACKER_DAEMON echo '[Install]';
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/tracker/" -s /bin/false tracker
if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then if [ ! -d "$rootdir$MESH_INSTALL_DIR/tracker" ]; then
mkdir $rootdir$MESH_INSTALL_DIR/tracker mkdir "$rootdir$MESH_INSTALL_DIR/tracker"
fi fi
chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker chroot "$rootdir" chown -R tracker:tracker "$MESH_INSTALL_DIR/tracker"
# publish regularly # publish regularly
MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
echo '#!/bin/bash' > $MESH_SYNC_COMMAND { echo '#!/bin/bash';
echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND echo '/usr/local/bin/toxavahi 2> /dev/null';
echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
chmod +x $MESH_SYNC_COMMAND chmod +x "$MESH_SYNC_COMMAND"
if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab { echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null";
echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
fi fi
chroot "$rootdir" systemctl enable tracker.service chroot "$rootdir" systemctl enable tracker.service
@ -526,95 +527,95 @@ function mesh_zeronet {
} }
function mesh_zeronet_blog { function mesh_zeronet_blog {
ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}') ZERONET_BLOG_REPO=$(grep "ZERONET_BLOG_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
fi fi
if [ ! $MESH_INSTALL_DIR ]; then if [ ! "$MESH_INSTALL_DIR" ]; then
echo $'No mesh install dir was specified' echo $'No mesh install dir was specified'
exit 432052 exit 432052
fi fi
git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog git clone "$ZERONET_BLOG_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog"
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" ]; then
echo $'ZeroBlog repo could not be cloned' echo $'ZeroBlog repo could not be cloned'
exit 6739 exit 6739
fi fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 247824628
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT git checkout "$ZERONET_BLOG_COMMIT" -b "$ZERONET_BLOG_COMMIT"
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
} }
function mesh_zeronet_mail { function mesh_zeronet_mail {
ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}') ZERONET_MAIL_REPO=$(grep "ZERONET_MAIL_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
fi fi
if [ ! $MESH_INSTALL_DIR ]; then if [ ! "$MESH_INSTALL_DIR" ]; then
echo $'No mesh install dir was specified' echo $'No mesh install dir was specified'
exit 432052 exit 432052
fi fi
git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail git clone "$ZERONET_MAIL_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail"
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" ]; then
echo $'ZeroMail repo could not be cloned' echo $'ZeroMail repo could not be cloned'
exit 78493 exit 78493
fi fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 2467824628
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT git checkout "$ZERONET_MAIL_COMMIT" -b "$ZERONET_MAIL_COMMIT"
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
} }
function mesh_zeronet_forum { function mesh_zeronet_forum {
ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}') ZERONET_FORUM_REPO=$(grep "ZERONET_FORUM_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
fi fi
if [ ! $MESH_INSTALL_DIR ]; then if [ ! "$MESH_INSTALL_DIR" ]; then
echo $'No mesh install dir was specified' echo $'No mesh install dir was specified'
exit 432052 exit 432052
fi fi
git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk git clone "$ZERONET_FORUM_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk"
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" ]; then
echo $'ZeroTalk repo could not be cloned' echo $'ZeroTalk repo could not be cloned'
exit 78252 exit 78252
fi fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" || exit 246824628
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT git checkout "$ZERONET_FORUM_COMMIT" -b "$ZERONET_FORUM_COMMIT"
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
} }
function mesh_zeronet_id { function mesh_zeronet_id {
ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}') ZERONET_ID_REPO=$(grep "ZERONET_ID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') ZERONET_ID_COMMIT=$(grep "ZERONET_ID_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
fi fi
if [ ! $MESH_INSTALL_DIR ]; then if [ ! "$MESH_INSTALL_DIR" ]; then
echo $'No mesh install dir was specified' echo $'No mesh install dir was specified'
exit 432052 exit 432052
fi fi
git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID git clone "$ZERONET_ID_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID"
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" ]; then
echo $'ZeroID repo could not be cloned' echo $'ZeroID repo could not be cloned'
exit 37936 exit 37936
fi fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" || exit 8723563244
git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT git checkout "$ZERONET_ID_COMMIT" -b "$ZERONET_ID_COMMIT"
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
} }
function install_zeronet { function install_zeronet {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_zeronet mesh_zeronet
mesh_zeronet_blog mesh_zeronet_blog
mesh_zeronet_mail mesh_zeronet_mail

View File

@ -33,34 +33,34 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-archive-mail export TEXTDOMAIN=${PROJECT_NAME}-archive-mail
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation"
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# for every user who has a mail directory # for every user who has a mail directory
if [ -d /home/$USERNAME/Maildir ]; then if [ -d "/home/$USERNAME/Maildir" ]; then
MUTTRC=/home/$USERNAME/.muttrc MUTTRC=/home/$USERNAME/.muttrc
# update archives # update archives
python /usr/bin/cleanup-maildir --archive-folder="archive" --maildir-root="/home/$USERNAME/Maildir" archive "" python /usr/bin/cleanup-maildir --archive-folder="archive" --maildir-root="/home/$USERNAME/Maildir" archive ""
# ensure the user has permissions on the archives # ensure the user has permissions on the archives
for archive_dir in /home/$USERNAME/Maildir/archive-* ; do for archive_dir in /home/$USERNAME/Maildir/archive-* ; do
chown -R $USERNAME:$USERNAME $archive_dir chown -R "$USERNAME":"$USERNAME" "$archive_dir"
done done
# add the archive to .muttrc if needed # add the archive to .muttrc if needed
if [ -f $MUTTRC ]; then if [ -f "$MUTTRC" ]; then
MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
YR=$(date +"%Y") YR=$(date +"%Y")
PREV_YR=$((YR - 1)) PREV_YR=$((YR - 1))
BACKUP_DIRECTORY=archive-$YR BACKUP_DIRECTORY=archive-$YR
PREV_BACKUP_DIRECTORY=archive-$PREV_YR PREV_BACKUP_DIRECTORY=archive-$PREV_YR
if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then
if [[ $MUTT_MAILBOXES == *$PREV_BACKUP_DIRECTORY* ]]; then if [[ $MUTT_MAILBOXES == *$PREV_BACKUP_DIRECTORY* ]]; then
sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" $MUTTRC sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" "$MUTTRC"
else else
sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" "$MUTTRC"
fi fi
chown $USERNAME:$USERNAME $MUTTRC chown "$USERNAME":"$USERNAME" "$MUTTRC"
fi fi
fi fi
fi fi

View File

@ -59,13 +59,13 @@ function please_wait {
please_wait please_wait
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
# include utils which allow function_check and drive mount # include utils which allow function_check and drive mount
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
clear clear
@ -82,7 +82,7 @@ ADMIN_NAME=
# Sites are suspended so that verification should work # Sites are suspended so that verification should work
SUSPENDED_SITE= SUSPENDED_SITE=
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
function make_backup_directory { function make_backup_directory {
# make a backup directory on the drive # make a backup directory on the drive
@ -100,7 +100,7 @@ function make_backup_directory {
function check_storage_space_remaining { function check_storage_space_remaining {
# Check space remaining on the usb drive # Check space remaining on the usb drive
used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}') used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}')
if [ $used_percent -gt 95 ]; then if [ "$used_percent" -gt 95 ]; then
echo $"Less than 5% of space remaining on backup drive" echo $"Less than 5% of space remaining on backup drive"
umount $USB_MOUNT umount $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
@ -114,105 +114,105 @@ function backup_users {
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# Backup any gpg keys # Backup any gpg keys
if [ -d /home/$USERNAME/.gnupg ]; then if [ -d "/home/$USERNAME/.gnupg" ]; then
echo $"Backing up gpg keys for $USERNAME" echo $"Backing up gpg keys for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME backup_directory_to_usb "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
fi fi
# Backup any personal settings # Backup any personal settings
if [ -d /home/$USERNAME/personal ]; then if [ -d "/home/$USERNAME/personal" ]; then
echo $"Backing up personal settings for $USERNAME" echo $"Backing up personal settings for $USERNAME"
backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME backup_directory_to_usb "/home/$USERNAME/personal" "personal/$USERNAME"
fi fi
# Backup ssh keys # Backup ssh keys
if [ -d /home/$USERNAME/.ssh ]; then if [ -d "/home/$USERNAME/.ssh" ]; then
echo $"Backing up ssh keys for $USERNAME" echo $"Backing up ssh keys for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME backup_directory_to_usb "/home/$USERNAME/.ssh" "ssh/$USERNAME"
fi fi
# Backup fin database if it exists # Backup fin database if it exists
if [ -d /home/$USERNAME/.fin ]; then if [ -d "/home/$USERNAME/.fin" ]; then
echo $"Backing up fin files for $USERNAME" echo $"Backing up fin files for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME backup_directory_to_usb "/home/$USERNAME/.fin" "fin/$USERNAME"
fi fi
# Backup emacs # Backup emacs
if [ -d /home/$USERNAME/.emacs.d ]; then if [ -d "/home/$USERNAME/.emacs.d" ]; then
echo $"Backing up Emacs config for $USERNAME" echo $"Backing up Emacs config for $USERNAME"
if [ -f /home/$USERNAME/.emacs ]; then if [ -f "/home/$USERNAME/.emacs" ]; then
cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
fi fi
backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME backup_directory_to_usb "/home/$USERNAME/.emacs.d" "config/$USERNAME"
fi fi
# Backup user configs # Backup user configs
if [ -d /home/$USERNAME/.config ]; then if [ -d "/home/$USERNAME/.config" ]; then
echo $"Backing up config files for $USERNAME" echo $"Backing up config files for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME backup_directory_to_usb "/home/$USERNAME/.config" "config/$USERNAME"
fi fi
# Backup monkeysphere # Backup monkeysphere
if [ -d /home/$USERNAME/.monkeysphere ]; then if [ -d "/home/$USERNAME/.monkeysphere" ]; then
echo $"Backing up monkeysphere files for $USERNAME" echo $"Backing up monkeysphere files for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME backup_directory_to_usb "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
fi fi
# Backup user local # Backup user local
if [ -d /home/$USERNAME/.local ]; then if [ -d "/home/$USERNAME/.local" ]; then
echo $"Backing up local files for $USERNAME" echo $"Backing up local files for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME backup_directory_to_usb "/home/$USERNAME/.local" "local/$USERNAME"
fi fi
# Backup mutt # Backup mutt
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
echo $"Backing up Mutt settings for $USERNAME" echo $"Backing up Mutt settings for $USERNAME"
if [ ! -d /home/$USERNAME/tempbackup ]; then if [ ! -d "/home/$USERNAME/tempbackup" ]; then
mkdir -p /home/$USERNAME/tempbackup mkdir -p "/home/$USERNAME/tempbackup"
fi fi
cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
cp /etc/Muttrc /home/$USERNAME/tempbackup cp /etc/Muttrc "/home/$USERNAME/tempbackup"
fi fi
backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME backup_directory_to_usb "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
fi fi
if [ -d /home/$USERNAME/.mutt ]; then if [ -d "/home/$USERNAME/.mutt" ]; then
echo $"Backing up Mutt configurations for $USERNAME" echo $"Backing up Mutt configurations for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs backup_directory_to_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
fi fi
# Backup email # Backup email
if [ -d /home/$USERNAME/Maildir ]; then if [ -d "/home/$USERNAME/Maildir" ]; then
echo $"Stopping mail server" echo $"Stopping mail server"
systemctl stop exim4 systemctl stop exim4
echo $"Creating an email archive for $USERNAME" echo $"Creating an email archive for $USERNAME"
if [ ! -d /root/tempbackupemail/$USERNAME ]; then if [ ! -d "/root/tempbackupemail/$USERNAME" ]; then
mkdir -p /root/tempbackupemail/$USERNAME mkdir -p "/root/tempbackupemail/$USERNAME"
fi fi
tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir tar -czvf "/root/tempbackupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
echo $"Restarting mail server" echo $"Restarting mail server"
systemctl start exim4 systemctl start exim4
echo $"Backing up emails for $USERNAME" echo $"Backing up emails for $USERNAME"
backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME backup_directory_to_usb "/root/tempbackupemail/$USERNAME" "mail/$USERNAME"
fi fi
# Backup spamassassin # Backup spamassassin
if [ -d /home/$USERNAME/.spamassassin ]; then if [ -d "/home/$USERNAME/.spamassassin" ]; then
echo $"Backing up spamassassin settings for $USERNAME" echo $"Backing up spamassassin settings for $USERNAME"
backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME backup_directory_to_usb "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
fi fi
# Backup procmail # Backup procmail
if [ -f /home/$USERNAME/.procmailrc ]; then if [ -f "/home/$USERNAME/.procmailrc" ]; then
echo $"Backing up procmail settings for $USERNAME" echo $"Backing up procmail settings for $USERNAME"
if [ ! -d /home/$USERNAME/tempbackup ]; then if [ ! -d "/home/$USERNAME/tempbackup" ]; then
mkdir -p /home/$USERNAME/tempbackup mkdir -p "/home/$USERNAME/tempbackup"
fi fi
cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME backup_directory_to_usb "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
fi fi
gpg_agent_enable $USERNAME gpg_agent_enable "$USERNAME"
fi fi
done done
} }
@ -231,11 +231,11 @@ function backup_directories {
for dr in "${backup_dirs[@]}" for dr in "${backup_dirs[@]}"
do do
# if this directory exists then back it up to the given destination # if this directory exists then back it up to the given destination
source_directory=$(echo $dr | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') source_directory=$(echo "$dr" | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
if [ -d $source_directory ]; then if [ -d "$source_directory" ]; then
dest_directory=$(echo $dr | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') dest_directory=$(echo "$dr" | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
echo $"Backing up $source_directory to $dest_directory" echo $"Backing up $source_directory to $dest_directory"
backup_directory_to_usb $source_directory $dest_directory backup_directory_to_usb "$source_directory" "$dest_directory"
fi fi
restart_site restart_site
@ -243,8 +243,8 @@ function backup_directories {
} }
function remove_backup_directory { function remove_backup_directory {
if [ $1 ]; then if [ "$1" ]; then
if [[ $1 == "remove" ]]; then if [[ "$1" == "remove" ]]; then
if [ -d $USB_MOUNT/backup ]; then if [ -d $USB_MOUNT/backup ]; then
rm -rf $USB_MOUNT/backup rm -rf $USB_MOUNT/backup
echo $'Existing backup directory removed' echo $'Existing backup directory removed'
@ -274,7 +274,7 @@ function backup_blocklist {
if [ ! -d $temp_backup_dir ]; then if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir mkdir -p $temp_backup_dir
fi fi
if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
fi fi
backup_directory_to_usb $temp_backup_dir blocklist backup_directory_to_usb $temp_backup_dir blocklist
@ -287,8 +287,8 @@ function backup_configfiles {
if [ ! -d $temp_backup_dir ]; then if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir mkdir -p $temp_backup_dir
fi fi
if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
fi fi
if [ -f /root/.nostore ]; then if [ -f /root/.nostore ]; then
cp -f /root/.nostore $temp_backup_dir cp -f /root/.nostore $temp_backup_dir
@ -297,13 +297,13 @@ function backup_configfiles {
rm $temp_backup_dir/.nostore rm $temp_backup_dir/.nostore
fi fi
fi fi
cp -f $CONFIGURATION_FILE $temp_backup_dir cp -f "$CONFIGURATION_FILE" $temp_backup_dir
cp -f $COMPLETION_FILE $temp_backup_dir cp -f "$COMPLETION_FILE" $temp_backup_dir
if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
fi fi
if [ -f $MONGODB_APPS_FILE ]; then if [ -f "$MONGODB_APPS_FILE" ]; then
cp -f $MONGODB_APPS_FILE $temp_backup_dir cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
fi fi
# nginx password hashes # nginx password hashes
if [ -f /etc/nginx/.htpasswd ]; then if [ -f /etc/nginx/.htpasswd ]; then
@ -355,7 +355,8 @@ function backup_postgresql {
if [ ! -d $temp_backup_dir ]; then if [ ! -d $temp_backup_dir ]; then
mkdir $temp_backup_dir mkdir $temp_backup_dir
fi fi
sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql # shellcheck disable=SC2024
sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
if [ ! -s $temp_backup_dir/postgresql.sql ]; then if [ ! -s $temp_backup_dir/postgresql.sql ]; then
echo $"Unable to backup postgresql settings" echo $"Unable to backup postgresql settings"
rm -rf $temp_backup_dir rm -rf $temp_backup_dir
@ -375,8 +376,8 @@ if [[ $1 == "remove" ]]; then
fi fi
gpg_agent_setup root gpg_agent_setup root
backup_mount_drive $1 $2 backup_mount_drive "$1" "$2"
remove_backup_directory $remove_option remove_backup_directory "$remove_option"
make_backup_directory make_backup_directory
check_storage_space_remaining check_storage_space_remaining
backup_users backup_users

View File

@ -43,30 +43,30 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
PROJECT_INSTALL_DIR=/usr/bin PROJECT_INSTALL_DIR=/usr/bin
fi fi
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
# utilities needed for backup commands # utilities needed for backup commands
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
# Temporary location for data to be backed up to other servers # Temporary location for data to be backed up to other servers
SERVER_DIRECTORY=/root/remotebackup SERVER_DIRECTORY=/root/remotebackup
# get the version of Go being used # get the version of Go being used
GO_VERSION=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go | grep 'GO_VERSION=' | head -n 1 | awk -F '=' '{print $2}') GO_VERSION=$(grep 'GO_VERSION=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go" | head -n 1 | awk -F '=' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user") ADMIN_USERNAME=$(get_completion_param "Admin user")
ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1) ADMIN_NAME=$(getent passwd "$ADMIN_USERNAME" | cut -d: -f5 | cut -d, -f1)
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME} ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
if [ ! -f /etc/ssl/private/backup.key ]; then if [ ! -f /etc/ssl/private/backup.key ]; then
echo $"Creating backup key" echo $"Creating backup key"
${PROJECT_NAME}-addcert -h backup --dhkey 2048 ${PROJECT_NAME}-addcert -h backup --dhkey 2048
fi fi
if [ ! -f /home/${ADMIN_USERNAME}/backup.list ]; then if [ ! -f "/home/${ADMIN_USERNAME}/backup.list" ]; then
exit 1 exit 1
fi fi
@ -92,16 +92,16 @@ function suspend_site {
return return
fi fi
SUSPENDED_SITE="$1" SUSPENDED_SITE="$1"
nginx_dissite $SUSPENDED_SITE nginx_dissite "$SUSPENDED_SITE"
systemctl reload nginx systemctl reload nginx
} }
function restart_site { function restart_site {
# restarts a given website # restarts a given website
if [ ! $SUSPENDED_SITE ]; then if [ ! "$SUSPENDED_SITE" ]; then
return return
fi fi
nginx_ensite $SUSPENDED_SITE nginx_ensite "$SUSPENDED_SITE"
systemctl reload nginx systemctl reload nginx
SUSPENDED_SITE= SUSPENDED_SITE=
} }
@ -115,7 +115,7 @@ function backup_blocklist {
if [ ! -d $temp_backup_dir ]; then if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir mkdir -p $temp_backup_dir
fi fi
if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
fi fi
backup_directory_to_friend $temp_backup_dir blocklist backup_directory_to_friend $temp_backup_dir blocklist
@ -128,8 +128,8 @@ function backup_configfiles {
if [ ! -d $temp_backup_dir ]; then if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir mkdir -p $temp_backup_dir
fi fi
if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
fi fi
if [ -f /root/.nostore ]; then if [ -f /root/.nostore ]; then
cp -f /root/.nostore $temp_backup_dir cp -f /root/.nostore $temp_backup_dir
@ -138,13 +138,13 @@ function backup_configfiles {
rm $temp_backup_dir/.nostore rm $temp_backup_dir/.nostore
fi fi
fi fi
cp -f $CONFIGURATION_FILE $temp_backup_dir cp -f "$CONFIGURATION_FILE" $temp_backup_dir
cp -f $COMPLETION_FILE $temp_backup_dir cp -f "$COMPLETION_FILE" $temp_backup_dir
if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
fi fi
if [ -f $MONGODB_APPS_FILE ]; then if [ -f "$MONGODB_APPS_FILE" ]; then
cp -f $MONGODB_APPS_FILE $temp_backup_dir cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
fi fi
# nginx password hashes # nginx password hashes
if [ -f /etc/nginx/.htpasswd ]; then if [ -f /etc/nginx/.htpasswd ]; then
@ -158,114 +158,114 @@ function backup_users {
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# personal settings # personal settings
if [ -d /home/$USERNAME/personal ]; then if [ -d "/home/$USERNAME/personal" ]; then
echo $"Backing up personal settings for $USERNAME" echo $"Backing up personal settings for $USERNAME"
backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME backup_directory_to_friend "/home/$USERNAME/personal" "personal/$USERNAME"
fi fi
# gpg keys # gpg keys
if [ -d /home/$USERNAME/.gnupg ]; then if [ -d "/home/$USERNAME/.gnupg" ]; then
echo $"Backing up gpg keys for $USERNAME" echo $"Backing up gpg keys for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME backup_directory_to_friend "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
fi fi
# ssh keys # ssh keys
if [ -d /home/$USERNAME/.ssh ]; then if [ -d "/home/$USERNAME/.ssh" ]; then
echo $"Backing up ssh keys for $USERNAME" echo $"Backing up ssh keys for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME backup_directory_to_friend "/home/$USERNAME/.ssh" "ssh/$USERNAME"
fi fi
# syncthing files # syncthing files
if [ -d /home/$USERNAME/Sync ]; then if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME" echo $"Backing up syncthing files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings # ensure that device IDs will be backed up as part of user config settings
if [ ! -d /home/$USERNAME/.config/syncthing ]; then if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
mkdir -p /home/$USERNAME/.config/syncthing mkdir -p "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthingids ]; then if [ -f "/home/$USERNAME/.syncthingids" ]; then
cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
fi fi
# config files # config files
if [ -d /home/$USERNAME/.config ]; then if [ -d "/home/$USERNAME/.config" ]; then
echo $"Backing up config files for $USERNAME" echo $"Backing up config files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME backup_directory_to_friend "/home/$USERNAME/.config" "config/$USERNAME"
fi fi
# monkeysphere files # monkeysphere files
if [ -d /home/$USERNAME/.monkeysphere ]; then if [ -d "/home/$USERNAME/.monkeysphere" ]; then
echo $"Backing up monkeysphere files for $USERNAME" echo $"Backing up monkeysphere files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME backup_directory_to_friend "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
fi fi
# fin files # fin files
if [ -d /home/$USERNAME/.fin ]; then if [ -d "/home/$USERNAME/.fin" ]; then
echo $"Backing up fin files for $USERNAME" echo $"Backing up fin files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME backup_directory_to_friend "/home/$USERNAME/.fin" "fin/$USERNAME"
fi fi
# local files # local files
if [ -d /home/$USERNAME/.local ]; then if [ -d "/home/$USERNAME/.local" ]; then
echo $"Backing up local files for $USERNAME" echo $"Backing up local files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME backup_directory_to_friend "/home/$USERNAME/.local" "local/$USERNAME"
fi fi
# mutt settings # mutt settings
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
echo $"Backing up Mutt settings for $USERNAME" echo $"Backing up Mutt settings for $USERNAME"
if [ ! -d /home/$USERNAME/tempbackup ]; then if [ ! -d "/home/$USERNAME/tempbackup" ]; then
mkdir -p /home/$USERNAME/tempbackup mkdir -p "/home/$USERNAME/tempbackup"
fi fi
cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
cp /etc/Muttrc /home/$USERNAME/tempbackup cp /etc/Muttrc "/home/$USERNAME/tempbackup"
fi fi
backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME backup_directory_to_friend "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
fi fi
if [ -d /home/$USERNAME/.mutt ]; then if [ -d "/home/$USERNAME/.mutt" ]; then
echo $"Backing up Mutt configurations for $USERNAME" echo $"Backing up Mutt configurations for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs backup_directory_to_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
fi fi
# procmail settings # procmail settings
if [ -f /home/$USERNAME/.procmailrc ]; then if [ -f "/home/$USERNAME/.procmailrc" ]; then
echo $"Backing up procmail settings for $USERNAME" echo $"Backing up procmail settings for $USERNAME"
if [ ! -d /home/$USERNAME/tempbackup ]; then if [ ! -d "/home/$USERNAME/tempbackup" ]; then
mkdir -p /home/$USERNAME/tempbackup mkdir -p "/home/$USERNAME/tempbackup"
fi fi
cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME backup_directory_to_friend "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
fi fi
# spamassassin settings # spamassassin settings
if [ -d /home/$USERNAME/.spamassassin ]; then if [ -d "/home/$USERNAME/.spamassassin" ]; then
echo $"Backing up spamassassin settings for $USERNAME" echo $"Backing up spamassassin settings for $USERNAME"
backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME backup_directory_to_friend "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
fi fi
# email # email
if [ -d /home/$USERNAME/Maildir ]; then if [ -d "/home/$USERNAME/Maildir" ]; then
echo $"Stopping mail server" echo $"Stopping mail server"
systemctl stop exim4 systemctl stop exim4
echo $"Creating an email archive" echo $"Creating an email archive"
if [ ! -d /root/backupemail/$USERNAME ]; then if [ ! -d "/root/backupemail/$USERNAME" ]; then
mkdir -p /root/backupemail/$USERNAME mkdir -p "/root/backupemail/$USERNAME"
fi fi
tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir tar -czvf "/root/backupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
echo $"Restarting mail server" echo $"Restarting mail server"
systemctl start exim4 systemctl start exim4
echo $"Backing up emails for $USERNAME" echo $"Backing up emails for $USERNAME"
backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME backup_directory_to_friend "/root/backupemail/$USERNAME" "mail/$USERNAME"
fi fi
gpg_agent_enable $USERNAME gpg_agent_enable "$USERNAME"
fi fi
done done
} }
@ -313,13 +313,13 @@ function backup_web_server {
} }
function backup_admin_readme { function backup_admin_readme {
if [ -f /home/$ADMIN_USERNAME/README ]; then if [ -f "/home/$ADMIN_USERNAME/README" ]; then
echo $"Backing up README" echo $"Backing up README"
if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then if [ ! -d "/home/$ADMIN_USERNAME/tempbackup" ]; then
mkdir -p /home/$ADMIN_USERNAME/tempbackup mkdir -p "/home/$ADMIN_USERNAME/tempbackup"
fi fi
cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup cp -f "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/tempbackup"
backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme backup_directory_to_friend "/home/$ADMIN_USERNAME/tempbackup" readme
fi fi
} }
@ -330,12 +330,12 @@ function backup_mariadb {
mkdir $temp_backup_dir mkdir $temp_backup_dir
fi fi
keep_database_running keep_database_running
mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql mysqldump --password="$DATABASE_PASSWORD" mysql user > "$temp_backup_dir/mysql.sql"
if [ ! -s $temp_backup_dir/mysql.sql ]; then if [ ! -s $temp_backup_dir/mysql.sql ]; then
echo $"Unable to backup MariaDB settings" echo $"Unable to backup MariaDB settings"
rm -rf $temp_backup_dir rm -rf $temp_backup_dir
# Send a warning email # Send a warning email
echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
exit 653 exit 653
fi fi
echo "$DATABASE_PASSWORD" > $temp_backup_dir/db echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@ -353,12 +353,13 @@ function backup_postgresql {
if [ ! -d $temp_backup_dir ]; then if [ ! -d $temp_backup_dir ]; then
mkdir $temp_backup_dir mkdir $temp_backup_dir
fi fi
sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql # shellcheck disable=SC2024
sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
if [ ! -s $temp_backup_dir/postgresql.sql ]; then if [ ! -s $temp_backup_dir/postgresql.sql ]; then
echo $"Unable to backup postgresql settings" echo $"Unable to backup postgresql settings"
rm -rf $temp_backup_dir rm -rf $temp_backup_dir
umount $USB_MOUNT umount "$USB_MOUNT"
rm -rf $USB_MOUNT rm -rf "$USB_MOUNT"
exit 684365 exit 684365
fi fi
echo "$DATABASE_PASSWORD" > $temp_backup_dir/db echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@ -375,10 +376,10 @@ function get_key_share {
# Get a share index based on the supplied domain name # Get a share index based on the supplied domain name
# This ensures that the same share is always given to the same domain # This ensures that the same share is always given to the same domain
sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN") sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN")
share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -) share_index=$(echo $((0x${sharenumstr%% *} % no_of_shares)) | tr -d -)
# get the filename # get the filename
share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*) share_files=("/home/$USERNAME/.gnupg_fragments/keyshare.asc.*")
share_filename=${share_files[share_index]} share_filename=${share_files[share_index]}
echo "$share_filename" echo "$share_filename"
@ -391,35 +392,37 @@ function disperse_key_shares {
REMOTE_PASSWORD=$4 REMOTE_PASSWORD=$4
REMOTE_SERVER=$5 REMOTE_SERVER=$5
if [ -d /home/$USERNAME/.gnupg_fragments ]; then if [ -d "/home/$USERNAME/.gnupg_fragments" ]; then
if [ $REMOTE_DOMAIN ]; then if [ "$REMOTE_DOMAIN" ]; then
cd /home/$USERNAME/.gnupg_fragments cd "/home/$USERNAME/.gnupg_fragments" || exit 34687246462
# shellcheck disable=SC2012
no_of_shares=$(ls -afq keyshare.asc.* | wc -l) no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
if (( no_of_shares > 1 )); then if (( no_of_shares > 1 )); then
share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN") share_filename=$(get_key_share "$no_of_shares" "$USERNAME" "$REMOTE_DOMAIN")
# create a temp directory containing the share # create a temp directory containing the share
temp_key_share_dir=/home/$USERNAME/tempkey temp_key_share_dir=/home/$USERNAME/tempkey
temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME} temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME}
mkdir -p $temp_key_share_fragments mkdir -p "$temp_key_share_fragments"
cp $share_filename $temp_key_share_fragments/ cp "$share_filename" "$temp_key_share_fragments/"
# copy the fragments directory to the remote server # copy the fragments directory to the remote server
/usr/bin/sshpass -p "$REMOTE_PASSWORD" \ /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER scp -r -P "$REMOTE_SSH_PORT" "$temp_key_share_fragments" "$REMOTE_SERVER"
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
# Send a warning email # Send a warning email
echo "Key share to $REMOTE_SERVER failed" | \ echo "Key share to $REMOTE_SERVER failed" | \
mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
else else
# Send a confirmation email # Send a confirmation email
echo "Key ${share_filename} shared to $REMOTE_SERVER" | \ echo "Key ${share_filename} shared to $REMOTE_SERVER" | \
mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
fi fi
# remove the temp file/directory # remove the temp file/directory
shred -zu $temp_key_share_fragments/* shred -zu "$temp_key_share_fragments/*"
rm -rf $temp_key_share_dir rm -rf "$temp_key_share_dir"
fi fi
fi fi
fi fi
@ -449,13 +452,13 @@ if [[ $TEST_MODE == "no" ]]; then
fi fi
# For each remote server # For each remote server
while read remote_server while read -r remote_server
do do
# Get the server and its password # Get the server and its password
# Format is: # Format is:
# username@domain <port number> /home/username <ssh password> # username@domain <port number> /home/username <ssh password>
REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}') REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
if [ $REMOTE_SERVER ]; then if [ "$REMOTE_SERVER" ]; then
REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}') REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}')
REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}') REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}') REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
@ -469,23 +472,22 @@ do
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER disperse_key_shares "$USERNAME" "$REMOTE_DOMAIN" "$REMOTE_SSH_PORT" "$REMOTE_PASSWORD" "$REMOTE_SERVER"
fi fi
done done
if [[ $TEST_MODE == "yes" ]]; then if [[ $TEST_MODE == "yes" ]]; then
echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER" echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER"
fi fi
rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$SERVER_DIRECTORY/backup" "$REMOTE_SERVER"; then
if [ ! "$?" = "0" ]; then
echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log
# Send a warning email # Send a warning email
echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
else else
echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log
fi fi
fi fi
done < /home/${ADMIN_USERNAME}/backup.list done < "/home/${ADMIN_USERNAME}/backup.list"
exit 0 exit 0

File diff suppressed because it is too large Load Diff

View File

@ -37,7 +37,7 @@ function backup_remote_tripwire {
} }
function remove_tripwire { function remove_tripwire {
if ! grep -Fxq "tripwire" $COMPLETION_FILE; then if ! grep -Fxq "tripwire" "$COMPLETION_FILE"; then
return return
fi fi
apt-get -yq remove --purge tripwire apt-get -yq remove --purge tripwire
@ -45,11 +45,11 @@ function remove_tripwire {
rm -rf /etc/tripwire rm -rf /etc/tripwire
fi fi
rm /usr/bin/reset-tripwire rm /usr/bin/reset-tripwire
sed -i '/tripwire/d' $COMPLETION_FILE sed -i '/tripwire/d' "$COMPLETION_FILE"
} }
function install_tripwire { function install_tripwire {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
@ -60,35 +60,35 @@ function install_tripwire {
apt-get -yq install tripwire qrencode apt-get -yq install tripwire qrencode
apt-get -yq autoremove apt-get -yq autoremove
cd /etc/tripwire cd /etc/tripwire || exit 246852845
echo 'ROOT =/usr/sbin' > /etc/tripwire/twcfg.txt { echo 'ROOT =/usr/sbin';
echo 'POLFILE =/etc/tripwire/tw.pol' >> /etc/tripwire/twcfg.txt echo 'POLFILE =/etc/tripwire/tw.pol';
echo 'DBFILE =/var/lib/tripwire/$(HOSTNAME).twd' >> /etc/tripwire/twcfg.txt echo "DBFILE =/var/lib/tripwire/\$(HOSTNAME).twd";
echo 'REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr' >> /etc/tripwire/twcfg.txt echo "REPORTFILE =/var/lib/tripwire/report/\$(HOSTNAME)-\$(DATE).twr";
echo 'SITEKEYFILE =/etc/tripwire/$(HOSTNAME)-site.key' >> /etc/tripwire/twcfg.txt echo "SITEKEYFILE =/etc/tripwire/\$(HOSTNAME)-site.key";
echo 'LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key' >> /etc/tripwire/twcfg.txt echo "LOCALKEYFILE =/etc/tripwire/\$(HOSTNAME)-local.key";
echo 'EDITOR =/usr/bin/editor' >> /etc/tripwire/twcfg.txt echo 'EDITOR =/usr/bin/editor';
echo 'LATEPROMPTING =false' >> /etc/tripwire/twcfg.txt echo 'LATEPROMPTING =false';
echo 'LOOSEDIRECTORYCHECKING =false' >> /etc/tripwire/twcfg.txt echo 'LOOSEDIRECTORYCHECKING =false';
echo 'MAILNOVIOLATIONS =false' >> /etc/tripwire/twcfg.txt echo 'MAILNOVIOLATIONS =false';
echo 'EMAILREPORTLEVEL =3' >> /etc/tripwire/twcfg.txt echo 'EMAILREPORTLEVEL =3';
echo 'REPORTLEVEL =3' >> /etc/tripwire/twcfg.txt echo 'REPORTLEVEL =3';
echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt echo 'SYSLOGREPORTING =false';
echo 'MAILMETHOD =SENDMAIL' >> /etc/tripwire/twcfg.txt echo 'MAILMETHOD =SENDMAIL';
echo 'MAILPROGRAM =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt echo 'MAILPROGRAM =/usr/lib/sendmail -oi -t';
echo 'SMTPHOST =localhost' >> /etc/tripwire/twcfg.txt echo 'SMTPHOST =localhost';
echo 'SMTPPORT =25' >> /etc/tripwire/twcfg.txt echo 'SMTPPORT =25';
echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt echo 'TEMPDIRECTORY =/tmp';
echo 'MAILFROMADDRESS =tripwire@$(HOSTNAME)' >> /etc/tripwire/twcfg.txt echo "MAILFROMADDRESS =tripwire@\$(HOSTNAME)"; } > /etc/tripwire/twcfg.txt
echo ' echo '
' | twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key -S /etc/tripwire/${HOSTNAME}-site.key ' | twadmin --generate-keys -L "/etc/tripwire/${HOSTNAME}-local.key" -S "/etc/tripwire/${HOSTNAME}-site.key"
echo ' echo '
' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
# make a script for easy resetting of the tripwire # make a script for easy resetting of the tripwire
echo '#!/bin/sh' > /usr/bin/reset-tripwire echo '#!/bin/sh' > /usr/bin/reset-tripwire
@ -137,16 +137,16 @@ function install_tripwire {
sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt
# Avoid logging the changed database # Avoid logging the changed database
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt sed -i "s|\$(TWETC)/tw.pol.*||g" /etc/tripwire/twpol.txt
# site key name # site key name
sed -i 's|$(TWETC)/site.key|$(TWETC)/$(HOSTNAME)-site.key|g' /etc/tripwire/twpol.txt sed -i "s|$(TWETC)/site.key|\$(TWETC)/\$(HOSTNAME)-site.key|g" /etc/tripwire/twpol.txt
# create the policy # create the policy
echo ' echo '
' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
mark_completed $FUNCNAME mark_completed "${FUNCNAME[0]}"
} }
# NOTE: deliberately no exit 0 # NOTE: deliberately no exit 0

View File

@ -55,11 +55,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
fi fi
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html) # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh UTILS_SSH="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh"
SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}') SSH_CIPHERS=$(grep 'SSH_CIPHERS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}') SSH_MACS=$(grep 'SSH_MACS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}') SSH_KEX=$(grep 'SSH_KEX=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}') SSH_HOST_KEY_ALGORITHMS=$(grep 'SSH_HOST_KEY_ALGORITHMS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
# refresh gpg keys every few hours # refresh gpg keys every few hours
REFRESH_GPG_KEYS_HOURS=2 REFRESH_GPG_KEYS_HOURS=2
@ -74,7 +74,7 @@ function global_rate_limit {
fi fi
sudo cp $SYSCTL_FILE ~/sysctl.conf sudo cp $SYSCTL_FILE ~/sysctl.conf
sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf sudo chown "$CURR_USER":"$CURR_GROUP" ~/sysctl.conf
if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
else else
@ -94,7 +94,7 @@ function refresh_gpg_keys {
fi fi
fi fi
sudo cp /etc/crontab ~/temp_crontab sudo cp /etc/crontab ~/temp_crontab
sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab sudo chown "$CURR_USER":"$CURR_GROUP" ~/temp_crontab
if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then
echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
sudo cp ~/temp_crontab /etc/crontab sudo cp ~/temp_crontab /etc/crontab
@ -105,8 +105,9 @@ function refresh_gpg_keys {
# see https://stribika.github.io/2015/01/04/secure-secure-shell.html # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
function ssh_remove_small_moduli { function ssh_remove_small_moduli {
sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli # shellcheck disable=SC2024
sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli sudo awk '$5 > 2000' /etc/ssh/moduli > "/home/$CURR_USER/moduli"
sudo mv "/home/$CURR_USER/moduli" /etc/ssh/moduli
} }
function configure_ssh_client { function configure_ssh_client {
@ -124,7 +125,7 @@ function configure_ssh_client {
sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
sudo cp /etc/ssh/ssh_config ~/ssh_config sudo cp /etc/ssh/ssh_config ~/ssh_config
sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
sudo mv ~/ssh_config /etc/ssh/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config
sudo chown root:root /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config
@ -134,7 +135,7 @@ function configure_ssh_client {
sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
sudo cp /etc/ssh/ssh_config ~/ssh_config sudo cp /etc/ssh/ssh_config ~/ssh_config
sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config
sudo mv ~/ssh_config /etc/ssh/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config
sudo chown root:root /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config
@ -142,17 +143,17 @@ function configure_ssh_client {
sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
if ! grep -q "MACs " /etc/ssh/ssh_config; then if ! grep -q "MACs " /etc/ssh/ssh_config; then
sudo cp /etc/ssh/ssh_config ~/ssh_config sudo cp /etc/ssh/ssh_config ~/ssh_config
sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
echo " MACs $SSH_MACS" >> ~/ssh_config echo " MACs $SSH_MACS" >> ~/ssh_config
sudo mv ~/ssh_config /etc/ssh/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config
sudo chown root:root /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config
fi fi
# Create ssh keys # Create ssh keys
if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then if [ ! -f "/home/$CURR_USER/.ssh/id_ed25519" ]; then
ssh-keygen -t ed25519 -o -a 100 ssh-keygen -t ed25519 -o -a 100
fi fi
if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then if [ ! -f "/home/$CURR_USER/.ssh/id_rsa" ]; then
ssh-keygen -t rsa -b 2048 -o -a 100 ssh-keygen -t rsa -b 2048 -o -a 100
fi fi
@ -170,20 +171,20 @@ function configure_ssh_client {
fi fi
if ! grep -q "# ${PROJECT_NAME} settings" ~/.ssh/config; then if ! grep -q "# ${PROJECT_NAME} settings" ~/.ssh/config; then
if ! grep -q 'ProxyCommand' ~/.ssh/config; then if ! grep -q 'ProxyCommand' ~/.ssh/config; then
echo "# ${PROJECT_NAME} settings start" >> ~/.ssh/config { echo "# ${PROJECT_NAME} settings start";
echo 'Host *.onion' >> ~/.ssh/config echo 'Host *.onion';
echo ' ServerAliveInterval 60' >> ~/.ssh/config echo ' ServerAliveInterval 60';
echo ' ServerAliveCountMax 3' >> ~/.ssh/config echo ' ServerAliveCountMax 3'; } >> ~/.ssh/config
if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
echo " ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config echo " ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
else else
echo " ProxyCommand $proxycmd" >> ~/.ssh/config echo " ProxyCommand $proxycmd" >> ~/.ssh/config
fi fi
echo 'Host *' >> ~/.ssh/config { echo 'Host *';
echo ' ServerAliveInterval 60' >> ~/.ssh/config echo ' ServerAliveInterval 60';
echo ' ServerAliveCountMax 3' >> ~/.ssh/config echo ' ServerAliveCountMax 3'; } >> ~/.ssh/config
if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
echo ' ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config echo ' ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
fi fi
echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
@ -194,8 +195,8 @@ function configure_ssh_client {
echo $'Go to the Administrator Control Panel, select "Manage Users", ' echo $'Go to the Administrator Control Panel, select "Manage Users", '
echo $'"Change user ssh public key" then "yes" and paste the following:' echo $'"Change user ssh public key" then "yes" and paste the following:'
echo '' echo ''
echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub) cat "/home/$CURR_USER/.ssh/id_rsa.pub"
echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub) cat "/home/$CURR_USER/.ssh/id_ed25519.pub"
echo '' echo ''
echo $'Then go to "Security Settings", select "Allow ssh login with passwords"' echo $'Then go to "Security Settings", select "Allow ssh login with passwords"'
echo $'and set it to "no".' echo $'and set it to "no".'
@ -222,37 +223,37 @@ function setup_client_app_irc {
else else
sudo pacman -S --noconfirm hexchat tor sudo pacman -S --noconfirm hexchat tor
fi fi
if [ ! -d /home/$CURR_USER/.config/hexchat ]; then if [ ! -d "/home/$CURR_USER/.config/hexchat" ]; then
mkdir -p /home/$CURR_USER/.config/hexchat mkdir -p "/home/$CURR_USER/.config/hexchat"
fi fi
echo 'net_proxy_host = 127.0.0.1' > /home/$CURR_USER/.config/hexchat/hexchat.conf { echo 'net_proxy_host = 127.0.0.1';
echo 'net_proxy_port = 9050' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'net_proxy_port = 9050';
echo 'net_proxy_type = 3' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'net_proxy_type = 3';
echo 'net_proxy_use = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'net_proxy_use = 0';
echo 'net_proxy_auth = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'net_proxy_auth = 1';
echo 'net_proxy_pass = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'net_proxy_pass = HexChat';
echo 'net_proxy_user = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'net_proxy_user = HexChat';
echo 'dcc_auto_chat = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'dcc_auto_chat = 0';
echo 'dcc_auto_resume = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'dcc_auto_resume = 0';
echo 'dcc_auto_send = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'dcc_auto_send = 0';
echo 'irc_hide_version = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'irc_hide_version = 1';
echo 'identd = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'identd = 0';
echo 'away_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'away_reason =';
echo 'irc_part_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'irc_part_reason =';
echo 'irc_quit_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'irc_quit_reason =';
echo "irc_real_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo "irc_real_name = ${USER}";
echo "irc_user_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo "irc_user_name = ${USER}";
echo "irc_nick1 = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo "irc_nick1 = ${USER}";
echo "irc_nick2 = ${USER}_" >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo "irc_nick2 = ${USER}_";
echo "irc_nick3 = ${USER}__" >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo "irc_nick3 = ${USER}__";
echo 'completion_suffix = :' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'completion_suffix = :';
echo 'gui_slist_skip = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf echo 'gui_slist_skip = 1'; } > "/home/$CURR_USER/.config/hexchat/hexchat.conf"
echo $'hexchat configured' echo $'hexchat configured'
} }
@ -272,8 +273,8 @@ function setup_client_app {
function remove_known_hosts_entries { function remove_known_hosts_entries {
# remove any previous freedombone entries from known hosts # remove any previous freedombone entries from known hosts
if [ -f /home/$CURR_USER/.ssh/known_hosts ]; then if [ -f "/home/$CURR_USER/.ssh/known_hosts" ]; then
sed -i "/${PROJECT_NAME}.local/d" /home/$CURR_USER/.ssh/known_hosts sed -i "/${PROJECT_NAME}.local/d" "/home/$CURR_USER/.ssh/known_hosts"
fi fi
} }
@ -294,7 +295,7 @@ function verify_ssh_server_key {
kill ${pid} kill ${pid}
} }
while [[ $# > 0 ]] while [ $# -gt 0 ]
do do
key="$1" key="$1"

View File

@ -57,36 +57,36 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
case $key in case $key in
--help) --help)
show_help show_help
;; ;;
-u|--username) -u|--username)
shift
USERNAME="$1"
;;
*)
# unknown option
;;
esac
shift shift
USERNAME="$1"
;;
*)
# unknown option
;;
esac
shift
done done
if [ ! $USERNAME ]; then if [ ! "$USERNAME" ]; then
echo $'No username specified' echo $'No username specified'
exit 5748 exit 5748
fi fi
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
echo $"User $USERNAME not found" echo $"User $USERNAME not found"
exit 76239 exit 76239
fi fi
if [ -d /home/$USERNAME/emailcert ]; then if [ -d "/home/$USERNAME/emailcert" ]; then
echo $'Client certs were already for created' echo $'Client certs were already for created'
exit 2953 exit 2953
fi fi
@ -97,75 +97,71 @@ fi
# Add a user password # Add a user password
if ! grep -q "$USERNAME:{plain}" /etc/dovecot/passwd-file; then if ! grep -q "$USERNAME:{plain}" /etc/dovecot/passwd-file; then
echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
fi fi
chmod 600 /etc/dovecot/passwd-file chmod 600 /etc/dovecot/passwd-file
# create a user cert # create a user cert
${PROJECT_NAME}-addcert -h $USERNAME --nodh "" "${PROJECT_NAME}-addcert" -h "$USERNAME" --nodh ""
if [ ! -f /etc/ssl/private/$USERNAME.key ]; then if [ ! -f "/etc/ssl/private/$USERNAME.key" ]; then
echo $'User certificates were not created' echo $'User certificates were not created'
rm -rf /home/$USERNAME/emailcert rm -rf "/home/$USERNAME/emailcert"
exit 74835 exit 74835
fi fi
# create a certificate request # create a certificate request
openssl req -new -sha256 -subj \ openssl req -new -sha256 -subj \
"/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" \ "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" \
-key /etc/ssl/private/$USERNAME.key \ -key "/etc/ssl/private/$USERNAME.key" \
-out /etc/ssl/requests/$USERNAME.csr -out "/etc/ssl/requests/$USERNAME.csr"
if [ ! -f /etc/ssl/requests/$USERNAME.csr ]; then if [ ! -f "/etc/ssl/requests/$USERNAME.csr" ]; then
echo $'Certificate request was not created' echo $'Certificate request was not created'
rm -rf /home/$USERNAME/emailcert rm -rf "/home/$USERNAME/emailcert"
exit 83520 exit 83520
fi fi
# sign the certificate request # sign the certificate request
cd /etc/ssl cd /etc/ssl || exit 742742542
openssl ca -config /etc/ssl/dovecot-ca.cnf \ openssl ca -config /etc/ssl/dovecot-ca.cnf \
-in /etc/ssl/requests/$USERNAME.csr \ -in "/etc/ssl/requests/$USERNAME.csr" \
-out /etc/ssl/certs/$USERNAME.cer -out "/etc/ssl/certs/$USERNAME.cer"
if [ ! -f /etc/ssl/certs/$USERNAME.cer ]; then if [ ! -f "/etc/ssl/certs/$USERNAME.cer" ]; then
echo $'Authentication certificate was not created' echo $'Authentication certificate was not created'
rm -rf /home/$USERNAME/emailcert rm -rf "/home/$USERNAME/emailcert"
exit 343569 exit 343569
fi fi
# move the cert to the user's home # move the cert to the user's home
mkdir /home/$USERNAME/emailcert mkdir "/home/$USERNAME/emailcert"
mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert mv "/etc/ssl/certs/$USERNAME.cer" "/home/$USERNAME/emailcert"
cp /etc/ssl/certs/dovecot.crt /home/$USERNAME/emailcert cp "/etc/ssl/certs/dovecot.crt" "/home/$USERNAME/emailcert"
cp /etc/ssl/certs/ca-$HOSTNAME.crt /home/$USERNAME/emailcert cp "/etc/ssl/certs/ca-$HOSTNAME.crt" "/home/$USERNAME/emailcert"
mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert mv "/etc/ssl/private/$USERNAME.key" "/home/$USERNAME/emailcert"
mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert mv "/etc/ssl/certs/$USERNAME.crt" "/home/$USERNAME/emailcert"
openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer \ openssl pkcs12 -export -in "/home/$USERNAME/emailcert/$USERNAME.cer" \
-out /home/$USERNAME/emailcert/$USERNAME.p12 \ -out "/home/$USERNAME/emailcert/$USERNAME.p12" \
-inkey /home/$USERNAME/emailcert/$USERNAME.key \ -inkey "/home/$USERNAME/emailcert/$USERNAME.key" \
-certfile /home/$USERNAME/emailcert/ca-$HOSTNAME.crt \ -certfile "/home/$USERNAME/emailcert/ca-$HOSTNAME.crt" \
-password pass:"" -password pass:""
# make an install script # make an install script
echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh { echo '#!/bin/bash';
echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs" >> \ echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs";
/home/$USERNAME/emailcert/install.sh echo "sudo mv $USERNAME.crt /etc/ssl/certs";
echo "sudo mv $USERNAME.crt /etc/ssl/certs" >> \ echo "sudo mv dovecot.crt /etc/ssl/certs";
/home/$USERNAME/emailcert/install.sh echo "sudo mv $USERNAME.key /etc/ssl/private";
echo "sudo mv dovecot.crt /etc/ssl/certs" >> \ echo 'exit 0'; } > "/home/$USERNAME/emailcert/install.sh"
/home/$USERNAME/emailcert/install.sh
echo "sudo mv $USERNAME.key /etc/ssl/private" >> \
/home/$USERNAME/emailcert/install.sh
echo 'exit 0' >> /home/$USERNAME/emailcert/install.sh
# set permissions for the user # set permissions for the user
chmod -R 755 /home/$USERNAME/emailcert chmod -R 755 "/home/$USERNAME/emailcert"
chown -R $USERNAME:$USERNAME /home/$USERNAME/emailcert chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
chmod +x /home/$USERNAME/emailcert/install.sh chmod +x "/home/$USERNAME/emailcert/install.sh"
shred -zu /etc/ssl/requests/$USERNAME.csr shred -zu "/etc/ssl/requests/$USERNAME.csr"
echo $'Email authentication certificate created. You can obtain it on the client with:' echo $'Email authentication certificate created. You can obtain it on the client with:'
echo '' echo ''

View File

@ -43,7 +43,7 @@ export TEXTDOMAINDIR="/usr/share/locale"
FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion" FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion"
# Minimum number of characters in a password # Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
# file containing new password # file containing new password
IMAGE_PASSWORD_FILE=/root/login.txt IMAGE_PASSWORD_FILE=/root/login.txt
@ -118,18 +118,18 @@ function please_wait {
echo -n '' echo -n ''
} }
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
function show_help { function show_help {
@ -157,23 +157,25 @@ function choose_email_address {
while [ ${#MY_EMAIL_ADDRESS} -lt 5 ] while [ ${#MY_EMAIL_ADDRESS} -lt 5 ]
do do
EMAIL_ADDRESS=$(grep 'MY_EMAIL_ADDRESS' temp.cfg | awk -F '=' '{print $2}') EMAIL_ADDRESS=$(grep 'MY_EMAIL_ADDRESS' temp.cfg | awk -F '=' '{print $2}')
if [ ! $EMAIL_ADDRESS ]; then if [ ! "$EMAIL_ADDRESS" ]; then
EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
fi fi
if [ ${#MY_EMAIL_ADDRESS} -lt 5 ]; then if [ ${#MY_EMAIL_ADDRESS} -lt 5 ]; then
EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
fi fi
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> $data --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) MY_EMAIL_ADDRESS=$(cat $data);; 0) MY_EMAIL_ADDRESS=$(cat "$data");;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
done done
fi fi
save_configuration_values save_configuration_values
@ -183,23 +185,24 @@ function choose_social_instance_domain_name {
DEFAULT_DOMAIN_DETAILS_COMPLETE= DEFAULT_DOMAIN_DETAILS_COMPLETE=
while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ] while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Instance domain" \ --title $"Instance domain" \
--form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \ --form $"\\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
$"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \ $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
$"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \ $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p) DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p) DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
if [ $DEFAULT_DOMAIN_NAME ]; then if [ "$DEFAULT_DOMAIN_NAME" ]; then
validate_freedns_code "$DEFAULT_DOMAIN_CODE" validate_freedns_code "$DEFAULT_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then if [ ! $VALID_CODE ]; then
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
@ -208,24 +211,27 @@ function choose_social_instance_domain_name {
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Enter your instance domain name:" 10 45 \ --inputbox $"Enter your instance domain name:" 10 45 \
"$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) DEFAULT_DOMAIN_NAME=$(cat $data);; 0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
fi fi
if [ $DEFAULT_DOMAIN_NAME ]; then if [ "$DEFAULT_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
DEFAULT_DOMAIN_DETAILS_COMPLETE="yes" DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
fi fi
fi fi
rm -f "$data"
done done
save_configuration_values save_configuration_values
} }
@ -242,8 +248,7 @@ function choose_default_domain_name {
DEFAULT_DOMAIN_DETAILS_COMPLETE= DEFAULT_DOMAIN_DETAILS_COMPLETE=
while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ] while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Your main domain name" \ --title $"Your main domain name" \
@ -252,23 +257,26 @@ function choose_default_domain_name {
$"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \ $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
$"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \ $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
$"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \ $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p) DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p) DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
EMAIL_DOMAIN_CODE=$(cat $data | sed -n 3p) EMAIL_DOMAIN_CODE=$(sed -n 3p < "$data")
XMPP_DOMAIN_CODE=$(cat $data | sed -n 4p) XMPP_DOMAIN_CODE=$(sed -n 4p < "$data")
if [ $DEFAULT_DOMAIN_NAME ]; then rm -f "$data"
if [ "$DEFAULT_DOMAIN_NAME" ]; then
validate_freedns_code "$DEFAULT_DOMAIN_CODE" validate_freedns_code "$DEFAULT_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then if [ ! $VALID_CODE ]; then
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
fi fi
fi fi
if [ $EMAIL_DOMAIN_CODE ]; then if [ "$EMAIL_DOMAIN_CODE" ]; then
validate_freedns_code "$EMAIL_DOMAIN_CODE" validate_freedns_code "$EMAIL_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then if [ ! $VALID_CODE ]; then
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
@ -277,7 +285,7 @@ function choose_default_domain_name {
write_config_param "EMAIL_DOMAIN_CODE" "$EMAIL_DOMAIN_CODE" write_config_param "EMAIL_DOMAIN_CODE" "$EMAIL_DOMAIN_CODE"
fi fi
fi fi
if [ $XMPP_DOMAIN_CODE ]; then if [ "$XMPP_DOMAIN_CODE" ]; then
validate_freedns_code "$XMPP_DOMAIN_CODE" validate_freedns_code "$XMPP_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then if [ ! $VALID_CODE ]; then
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
@ -289,18 +297,20 @@ function choose_default_domain_name {
else else
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \ --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \
"$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) DEFAULT_DOMAIN_NAME=$(cat $data);; 0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
fi fi
if [ $DEFAULT_DOMAIN_NAME ]; then if [ "$DEFAULT_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
validate_domain_name validate_domain_name
if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else else
@ -313,8 +323,7 @@ function choose_default_domain_name {
} }
function dynamic_dns_setup { function dynamic_dns_setup {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--radiolist $"Choose Dynamic DNS provider:" 40 40 40 \ --radiolist $"Choose Dynamic DNS provider:" 40 40 40 \
1 dyn.com off \ 1 dyn.com off \
@ -349,13 +358,15 @@ function dynamic_dns_setup {
30 strato.com off \ 30 strato.com off \
31 freemyip.com off \ 31 freemyip.com off \
32 cloudxns.net off \ 32 cloudxns.net off \
33 none off 2> $data 33 none off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) DDNS_PROVIDER="default@www.dyn.com";; 1) DDNS_PROVIDER="default@www.dyn.com";;
2) DDNS_PROVIDER="default@freedns.afraid.org";; 2) DDNS_PROVIDER="default@freedns.afraid.org";;
3) DDNS_PROVIDER="default@www.zoneedit.com";; 3) DDNS_PROVIDER="default@www.zoneedit.com";;
@ -389,8 +400,10 @@ function dynamic_dns_setup {
31) DDNS_PROVIDER="default@freemyip.com";; 31) DDNS_PROVIDER="default@freemyip.com";;
32) DDNS_PROVIDER="default@www.cloudxns.net";; 32) DDNS_PROVIDER="default@www.cloudxns.net";;
33) DDNS_PROVIDER="none";; 33) DDNS_PROVIDER="none";;
255) exit 1;; 255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
save_configuration_values save_configuration_values
valid_ddns_username= valid_ddns_username=
@ -403,50 +416,55 @@ function dynamic_dns_setup {
else else
while [ ! $valid_ddns_username ] while [ ! $valid_ddns_username ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) possible_username=$(cat $data) 0) possible_username=$(cat "$data")
if [ "$possible_username" ]; then if [ "$possible_username" ]; then
if [ ${#possible_username} -gt 1 ]; then if [ ${#possible_username} -gt 1 ]; then
valid_ddns_username=$(cat $data) valid_ddns_username=$(cat "$data")
DDNS_USERNAME=$valid_ddns_username DDNS_USERNAME="$valid_ddns_username"
rm -f "$data"
break; break;
fi fi
fi fi
;; ;;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
done done
save_configuration_values save_configuration_values
while [ ! $valid_ddns_password ] while [ ! $valid_ddns_password ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--clear \ --clear \
--insecure \ --insecure \
--passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> $data --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) possible_password=$(cat $data) 0) possible_password=$(cat "$data")
if [ "$possible_password" ]; then if [ "$possible_password" ]; then
if [ ${#possible_password} -gt 1 ]; then if [ ${#possible_password} -gt 1 ]; then
valid_ddns_password=$(cat $data) valid_ddns_password=$(cat "$data")
DDNS_PASSWORD=$valid_ddns_password DDNS_PASSWORD=$valid_ddns_password
break; break;
fi fi
fi fi
;; ;;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
if [ ${#DDNS_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then rm -f "$data"
if [ ${#DDNS_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40 dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40
DDNS_PASSWORD="" DDNS_PASSWORD=""
fi fi
@ -458,10 +476,10 @@ function dynamic_dns_setup {
function choose_dynamic_dns { function choose_dynamic_dns {
DDNS_PROVIDER="none" DDNS_PROVIDER="none"
if [[ $SYSTEM_TYPE != "mesh"* && $ONION_ONLY == "no" ]]; then if [[ "$SYSTEM_TYPE" != "mesh"* && "$ONION_ONLY" == "no" ]]; then
dialog --title $"Dynamic DNS" \ dialog --title $"Dynamic DNS" \
--backtitle $"Freedombone Configuration" \ --backtitle $"Freedombone Configuration" \
--yesno $"\nConfigure a dynamic DNS service?\n\nIf it is already handled by your internet router then select 'no'." 10 50 --yesno $"\\nConfigure a dynamic DNS service?\\n\\nIf it is already handled by your internet router then select 'no'." 10 50
sel=$? sel=$?
case $sel in case $sel in
0) dynamic_dns_setup;; 0) dynamic_dns_setup;;
@ -472,9 +490,8 @@ function choose_dynamic_dns {
} }
function choose_debian_repo { function choose_debian_repo {
if [[ $MINIMAL_INSTALL == "no" ]]; then if [[ "$MINIMAL_INSTALL" == "no" ]]; then
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--radiolist $"Where to download Debian packages from:" 25 45 49 \ --radiolist $"Where to download Debian packages from:" 25 45 49 \
1 $"Australia" off \ 1 $"Australia" off \
@ -525,13 +542,15 @@ function choose_debian_repo {
46 $"Turkey" off \ 46 $"Turkey" off \
47 $"Ukraine" off \ 47 $"Ukraine" off \
48 $"United Kingdom" off \ 48 $"United Kingdom" off \
49 $"United States" on 2> $data 49 $"United States" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) DEBIAN_REPO='ftp.au.debian.org';; 1) DEBIAN_REPO='ftp.au.debian.org';;
2) DEBIAN_REPO='ftp.at.debian.org';; 2) DEBIAN_REPO='ftp.at.debian.org';;
3) DEBIAN_REPO='ftp.by.debian.org';; 3) DEBIAN_REPO='ftp.by.debian.org';;
@ -581,8 +600,10 @@ function choose_debian_repo {
47) DEBIAN_REPO='ftp.ua.debian.org';; 47) DEBIAN_REPO='ftp.ua.debian.org';;
48) DEBIAN_REPO='ftp.uk.debian.org';; 48) DEBIAN_REPO='ftp.uk.debian.org';;
49) DEBIAN_REPO='ftp.us.debian.org';; 49) DEBIAN_REPO='ftp.us.debian.org';;
255) exit 1;; 255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
save_configuration_values save_configuration_values
else else
DEBIAN_REPO='ftp.de.debian.org' DEBIAN_REPO='ftp.de.debian.org'
@ -591,28 +612,31 @@ function choose_debian_repo {
function choose_rng { function choose_rng {
if [[ $MINIMAL_INSTALL == "no" ]]; then if [[ $MINIMAL_INSTALL == "no" ]]; then
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 if [[ "$INSTALLING_ON_BBB" != "yes" ]]; then
if [[ $INSTALLING_ON_BBB != "yes" ]]; then
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--radiolist $"Type of Random Number Generator:" 10 40 2 \ --radiolist $"Type of Random Number Generator:" 10 40 2 \
1 Haveged on \ 1 Haveged on \
2 OneRNG off 2> $data 2 OneRNG off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
2) HWRNG_TYPE="onerng" 2) HWRNG_TYPE="onerng"
dialog --title $"OneRNG Device" \ dialog --title $"OneRNG Device" \
--msgbox $"Please ensure that the OneRNG device is disconnected. You can reconnect it later during the installation" 8 60 --msgbox $"Please ensure that the OneRNG device is disconnected. You can reconnect it later during the installation" 8 60
;; ;;
255) exit 1;; 255) rm -f "$data"
exit 1;;
esac esac
else else
HWRNG_TYPE="beaglebone" HWRNG_TYPE="beaglebone"
fi fi
rm -f "$data"
save_configuration_values save_configuration_values
fi fi
} }
@ -621,9 +645,7 @@ function choose_social_key_management {
if [[ $MINIMAL_INSTALL == "no" ]]; then if [[ $MINIMAL_INSTALL == "no" ]]; then
interactive_gpg interactive_gpg
data=$(tempfile 2>/dev/null) SOCIAL_KEY_STR=$"\\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\\n\\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
trap "rm -f $data" 0 1 2 5 15
SOCIAL_KEY_STR=$"\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\n\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
if [[ $(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" temp.cfg | awk -F '=' '{print $2}') == "yes" ]]; then if [[ $(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" temp.cfg | awk -F '=' '{print $2}') == "yes" ]]; then
dialog --title $"Social Key Management" \ dialog --title $"Social Key Management" \
--backtitle $"Freedombone Configuration" \ --backtitle $"Freedombone Configuration" \
@ -659,36 +681,36 @@ function choose_username {
if [ ! $SELECTED_USERNAME ]; then if [ ! $SELECTED_USERNAME ]; then
SELECTED_USERNAME=$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}') SELECTED_USERNAME=$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
fi fi
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Username" \ --title $"Username" \
--inputbox $"Set your username for the system\n\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> $data --inputbox $"Set your username for the system\\n\\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) possible_username=$(cat $data) 0) possible_username=$(cat "$data")
SELECTED_USERNAME= SELECTED_USERNAME=
if [[ $possible_username != *' '* && $possible_username != *'/'* && $possible_username != *'\'* && $possible_username != *'*'* ]]; then if [[ "$possible_username" != *' '* && "$possible_username" != *'/'* && "$possible_username" != *'*'* ]]; then
if [ $possible_username ]; then if [ "$possible_username" ]; then
if [ ${#possible_username} -gt 1 ]; then if [ ${#possible_username} -gt 1 ]; then
if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then if [[ "$possible_username" != "$GENERIC_IMAGE_USERNAME" ]]; then
MY_USERNAME=$(cat $data) MY_USERNAME=$(cat "$data")
please_wait please_wait
echo '' echo ''
echo $'Creating user account' echo $'Creating user account'
chmod 600 /etc/shadow chmod 600 /etc/shadow
chmod 600 /etc/gshadow chmod 600 /etc/gshadow
useradd -m -s /bin/bash $MY_USERNAME useradd -m -s /bin/bash "$MY_USERNAME"
chmod 0000 /etc/shadow chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow chmod 0000 /etc/gshadow
if [ -d /home/$MY_USERNAME ]; then if [ -d "/home/$MY_USERNAME" ]; then
echo "${MY_USERNAME}:$(printf `cat $IMAGE_PASSWORD_FILE`)" | chpasswd echo "${MY_USERNAME}:$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" | chpasswd
# Add the user as a sudoer - they will be the new admin user # Add the user as a sudoer - they will be the new admin user
if ! grep -q "$MY_USERNAME ALL=(ALL) ALL" /etc/sudoers; then if ! grep -q "$MY_USERNAME ALL=(ALL) ALL" /etc/sudoers; then
echo "$MY_USERNAME ALL=(ALL) ALL" >> /etc/sudoers echo "$MY_USERNAME ALL=(ALL) ALL" >> /etc/sudoers
# remove the generic image admin user from sudoers # remove the generic image admin user from sudoers
sed -i "s|${GENERIC_IMAGE_USERNAME}.*||g" /etc/sudoers sed -i "s|${GENERIC_IMAGE_USERNAME}.*||g" /etc/sudoers
fi fi
rm -f "$data"
break break
fi fi
fi fi
@ -696,13 +718,16 @@ function choose_username {
fi fi
fi fi
;; ;;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
done done
else else
no_of_users=$(find /home/* -maxdepth 0 -type d | wc -l) no_of_users=$(find /home/* -maxdepth 0 -type d | wc -l)
if [ $no_of_users -eq 1 ]; then if [ "$no_of_users" -eq 1 ]; then
# only a single user on the system # only a single user on the system
MY_USERNAME=$(ls /home) MY_USERNAME=$(ls /home)
else else
@ -741,13 +766,12 @@ function choose_full_name {
valid_name= valid_name=
while [ ! $valid_name ] while [ ! $valid_name ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
0) possible_name=$(cat $data) 0) possible_name=$(cat "$data")
if [ "$possible_name" ]; then if [ "$possible_name" ]; then
if [ ${#possible_name} -gt 1 ]; then if [ ${#possible_name} -gt 1 ]; then
valid_name="$possible_name" valid_name="$possible_name"
@ -756,9 +780,12 @@ function choose_full_name {
fi fi
fi fi
;; ;;
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
rm -f "$data"
done done
save_configuration_values save_configuration_values
please_wait please_wait
@ -778,16 +805,17 @@ function choose_system_variant {
varstate='on' varstate='on'
fi fi
varslist="$varslist $n $a $varstate" varslist="$varslist $n $a $varstate"
n=$[n+1] n=$((n+1))
done done
variant_choice=$(dialog --stdout --backtitle $"Freedombone Configuration" \ variant_choice=$(dialog --stdout --backtitle $"Freedombone Configuration" \
--title $"Type of Installation" \ --title $"Type of Installation" \
--radiolist $'Choose:' \ --radiolist $'Choose:' \
27 40 20 $varslist) 27 40 20 "$varslist")
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
variant_choice=$[variant_choice-1] variant_choice=$((variant_choice-1))
SYSTEM_TYPE=${available_variants_list[$variant_choice]} SYSTEM_TYPE=${available_variants_list[$variant_choice]}
save_configuration_values save_configuration_values
fi fi
@ -796,7 +824,7 @@ function choose_system_variant {
function validate_freedns_code { function validate_freedns_code {
freedns_code="$1" freedns_code="$1"
FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\n\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters." FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\\n\\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
if [[ "$freedns_code" == *"."* || "$freedns_code" == "http"* || "$freedns_code" == *"wget "* || "$freedns_code" == *" "* ]]; then if [[ "$freedns_code" == *"."* || "$freedns_code" == "http"* || "$freedns_code" == *"wget "* || "$freedns_code" == *" "* ]]; then
dialog --title $"Invalid FreeDNS Code" --msgbox "$FREEDNS_MESSAGE" 10 70 dialog --title $"Invalid FreeDNS Code" --msgbox "$FREEDNS_MESSAGE" 10 70
@ -810,7 +838,7 @@ function validate_freedns_code {
} }
# Get the commandline options # Get the commandline options
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -855,8 +883,7 @@ do
done done
function interactive_select_language { function interactive_select_language {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--radiolist $"Select your language:" 26 40 24 \ --radiolist $"Select your language:" 26 40 24 \
1 $"Afrikaans" off \ 1 $"Afrikaans" off \
@ -926,13 +953,15 @@ function interactive_select_language {
65 $"Thai" off \ 65 $"Thai" off \
66 $"Turkish" off \ 66 $"Turkish" off \
67 $"Ukrainian" off \ 67 $"Ukrainian" off \
68 $"Vietnamese" off 2> $data 68 $"Vietnamese" off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) DEFAULT_LANGUAGE='af_ZA.UTF-8';; 1) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
2) DEFAULT_LANGUAGE='sq_AL.UTF-8';; 2) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
3) DEFAULT_LANGUAGE='ar_SA.UTF-8';; 3) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
@ -1002,6 +1031,7 @@ function interactive_select_language {
67) DEFAULT_LANGUAGE='uk_UA.UTF-8';; 67) DEFAULT_LANGUAGE='uk_UA.UTF-8';;
68) DEFAULT_LANGUAGE='vi_VN.UTF-8';; 68) DEFAULT_LANGUAGE='vi_VN.UTF-8';;
esac esac
rm -f "$data"
save_configuration_values save_configuration_values
please_wait please_wait
@ -1021,22 +1051,26 @@ function interactive_select_language {
function select_user { function select_user {
SELECTED_USERNAME= SELECTED_USERNAME=
users_array=($(ls /home)) homedirs=$(ls /home)
# shellcheck disable=SC2206
users_array=($homedirs)
delete=(git) delete=(git)
for del in ${delete[@]} for del in "${delete[@]}"
do do
# shellcheck disable=SC2206
users_array=(${users_array[@]/$del}) users_array=(${users_array[@]/$del})
done done
i=0 i=0
W=() W=()
name=() name=()
# shellcheck disable=SC2068
for u in ${users_array[@]} for u in ${users_array[@]}
do do
if [[ $(is_valid_user "$u") == "1" ]]; then if [[ $(is_valid_user "$u") == "1" ]]; then
i=$((i+1)) i=$((i+1))
W+=($i "$u") W+=("$i" "$u")
name+=("$u") name+=("$u")
fi fi
done done
@ -1046,6 +1080,7 @@ function select_user {
else else
user_index=$(dialog --backtitle $"Freedombone Configuration" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3) user_index=$(dialog --backtitle $"Freedombone Configuration" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
SELECTED_USERNAME="${name[$((user_index-1))]}" SELECTED_USERNAME="${name[$((user_index-1))]}"
fi fi
@ -1055,19 +1090,19 @@ function select_user {
function interactive_config { function interactive_config {
# create a temporary copy of the configuration file # create a temporary copy of the configuration file
# which can be used to pre-populate selections # which can be used to pre-populate selections
if [ -f $CONFIGURATION_FILE ]; then if [ -f "$CONFIGURATION_FILE" ]; then
cp $CONFIGURATION_FILE temp.cfg cp "$CONFIGURATION_FILE" temp.cfg
fi fi
interactive_select_language interactive_select_language
if [ $SOCIALINSTANCE ]; then if [ "$SOCIALINSTANCE" ]; then
INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html." INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
else else
if [[ $ONION_ONLY == "no" ]]; then if [[ "$ONION_ONLY" == "no" ]]; then
INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE." INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
else else
INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE." INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nWeb sites created will only be viewable within a Tor browser.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
fi fi
fi fi
@ -1079,7 +1114,7 @@ function interactive_config {
choose_social_key_management choose_social_key_management
choose_rng choose_rng
choose_debian_repo choose_debian_repo
${PROJECT_NAME}-wifi --networksinteractive $WIFI_NETWORKS_FILE "${PROJECT_NAME}-wifi" --networksinteractive "$WIFI_NETWORKS_FILE"
choose_dynamic_dns choose_dynamic_dns
choose_default_domain_name choose_default_domain_name
choose_email_address choose_email_address
@ -1109,7 +1144,7 @@ function interactive_config {
fi fi
# This file indicates that the configuration happened successfully # This file indicates that the configuration happened successfully
touch $HOME/.${PROJECT_NAME}-interactive touch "$HOME/.${PROJECT_NAME}-interactive"
} }
function show_result { function show_result {
@ -1120,11 +1155,11 @@ function show_result {
echo '' echo ''
echo $'Contents:' echo $'Contents:'
echo '' echo ''
cat $CONFIGURATION_FILE cat "$CONFIGURATION_FILE"
echo '' echo ''
} }
if [ ! $CONFIGURATION_FILE ]; then if [ ! "$CONFIGURATION_FILE" ]; then
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
fi fi

File diff suppressed because it is too large Load Diff

View File

@ -34,17 +34,17 @@ export TEXTDOMAIN=${PROJECT_NAME}-controlpanel-user
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
MY_EMAIL_ADDRESS=$USER@$HOSTNAME MY_EMAIL_ADDRESS=$USER@$HOSTNAME
GPG_ID=$(gpg --list-keys $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//') GPG_ID=$(gpg --list-keys "$MY_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//') GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
# If the default key is specified within gpg.conf # If the default key is specified within gpg.conf
if [ -f ~/.gnupg/gpg.conf ]; then if [ -f ~/.gnupg/gpg.conf ]; then
if grep -q "default-key" ~/.gnupg/gpg.conf; then if grep -q "default-key" ~/.gnupg/gpg.conf; then
default_gpg_key=$(cat ~/.gnupg/gpg.conf | grep "default-key") default_gpg_key=$(grep "default-key" ~/.gnupg/gpg.conf)
if [[ "$default_gpg_key" != *'#'* ]]; then if [[ "$default_gpg_key" != *'#'* ]]; then
default_gpg_key=$(cat ~/.gnupg/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') default_gpg_key=$(grep "default-key" ~/.gnupg/gpg.conf | awk -F ' ' '{print $2}')
if [ ${#default_gpg_key} -gt 3 ]; then if [ ${#default_gpg_key} -gt 3 ]; then
GPG_ID=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') GPG_ID=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
fi fi
fi fi
fi fi
@ -52,27 +52,29 @@ fi
# Start including files # Start including files
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
# End including files # End including files
function any_key { function any_key {
echo ' ' echo ' '
# shellcheck disable=SC2034
read -n1 -r -p $"Press any key to continue..." key read -n1 -r -p $"Press any key to continue..." key
} }
function remove_user_from_mailing_list { function remove_user_from_mailing_list {
USER_MAILING_LISTS=$(cat "/home/$USER/.procmailrc" | grep '\[' | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}') # shellcheck disable=SC1003
USER_MAILING_LISTS=$(grep '\[' "/home/$USER/.procmailrc" | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
i=0 i=0
W=() W=()
@ -80,19 +82,20 @@ function remove_user_from_mailing_list {
while read -r listname; do while read -r listname; do
i=$((i+1)) i=$((i+1))
if [[ "$listname" != *']'* && "$listname" != *'['* ]]; then if [[ "$listname" != *']'* && "$listname" != *'['* ]]; then
W+=($i "$listname") W+=("$i" "$listname")
list_name+=("$listname") list_name+=("$listname")
echo $listname echo "$listname"
fi fi
done <<< "$USER_MAILING_LISTS" done <<< "$USER_MAILING_LISTS"
i=$((i+1)) i=$((i+1))
W+=($i $"Exit back to filtering rules menu") W+=("$i" $"Exit back to filtering rules menu")
list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone User Control Panel" --title $"Remove yourself from a mailing list" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3) list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone User Control Panel" --title $"Remove yourself from a mailing list" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then # Exit with OK if [ $? -eq 0 ]; then # Exit with OK
if [ ${list_selected} -ne ${i} ]; then if [ "${list_selected}" -ne "${i}" ]; then
remove_list_name="${list_name[$((list_selected-1))]}" remove_list_name="${list_name[$((list_selected-1))]}"
# find the line number where the list is defined # find the line number where the list is defined
@ -100,7 +103,7 @@ function remove_user_from_mailing_list {
i=0 i=0
while read -r line while read -r line
do do
if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
line_number=${i} line_number=${i}
fi fi
i=$((i+1)) i=$((i+1))
@ -112,8 +115,8 @@ function remove_user_from_mailing_list {
fi fi
# recreate the file # recreate the file
if [ -f /home/${USER}/.procmailrc_new ]; then if [ -f "/home/${USER}/.procmailrc_new" ]; then
rm /home/${USER}/.procmailrc_new rm "/home/${USER}/.procmailrc_new"
fi fi
i=0 i=0
clip=0 clip=0
@ -141,15 +144,15 @@ function remove_user_from_mailing_list {
fi fi
fi fi
echo "$line" >> /home/${USER}/.procmailrc_new echo "$line" >> "/home/${USER}/.procmailrc_new"
if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
line_number=${i} line_number=${i}
fi fi
done < "/home/$USER/.procmailrc" done < "/home/$USER/.procmailrc"
cp /home/${USER}/.procmailrc_new /home/${USER}/.procmailrc cp "/home/${USER}/.procmailrc_new" "/home/${USER}/.procmailrc"
rm /home/${USER}/.procmailrc_new rm "/home/${USER}/.procmailrc_new"
chown ${USER}:${USER} /home/${USER}/.procmailrc chown "${USER}":"${USER}" "/home/${USER}/.procmailrc"
dialog --title $"Remove yourself from mailing list" \ dialog --title $"Remove yourself from mailing list" \
--msgbox $"You have been removed from ${remove_list_name}" 6 50 --msgbox $"You have been removed from ${remove_list_name}" 6 50
fi fi
@ -157,27 +160,26 @@ function remove_user_from_mailing_list {
} }
function add_to_mailing_list { function add_to_mailing_list {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Subscribe to a mailing list" \ --title $"Subscribe to a mailing list" \
--form $"You can either enter a subject or an email address\n" 11 68 4 \ --form $"You can either enter a subject or an email address\\n" 11 68 4 \
$"List folder name:" 1 1 "" 1 35 26 25 \ $"List folder name:" 1 1 "" 1 35 26 25 \
$"Name between [] on subject line:" 2 1 "" 2 35 26 25 \ $"Name between [] on subject line:" 2 1 "" 2 35 26 25 \
$"List email address:" 3 1 "" 3 35 26 25 \ $"List email address:" 3 1 "" 3 35 26 25 \
$"Public:" 4 1 $"yes" 4 35 4 25 \ $"Public:" 4 1 $"yes" 4 35 4 25 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
LIST_NAME=$(cat $data | sed -n 1p) LIST_NAME=$(sed -n 1p < "$data")
LIST_SUBJECT=$(cat $data | sed -n 2p) LIST_SUBJECT=$(sed -n 2p < "$data")
LIST_EMAIL=$(cat $data | sed -n 3p) LIST_EMAIL=$(sed -n 3p < "$data")
LIST_PUBLIC=$(cat $data | sed -n 4p) LIST_PUBLIC=$(sed -n 4p < "$data")
if [ ${#LIST_PUBLIC} -lt 1 ]; then if [ ${#LIST_PUBLIC} -lt 1 ]; then
LIST_PUBLIC='no' LIST_PUBLIC='no'
@ -190,57 +192,56 @@ function add_to_mailing_list {
if [ ${#LIST_NAME} -lt 2 ]; then if [ ${#LIST_NAME} -lt 2 ]; then
dialog --title $"Add mailing list" \ dialog --title $"Add mailing list" \
--msgbox $"No mailing list name was given" 6 40 --msgbox $"No mailing list name was given" 6 40
rm $data rm -f "$data"
return return
fi fi
if [ ${#LIST_SUBJECT} -lt 2 ]; then if [ ${#LIST_SUBJECT} -lt 2 ]; then
if [ ${#LIST_EMAIL} -lt 2 ]; then if [ ${#LIST_EMAIL} -lt 2 ]; then
dialog --title $"Add mailing list" \ dialog --title $"Add mailing list" \
--msgbox $"No mailing list subject or address was given" 6 40 --msgbox $"No mailing list subject or address was given" 6 40
rm $data rm -f "$data"
return return
fi fi
fi fi
if [ ${#LIST_SUBJECT} -gt 1 ]; then if [ ${#LIST_SUBJECT} -gt 1 ]; then
${PROJECT_NAME}-addlist -u $USER -l "$LIST_NAME" \ "${PROJECT_NAME}-addlist" -u "$USER" -l "$LIST_NAME" \
-s "$LIST_SUBJECT" --public $LIST_PUBLIC -s "$LIST_SUBJECT" --public "$LIST_PUBLIC"
else else
if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then
dialog --title $"Add mailing list" \ dialog --title $"Add mailing list" \
--msgbox $"Unrecognised email address" 6 40 --msgbox $"Unrecognised email address" 6 40
rm $data rm -f "$data"
return return
else else
${PROJECT_NAME}-addlist -u $USER -l "$LIST_NAME" \ "${PROJECT_NAME}-addlist" -u "$USER" -l "$LIST_NAME" \
-e "$LIST_EMAIL" --public $LIST_PUBLIC -e "$LIST_EMAIL" --public "$LIST_PUBLIC"
fi fi
fi fi
dialog --title $"Add mailing list" \ dialog --title $"Add mailing list" \
--msgbox $"$LIST_NAME list was added" 6 40 --msgbox $"$LIST_NAME list was added" 6 40
rm $data rm -f "$data"
} }
function email_rule_address { function email_rule_address {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Create an email rule" \ --title $"Create an email rule" \
--form "\n" 9 65 4 \ --form "\\n" 9 65 4 \
$"When email arrives from address:" 1 1 "" 1 35 24 28 \ $"When email arrives from address:" 1 1 "" 1 35 24 28 \
$"Move to folder:" 2 1 "" 2 35 24 28 \ $"Move to folder:" 2 1 "" 2 35 24 28 \
$"Public:" 3 1 $"no" 3 35 4 25 \ $"Public:" 3 1 $"no" 3 35 4 25 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
RULE_EMAIL=$(cat $data | sed -n 1p) RULE_EMAIL=$(sed -n 1p < "$data")
RULE_FOLDER=$(cat $data | sed -n 2p) RULE_FOLDER=$(sed -n 2p < "$data")
RULE_PUBLIC=$(cat $data | sed -n 3p) RULE_PUBLIC=$(sed -n 3p < "$data")
if [ ${#RULE_PUBLIC} -lt 1 ]; then if [ ${#RULE_PUBLIC} -lt 1 ]; then
RULE_PUBLIC='no' RULE_PUBLIC='no'
@ -253,27 +254,27 @@ function email_rule_address {
if [ ${#RULE_EMAIL} -lt 2 ]; then if [ ${#RULE_EMAIL} -lt 2 ]; then
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"No email address was given" 6 40 --msgbox $"No email address was given" 6 40
rm $data rm -f "$data"
return return
fi fi
if [ ${#RULE_FOLDER} -lt 2 ]; then if [ ${#RULE_FOLDER} -lt 2 ]; then
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"No folder name was given" 6 40 --msgbox $"No folder name was given" 6 40
rm $data rm -f "$data"
return return
fi fi
if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"Unrecognised email address" 6 40 --msgbox $"Unrecognised email address" 6 40
rm $data rm -f "$data"
return return
fi fi
${PROJECT_NAME}-addemail -u $USER -e "$RULE_EMAIL" \ "${PROJECT_NAME}-addemail" -u "$USER" -e "$RULE_EMAIL" \
-g "$RULE_FOLDER" --public $RULE_PUBLIC -g "$RULE_FOLDER" --public $RULE_PUBLIC
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"Email rule for $RULE_EMAIL was added" 6 40 --msgbox $"Email rule for $RULE_EMAIL was added" 6 40
rm $data rm -f "$data"
} }
function gpg_set_trust { function gpg_set_trust {
@ -281,8 +282,7 @@ function gpg_set_trust {
fpr=$(gpg --with-colons --fingerprint "$TRUST_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}') fpr=$(gpg --with-colons --fingerprint "$TRUST_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
if [ ${#fpr} -gt 2 ]; then if [ ${#fpr} -gt 2 ]; then
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Trust a PGP/GPG key or website domain" \ --title $"Trust a PGP/GPG key or website domain" \
--radiolist $"Set the trust level for $TRUST_ADDRESS:" 18 70 10 \ --radiolist $"Set the trust level for $TRUST_ADDRESS:" 18 70 10 \
@ -290,19 +290,18 @@ function gpg_set_trust {
2 $"I do NOT trust" off \ 2 $"I do NOT trust" off \
3 $"I trust marginally" on \ 3 $"I trust marginally" on \
4 $"I trust fully" off \ 4 $"I trust fully" off \
5 $"I trust ultimately" off 2> $data 5 $"I trust ultimately" off 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
TRUST_LEVEL=$(cat $data) TRUST_LEVEL=$(cat "$data")
if [ ${TRUST_LEVEL} -ge 1 ] ; then if [ "${TRUST_LEVEL}" -ge 1 ] ; then
if [ ${TRUST_LEVEL} -le 5 ] ; then if [ "${TRUST_LEVEL}" -le 5 ] ; then
echo -e "trust\n${TRUST_LEVEL}\ny\nsave\n" | gpg --command-fd 0 --edit-key $fpr if echo -e "trust\\n${TRUST_LEVEL}\\ny\\nsave\\n" | gpg --command-fd 0 --edit-key "$fpr"; then
if [ "$?" = "0" ]; then
gpg --update-trustdb gpg --update-trustdb
dialog --title $"Trust a PGP/GPG key or website domain" \ dialog --title $"Trust a PGP/GPG key or website domain" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
@ -310,30 +309,29 @@ function gpg_set_trust {
fi fi
fi fi
fi fi
rm $data rm -f "$data"
fi fi
} }
function email_rule_subject { function email_rule_subject {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Create an email rule" \ --title $"Create an email rule" \
--form "\n" 9 75 4 \ --form "\\n" 9 75 4 \
$"When email arrives with subject containing:" 1 1 "" 1 45 24 28 \ $"When email arrives with subject containing:" 1 1 "" 1 45 24 28 \
$"Move to folder:" 2 1 "" 2 45 24 28 \ $"Move to folder:" 2 1 "" 2 45 24 28 \
$"Public:" 3 1 $"no" 3 45 4 25 \ $"Public:" 3 1 $"no" 3 45 4 25 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
RULE_SUBJECT=$(cat $data | sed -n 1p) RULE_SUBJECT=$(sed -n 1p < "$data")
RULE_FOLDER=$(cat $data | sed -n 2p) RULE_FOLDER=$(sed -n 2p < "$data")
RULE_PUBLIC=$(cat $data | sed -n 3p) RULE_PUBLIC=$(sed -n 3p < "$data")
if [ ${#RULE_PUBLIC} -lt 1 ]; then if [ ${#RULE_PUBLIC} -lt 1 ]; then
RULE_PUBLIC='no' RULE_PUBLIC='no'
@ -346,42 +344,41 @@ function email_rule_subject {
if [ ${#RULE_SUBJECT} -lt 2 ]; then if [ ${#RULE_SUBJECT} -lt 2 ]; then
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"No subject text was given" 6 40 --msgbox $"No subject text was given" 6 40
rm $data rm -f "$data"
return return
fi fi
if [ ${#RULE_FOLDER} -lt 2 ]; then if [ ${#RULE_FOLDER} -lt 2 ]; then
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"No folder name was given" 6 40 --msgbox $"No folder name was given" 6 40
rm $data rm -f "$data"
return return
fi fi
${PROJECT_NAME}-addemail -u $USER -s "$RULE_SUBJECT" \ "${PROJECT_NAME}-addemail" -u "$USER" -s "$RULE_SUBJECT" \
-g "$RULE_FOLDER" --public $RULE_PUBLIC -g "$RULE_FOLDER" --public "$RULE_PUBLIC"
dialog --title $"Create an email rule" \ dialog --title $"Create an email rule" \
--msgbox $"Email rule for subject '$RULE_SUBJECT' was added" 6 40 --msgbox $"Email rule for subject '$RULE_SUBJECT' was added" 6 40
rm $data rm -f "$data"
} }
function block_unblock_email { function block_unblock_email {
blockstr=$"Block or unblock emails from a given address" blockstr=$"Block or unblock emails from a given address"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title "$blockstr" \ --title "$blockstr" \
--form "\n" 8 65 3 \ --form "\\n" 8 65 3 \
$"When email arrives from address:" 1 1 "" 1 35 24 100 \ $"When email arrives from address:" 1 1 "" 1 35 24 100 \
$"Block it:" 2 1 "yes" 2 35 4 4 \ $"Block it:" 2 1 "yes" 2 35 4 4 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
BLOCK_EMAIL=$(cat $data | sed -n 1p) BLOCK_EMAIL=$(sed -n 1p < "$data")
BLOCK=$(cat $data | sed -n 2p) BLOCK=$(sed -n 2p < "$data")
if [ ${#BLOCK_EMAIL} -lt 2 ]; then if [ ${#BLOCK_EMAIL} -lt 2 ]; then
dialog --title "$blockstr" \ dialog --title "$blockstr" \
--msgbox $"No email address was given" 6 40 --msgbox $"No email address was given" 6 40
@ -390,64 +387,63 @@ function block_unblock_email {
if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then
dialog --title "$blockstr" \ dialog --title "$blockstr" \
--msgbox $"Unrecognised email address" 6 40 --msgbox $"Unrecognised email address" 6 40
rm $data rm -f "$data"
return return
fi fi
if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
${PROJECT_NAME}-ignore -u $USER -e "$BLOCK_EMAIL" "${PROJECT_NAME}-ignore" -u "$USER" -e "$BLOCK_EMAIL"
dialog --title $"Block an email" \ dialog --title $"Block an email" \
--msgbox "Email from $BLOCK_EMAIL is now blocked" 6 75 --msgbox "Email from $BLOCK_EMAIL is now blocked" 6 75
else else
${PROJECT_NAME}-unignore -u $USER -e "$BLOCK_EMAIL" "${PROJECT_NAME}-unignore" -u "$USER" -e "$BLOCK_EMAIL"
dialog --title $"Unblock an email" \ dialog --title $"Unblock an email" \
--msgbox "Email from $BLOCK_EMAIL is now unblocked" 6 75 --msgbox "Email from $BLOCK_EMAIL is now unblocked" 6 75
fi fi
rm $data rm -f "$data"
} }
function block_unblock_subject { function block_unblock_subject {
blockstr=$"Block or unblock emails with text in the subject line" blockstr=$"Block or unblock emails with text in the subject line"
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title "$blockstr" \ --title "$blockstr" \
--form "\n" 8 70 3 \ --form "\\n" 8 70 3 \
$"When email arrives with subject text:" 1 1 "" 1 40 24 28 \ $"When email arrives with subject text:" 1 1 "" 1 40 24 28 \
$"Block it:" 2 1 "yes" 2 40 4 4 \ $"Block it:" 2 1 "yes" 2 40 4 4 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
BLOCK_SUBJECT=$(cat $data | sed -n 1p) BLOCK_SUBJECT=$(sed -n 1p < "$data")
BLOCK=$(cat $data | sed -n 2p) BLOCK=$(sed -n 2p < "$data")
if [ ${#BLOCK_SUBJECT} -lt 2 ]; then if [ ${#BLOCK_SUBJECT} -lt 2 ]; then
dialog --title "$blockstr" \ dialog --title "$blockstr" \
--msgbox $"No subject was given" 6 40 --msgbox $"No subject was given" 6 40
rm $data rm -f "$data"
return return
fi fi
if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
${PROJECT_NAME}-ignore -u $USER -t "$BLOCK_SUBJECT" "${PROJECT_NAME}-ignore" -u "$USER" -t "$BLOCK_SUBJECT"
dialog --title $"Block an email" \ dialog --title $"Block an email" \
--msgbox $"Email with subject $BLOCK_SUBJECT is now blocked" 6 40 --msgbox $"Email with subject $BLOCK_SUBJECT is now blocked" 6 40
else else
${PROJECT_NAME}-unignore -u $USER -t "$BLOCK_SUBJECT" "${PROJECT_NAME}-unignore" -u "$USER" -t "$BLOCK_SUBJECT"
dialog --title $"Unblock an email" \ dialog --title $"Unblock an email" \
--msgbox $"Email with subject $BLOCK_SUBJECT is now unblocked" 6 40 --msgbox $"Email with subject $BLOCK_SUBJECT is now unblocked" 6 40
fi fi
rm $data rm -f "$data"
} }
function show_gpg_key { function show_gpg_key {
GPG_FINGERPRINT=$(gpg --fingerprint $GPG_ID | sed -n '2p' | sed 's/^[ \t]*//') GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
GPG_DATE=$(gpg --fingerprint $GPG_ID | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}') GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
dialog --title $"My PGP/GPG Key" \ dialog --title $"My PGP/GPG Key" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70 --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
} }
function show_full_gpg_key { function show_full_gpg_key {
@ -455,18 +451,18 @@ function show_full_gpg_key {
echo '' echo ''
echo '' echo ''
echo '' echo ''
gpg --armor --export $GPG_ID gpg --armor --export "$GPG_ID"
echo '' echo ''
echo '' echo ''
echo '' echo ''
gpg --armor --export-secret-key $GPG_ID gpg --armor --export-secret-key "$GPG_ID"
any_key any_key
} }
function publish_gpg_key { function publish_gpg_key {
gpg --send-key $GPG_ID gpg --send-key "$GPG_ID"
if [ $GPG_BACKUP_ID ]; then if [ "$GPG_BACKUP_ID" ]; then
gpg --send-key $GPG_BACKUP_ID gpg --send-key "$GPG_BACKUP_ID"
fi fi
dialog --title $"Publish your PGP/GPG key" \ dialog --title $"Publish your PGP/GPG key" \
--msgbox $"Your key has now been published" 6 40 --msgbox $"Your key has now been published" 6 40
@ -479,15 +475,14 @@ function refresh_gpg_keys {
} }
function add_gpg_key { function add_gpg_key {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Enter email address, Key ID or full key below" \ dialog --title $"Enter email address, Key ID or full key below" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--editbox $data 8 60 2>$data --editbox "$data" 8 60
sel=$? sel=$?
case $sel in case $sel in
0) 0)
ADD_EMAIL_ADDRESS=$(<$data) ADD_EMAIL_ADDRESS=$(<"$data")
if [ ${#ADD_EMAIL_ADDRESS} -gt 2 ]; then if [ ${#ADD_EMAIL_ADDRESS} -gt 2 ]; then
address_is_valid= address_is_valid=
@ -522,24 +517,23 @@ function add_gpg_key {
fi fi
;; ;;
esac esac
rm $data rm "$data"
} }
function remove_gpg_key { function remove_gpg_key {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Remove someone's PGP/GPG key" \ dialog --title $"Remove someone's PGP/GPG key" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--inputbox $"Enter their email address or key ID below" 8 60 2>$data --inputbox $"Enter their email address or key ID below" 8 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
REMOVE_EMAIL_ADDRESS=$(<$data) REMOVE_EMAIL_ADDRESS=$(<"$data")
if [ ${#REMOVE_EMAIL_ADDRESS} -gt 2 ]; then if [ ${#REMOVE_EMAIL_ADDRESS} -gt 2 ]; then
if [[ $REMOVE_EMAIL_ADDRESS == *"@"* && $REMOVE_EMAIL_ADDRESS == *"."* ]]; then if [[ $REMOVE_EMAIL_ADDRESS == *"@"* && $REMOVE_EMAIL_ADDRESS == *"."* ]]; then
if [[ $REMOVE_EMAIL_ADDRESS != $MY_EMAIL_ADDRESS ]]; then if [[ "$REMOVE_EMAIL_ADDRESS" != "$MY_EMAIL_ADDRESS" ]]; then
clear clear
gpg --delete-key $REMOVE_EMAIL_ADDRESS gpg --delete-key "$REMOVE_EMAIL_ADDRESS"
else else
dialog --title $"Remove someone's PGP/GPG key" \ dialog --title $"Remove someone's PGP/GPG key" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
@ -548,7 +542,7 @@ function remove_gpg_key {
else else
if [[ $REMOVE_EMAIL_ADDRESS == "0x"* ]]; then if [[ $REMOVE_EMAIL_ADDRESS == "0x"* ]]; then
clear clear
gpg --delete-key $REMOVE_EMAIL_ADDRESS gpg --delete-key "$REMOVE_EMAIL_ADDRESS"
else else
dialog --title $"Unrecognised email address" \ dialog --title $"Unrecognised email address" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
@ -558,29 +552,28 @@ function remove_gpg_key {
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function add_ssh_key { function add_ssh_key {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Add an ssh key for logging in" \ dialog --title $"Add an ssh key for logging in" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--inputbox $"This will allow you to log into ${PROJECT_NAME} if you have an ssh key on your system, and provides much stronger security than simply using a login password.\n\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>$data --inputbox $"This will allow you to log into ${PROJECT_NAME} if you have an ssh key on your system, and provides much stronger security than simply using a login password.\\n\\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
SSH_PUBLIC_KEY=$(<$data) SSH_PUBLIC_KEY=$(<"$data")
if [ ${#SSH_PUBLIC_KEY} -gt 20 ]; then if [ ${#SSH_PUBLIC_KEY} -gt 20 ]; then
if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
if [ ! -d /home/$USER/.ssh ]; then if [ ! -d "/home/$USER/.ssh" ]; then
mkdir /home/$USER/.ssh mkdir "/home/$USER/.ssh"
fi fi
if [ ! -f /home/$USER/.ssh/authorized_keys ]; then if [ ! -f "/home/$USER/.ssh/authorized_keys" ]; then
touch /home/$USER/.ssh/authorized_keys touch "/home/$USER/.ssh/authorized_keys"
fi fi
if ! grep -q "$SSH_PUBLIC_KEY" /home/$USER/.ssh/authorized_keys; then if ! grep -q "$SSH_PUBLIC_KEY" "/home/$USER/.ssh/authorized_keys"; then
echo "$SSH_PUBLIC_KEY" >> /home/$USER/.ssh/authorized_keys echo "$SSH_PUBLIC_KEY" >> "/home/$USER/.ssh/authorized_keys"
dialog --title $"New ssh key added" \ dialog --title $"New ssh key added" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"Your ssh key has now been added" 6 50 --msgbox $"Your ssh key has now been added" 6 50
@ -597,22 +590,21 @@ function add_ssh_key {
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function remove_ssh_key { function remove_ssh_key {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Remove an ssh key for logging in" \ dialog --title $"Remove an ssh key for logging in" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--inputbox $"Enter the ssh public key which is to be removed. This can be just the address at the end.\n\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>$data --inputbox $"Enter the ssh public key which is to be removed. This can be just the address at the end.\\n\\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
SSH_PUBLIC_KEY=$(<$data) SSH_PUBLIC_KEY=$(<"$data")
if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
if [ -f /home/$USER/.ssh/authorized_keys ]; then if [ -f "/home/$USER/.ssh/authorized_keys" ]; then
sed -i "s|.*${SSH_PUBLIC_KEY}.*||g" /home/$USER/.ssh/authorized_keys sed -i "s|.*${SSH_PUBLIC_KEY}.*||g" "/home/$USER/.ssh/authorized_keys"
dialog --title $"Remove an ssh public key" \ dialog --title $"Remove an ssh public key" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"The ssh key has been removed" 6 50 --msgbox $"The ssh key has been removed" 6 50
@ -620,12 +612,12 @@ function remove_ssh_key {
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function smtp_proxy { function smtp_proxy {
MUTTRC_FILE=/home/$USER/.muttrc MUTTRC_FILE=/home/$USER/.muttrc
if [ ! -f $MUTTRC_FILE ]; then if [ ! -f "$MUTTRC_FILE" ]; then
return return
fi fi
SMTP_PROXY_ENABLE=$'no' SMTP_PROXY_ENABLE=$'no'
@ -635,21 +627,20 @@ function smtp_proxy {
SMTP_PROXY_USERNAME='' SMTP_PROXY_USERNAME=''
SMTP_PROXY_PASSWORD='' SMTP_PROXY_PASSWORD=''
if grep -q "set smtp_url" $MUTTRC_FILE; then if grep -q "set smtp_url" "$MUTTRC_FILE"; then
if grep -q "#set smtp_url" $MUTTRC_FILE; then if grep -q "#set smtp_url" "$MUTTRC_FILE"; then
SMTP_PROXY_ENABLE=$'no' SMTP_PROXY_ENABLE=$'no'
else else
SMTP_PROXY_ENABLE=$'yes' SMTP_PROXY_ENABLE=$'yes'
fi fi
SMTP_PROXY_PROTOCOL=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F ':' '{print $1}') SMTP_PROXY_PROTOCOL=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F ':' '{print $1}')
SMTP_PROXY_SERVER=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $2}') SMTP_PROXY_SERVER=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $2}')
SMTP_PROXY_PORT=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F ':' '{print $4}' | awk -F '/' '{print $1}') SMTP_PROXY_PORT=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F ':' '{print $4}' | awk -F '/' '{print $1}')
SMTP_PROXY_USERNAME=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $1}') SMTP_PROXY_USERNAME=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $1}')
SMTP_PROXY_PASSWORD=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $1}') SMTP_PROXY_PASSWORD=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $1}')
fi fi
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"SMTP Proxy for $USER" \ --title $"SMTP Proxy for $USER" \
--form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \ --form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \
@ -659,54 +650,52 @@ function smtp_proxy {
$"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \ $"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \
$"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \ $"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \
$"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \ $"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
return;; return;;
255) rm $data 255) rm -f "$data"
return;; return;;
esac esac
SMTP_PROXY_ENABLE=$(cat $data | sed -n 1p) SMTP_PROXY_ENABLE=$(sed -n 1p < "$data")
SMTP_PROXY_PROTOCOL=$(cat $data | sed -n 2p) SMTP_PROXY_PROTOCOL=$(sed -n 2p < "$data")
SMTP_PROXY_SERVER=$(cat $data | sed -n 3p) SMTP_PROXY_SERVER=$(sed -n 3p < "$data")
SMTP_PROXY_PORT=$(cat $data | sed -n 4p) SMTP_PROXY_PORT=$(sed -n 4p < "$data")
SMTP_PROXY_USERNAME=$(cat $data | sed -n 5p) SMTP_PROXY_USERNAME=$(sed -n 5p < "$data")
SMTP_PROXY_PASSWORD=$(cat $data | sed -n 6p) SMTP_PROXY_PASSWORD=$(sed -n 6p < "$data")
# change muttrc # change muttrc
if [ $SMTP_PROXY_ENABLE != $'no' ]; then if [ "$SMTP_PROXY_ENABLE" != $'no' ]; then
if ! grep -q "set smtp_url" $MUTTRC_FILE; then if ! grep -q "set smtp_url" "$MUTTRC_FILE"; then
echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> "$MUTTRC_FILE"
else else
sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" "$MUTTRC_FILE"
fi fi
sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE sed -i 's|#set smtp_url|set smtp_url|g' "$MUTTRC_FILE"
else else
if grep -q "set smtp_url" $MUTTRC_FILE; then if grep -q "set smtp_url" "$MUTTRC_FILE"; then
sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE sed -i 's|set smtp_url|#set smtp_url|g' "$MUTTRC_FILE"
fi fi
fi fi
rm $data rm -f "$data"
} }
function sign_gpg_key { function sign_gpg_key {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Sign a PGP/GPG key or website domain" \ dialog --title $"Sign a PGP/GPG key or website domain" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--inputbox $"Enter the Key ID, address or domain to be signed.\n\nIf you are signing a website domain then include the https:// at the beginning.\n\nIf you are signing an ssh key then include ssh:// before the domain name." 14 75 2>$data --inputbox $"Enter the Key ID, address or domain to be signed.\\n\\nIf you are signing a website domain then include the https:// at the beginning.\\n\\nIf you are signing an ssh key then include ssh:// before the domain name." 14 75 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
SIGN_ADDRESS=$(<$data) SIGN_ADDRESS=$(<"$data")
if [ ${#SIGN_ADDRESS} -gt 2 ]; then if [ ${#SIGN_ADDRESS} -gt 2 ]; then
clear clear
gpg --search "$SIGN_ADDRESS" gpg --search "$SIGN_ADDRESS"
fpr=$(gpg --with-colons --fingerprint "$SIGN_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}') fpr=$(gpg --with-colons --fingerprint "$SIGN_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
if [ ${#fpr} -gt 2 ]; then if [ ${#fpr} -gt 2 ]; then
gpg --sign-key $fpr if gpg --sign-key "$fpr"; then
if [ "$?" = "0" ]; then
gpg --update-trustdb gpg --update-trustdb
dialog --title $"Sign a PGP/GPG key" \ dialog --title $"Sign a PGP/GPG key" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
@ -716,20 +705,19 @@ function sign_gpg_key {
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function gpg_key_trust { function gpg_key_trust {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Trust a PGP/GPG key or website domain" \ dialog --title $"Trust a PGP/GPG key or website domain" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--inputbox $"Enter the Key ID, address or domain to be trusted.\n\nIf you are trusting a website domain then include the https:// at the beginning.\n\nIf you are trusting an ssh key then include ssh:// before the domain name." 14 75 2>$data --inputbox $"Enter the Key ID, address or domain to be trusted.\\n\\nIf you are trusting a website domain then include the https:// at the beginning.\\n\\nIf you are trusting an ssh key then include ssh:// before the domain name." 14 75 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
TRUST_ADDRESS=$(<$data) TRUST_ADDRESS=$(<"$data")
if [ ${#TRUST_ADDRESS} -gt 2 ]; then if [ ${#TRUST_ADDRESS} -gt 2 ]; then
clear clear
gpg --search "$TRUST_ADDRESS" gpg --search "$TRUST_ADDRESS"
@ -737,14 +725,13 @@ function gpg_key_trust {
fi fi
;; ;;
esac esac
rm $data rm -f "$data"
} }
function menu_encryption_keys { function menu_encryption_keys {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"My Encryption Keys" \ --title $"My Encryption Keys" \
--radiolist $"Choose an operation:" 19 70 11 \ --radiolist $"Choose an operation:" 19 70 11 \
@ -758,15 +745,15 @@ function menu_encryption_keys {
8 $"Add an ssh key for logging in" off \ 8 $"Add an ssh key for logging in" off \
9 $"Remove an ssh key for logging in" off \ 9 $"Remove an ssh key for logging in" off \
10 $"Set the trust level for a PGP/GPG key" off \ 10 $"Set the trust level for a PGP/GPG key" off \
11 $"Back to main menu" on 2> $data 11 $"Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
break;; break;;
255) rm $data 255) rm -f "$data"
break;; break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) show_gpg_key;; 1) show_gpg_key;;
2) show_full_gpg_key;; 2) show_full_gpg_key;;
3) publish_gpg_key;; 3) publish_gpg_key;;
@ -777,18 +764,17 @@ function menu_encryption_keys {
8) add_ssh_key;; 8) add_ssh_key;;
9) remove_ssh_key;; 9) remove_ssh_key;;
10) gpg_key_trust;; 10) gpg_key_trust;;
11) rm $data 11) rm -f "$data"
break;; break;;
esac esac
rm $data rm -f "$data"
done done
} }
function menu_email { function menu_email {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Change Email Filtering Rules" \ --title $"Change Email Filtering Rules" \
--radiolist $"Choose an operation:" 14 70 7 \ --radiolist $"Choose an operation:" 14 70 7 \
@ -798,25 +784,25 @@ function menu_email {
4 $"Add an email rule for a subject" off \ 4 $"Add an email rule for a subject" off \
5 $"Block or unblock an email address" off \ 5 $"Block or unblock an email address" off \
6 $"Block or unblock email with subject text" off \ 6 $"Block or unblock email with subject text" off \
7 $"Back to main menu" on 2> $data 7 $"Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
break;; break;;
255) rm $data 255) rm -f "$data"
break;; break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) add_to_mailing_list;; 1) add_to_mailing_list;;
2) remove_user_from_mailing_list;; 2) remove_user_from_mailing_list;;
3) email_rule_address;; 3) email_rule_address;;
4) email_rule_subject;; 4) email_rule_subject;;
5) block_unblock_email;; 5) block_unblock_email;;
6) block_unblock_subject;; 6) block_unblock_subject;;
7) rm $data 7) rm -f "$data"
break;; break;;
esac esac
rm $data rm -f "$data"
done done
} }
@ -829,17 +815,17 @@ function menu_admin {
} }
function sign_keys { function sign_keys {
if [ ! -f /home/$USER/.monkeysphere/server_keys ]; then if [ ! -f "/home/$USER/.monkeysphere/server_keys" ]; then
return return
fi fi
dialog --title $"Monkeysphere sign server keys" \ dialog --title $"Monkeysphere sign server keys" \
--backtitle $"Freedombone Security Configuration" \ --backtitle $"Freedombone Security Configuration" \
--defaultno \ --defaultno \
--yesno $"\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60 --yesno $"\\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
sel=$? sel=$?
case $sel in case $sel in
0) ${PROJECT_NAME}-sec --sign yes;; 0) "${PROJECT_NAME}-sec" --sign yes;;
esac esac
} }
@ -853,13 +839,13 @@ function menu_run_client_app {
for a in "${APPS_AVAILABLE[@]}" for a in "${APPS_AVAILABLE[@]}"
do do
if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then
if [[ $(function_exists run_client_${a}) == "1" ]]; then if [[ $(function_exists "run_client_${a}") == "1" ]]; then
applist="$applist $n $a off" applist="$applist $n $a off"
n=$[n+1] n=$((n+1))
appnames+=("$a") appnames+=("$a")
fi fi
fi fi
app_index=$[app_index+1] app_index=$((app_index+1))
done done
if [ $n -le 1 ]; then if [ $n -le 1 ]; then
return return
@ -871,29 +857,30 @@ function menu_run_client_app {
choice=$(dialog --stdout --backtitle $"Freedombone" \ choice=$(dialog --stdout --backtitle $"Freedombone" \
--title $"Run an App" \ --title $"Run an App" \
--radiolist $'Choose:' \ --radiolist $'Choose:' \
16 40 20 $applist) 16 40 20 "$applist")
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
app_index=$[choice-1] app_index=$((choice-1))
chosen_app=${appnames[$app_index]} chosen_app=${appnames[$app_index]}
if [[ $chosen_app != "Exit" ]]; then if [[ $chosen_app != "Exit" ]]; then
run_client_${chosen_app} "run_client_${chosen_app}"
fi fi
fi fi
} }
function show_your_email_address { function show_your_email_address {
GPG_FINGERPRINT=$(gpg --fingerprint $GPG_ID | sed -n '2p' | sed 's/^[ \t]*//') GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
GPG_DATE=$(gpg --fingerprint $GPG_ID | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}') GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
if [ ! -f ~/.mutt/bdsmail ]; then if [ ! -f ~/.mutt/bdsmail ]; then
dialog --title $"Show your Email Address" \ dialog --title $"Show your Email Address" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70 --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
else else
bdsmail_address=$(cat ~/.mutt/bdsmail | grep 'set from=' | awk -F '=' '{print $2}') bdsmail_address=$(grep 'set from=' ~/.mutt/bdsmail | awk -F '=' '{print $2}')
dialog --title $"Show your Email Address" \ dialog --title $"Show your Email Address" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90 --msgbox $"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE\\n\\nI2P Address: ${bdsmail_address}" 17 90
clear clear
echo '' echo ''
echo $'Your bdsmail address as a QR code' echo $'Your bdsmail address as a QR code'
@ -909,8 +896,7 @@ function show_your_email_address {
function menu_top_level { function menu_top_level {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"User Control Panel" \ --title $"User Control Panel" \
--radiolist $"Choose an operation:" 20 60 13 \ --radiolist $"Choose an operation:" 20 60 13 \
@ -923,15 +909,15 @@ function menu_top_level {
7 $"Set an outgoing email proxy" off \ 7 $"Set an outgoing email proxy" off \
8 $"Administrator controls" off \ 8 $"Administrator controls" off \
9 $"Exit to the command line" off \ 9 $"Exit to the command line" off \
10 $"Log out" on 2> $data 10 $"Log out" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) rm $data 1) rm -f "$data"
exit 1;; exit 1;;
255) rm $data 255) rm -f "$data"
exit 1;; exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) mutt;; 1) mutt;;
2) show_your_email_address;; 2) show_your_email_address;;
3) menu_email;; 3) menu_email;;
@ -940,17 +926,18 @@ function menu_top_level {
6) menu_encryption_keys;; 6) menu_encryption_keys;;
7) smtp_proxy;; 7) smtp_proxy;;
8) menu_admin;; 8) menu_admin;;
9) rm $data 9) rm -f "$data"
break;; break;;
10) kill -HUP `pgrep -s 0 -o`;; 10) kill -HUP "$(pgrep -s 0 -o)";;
esac esac
rm $data rm -f "$data"
done done
} }
sign_keys sign_keys
gpg_agent_enable $USER gpg_agent_enable "$USER"
menu_top_level menu_top_level
clear clear
# shellcheck disable=SC1090
. ~/.bashrc . ~/.bashrc
exit 0 exit 0

View File

@ -141,45 +141,44 @@ function calc_dh {
if [[ $FAST == 'yes' ]]; then if [[ $FAST == 'yes' ]]; then
DHGROUP=$(( ( RANDOM % 4 ) + 14 )) DHGROUP=$(( ( RANDOM % 4 ) + 14 ))
if [[ ${DHGROUP} == 14 ]]; then if [[ ${DHGROUP} == 14 ]]; then
echo "$BETTERCRYPTO_GROUP14" > ${1} echo "$BETTERCRYPTO_GROUP14" > "${1}"
else else
if [[ ${DHGROUP} == 15 ]]; then if [[ ${DHGROUP} == 15 ]]; then
echo "$BETTERCRYPTO_GROUP15" > ${1} echo "$BETTERCRYPTO_GROUP15" > "${1}"
else else
if [[ ${DHGROUP} == 16 ]]; then if [[ ${DHGROUP} == 16 ]]; then
echo "$BETTERCRYPTO_GROUP16" > ${1} echo "$BETTERCRYPTO_GROUP16" > "${1}"
else else
if [[ ${DHGROUP} == 17 ]]; then if [[ ${DHGROUP} == 17 ]]; then
echo "$BETTERCRYPTO_GROUP17" > ${1} echo "$BETTERCRYPTO_GROUP17" > "${1}"
else else
echo "$BETTERCRYPTO_GROUP18" > ${1} echo "$BETTERCRYPTO_GROUP18" > "${1}"
fi fi
fi fi
fi fi
fi fi
else else
openssl dhparam -check -text $KEYLENGTH -out ${1} if ! openssl dhparam -check -text $KEYLENGTH -out "${1}"; then
if [ ! "$?" = "0" ]; then
exit 3674 exit 3674
fi fi
fi fi
chmod 640 ${1} chmod 640 "${1}"
} }
function regenerate_dh_keys { function regenerate_dh_keys {
for file in /etc/ssl/mycerts/* for file in /etc/ssl/mycerts/*
do do
if [[ -f $file ]]; then if [[ -f $file ]]; then
filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam filename=/etc/ssl/certs/$(echo "$file" | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
if [ -f $filename ]; then if [ -f "$filename" ]; then
calc_dh $filename calc_dh "$filename"
echo $"Recalculated DH params for $filename" echo $"Recalculated DH params for $filename"
fi fi
fi fi
done done
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -202,7 +201,7 @@ do
-o|--output) -o|--output)
shift shift
FAST='yes' FAST='yes'
calc_dh ${1} calc_dh "${1}"
exit 0 exit 0
;; ;;
--fast) --fast)
@ -223,7 +222,7 @@ if [[ $RECALCULATE == "yes" || $RECALCULATE == "y" ]]; then
exit 0 exit 0
fi fi
if [ ! $HOSTNAME ]; then if [ ! "$HOSTNAME" ]; then
echo $'No hostname specified' echo $'No hostname specified'
exit 5728 exit 5728
fi fi
@ -237,7 +236,7 @@ if [ ! -d /etc/ssl/mycerts ]; then
mkdir -p /etc/ssl/mycerts mkdir -p /etc/ssl/mycerts
fi fi
calc_dh /etc/ssl/certs/$HOSTNAME.dhparam calc_dh "/etc/ssl/certs/$HOSTNAME.dhparam"
systemctl reload nginx systemctl reload nginx
exit 0 exit 0

View File

@ -31,17 +31,17 @@
USERNAME=$1 USERNAME=$1
PROJECT_NAME='freedombone' PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
ADMIN_USER=$(get_completion_param "Admin user") ADMIN_USER=$(get_completion_param "Admin user")
if [ ! $USERNAME ]; then if [ ! "$USERNAME" ]; then
USERNAME=$ADMIN_USER USERNAME=$ADMIN_USER
fi fi
@ -49,23 +49,23 @@ MAIL_DIR=/home/$USERNAME/Maildir
EMAIL_ADDRESS=$USERNAME@$HOSTNAME EMAIL_ADDRESS=$USERNAME@$HOSTNAME
# Does this key exist? # Does this key exist?
gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1 if ! gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1; then
if [ $? -gt 0 ]; then
echo $"A GPG key for $EMAIL_ADDRESS could not be found!" echo $"A GPG key for $EMAIL_ADDRESS could not be found!"
exit 0 exit 0
fi fi
# Find all files in the Maildir specified. # Find all files in the Maildir specified.
echo $"Calling find" echo $"Calling find"
find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' $4|while read line; do find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' "$4"|while read -r line; do
gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS" "/tmp/msg_$USERNAME" gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS" "/tmp/msg_$USERNAME"
# Check to see if there are differences between the existing # Check to see if there are differences between the existing
# Maildir file and what was created by gpgit.pl # Maildir file and what was created by gpgit.pl
diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1; diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;
# shellcheck disable=SC2181
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
# Preserve timestamps, set ownership. # Preserve timestamps, set ownership.
chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME" chown "$USERNAME":"$USERNAME" "/tmp/msg_$USERNAME"
chmod 600 "/tmp/msg_$USERNAME" chmod 600 "/tmp/msg_$USERNAME"
touch "/tmp/msg_$USERNAME" --reference="$line" touch "/tmp/msg_$USERNAME" --reference="$line"

View File

@ -33,7 +33,7 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-format export TEXTDOMAIN=${PROJECT_NAME}-format
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
if [ ! $1 ]; then if [ ! "$1" ]; then
echo $'Specify a drive, such as sdb, sdc, etc' echo $'Specify a drive, such as sdb, sdc, etc'
exit 1 exit 1
fi fi
@ -62,21 +62,18 @@ p
a a
1 1
w w
" | fdisk /dev/${USB_DRIVE_SHORT};mkfs.ext4 -L "$LABEL" /dev/${USB_DRIVE_SHORT}1 " | fdisk "/dev/${USB_DRIVE_SHORT}";mkfs.ext4 -L "$LABEL" "/dev/${USB_DRIVE_SHORT}1"
echo $"Formatting $USB_DRIVE as LUKS" echo $"Formatting $USB_DRIVE as LUKS"
cryptsetup -y -v luksFormat ${USB_DRIVE} if ! cryptsetup -y -v luksFormat "${USB_DRIVE}"; then
if [ ! "$?" = "0" ]; then
echo $"Failed to format $USB_DRIVE as LUKS" echo $"Failed to format $USB_DRIVE as LUKS"
exit 36823 exit 36823
fi fi
cryptsetup luksOpen ${USB_DRIVE} encrypted_usb if ! cryptsetup luksOpen "${USB_DRIVE}" encrypted_usb; then
if [ ! "$?" = "0" ]; then
echo $"Failed to open LUKS formatted drive $USB_DRIVE" echo $"Failed to open LUKS formatted drive $USB_DRIVE"
exit 37232 exit 37232
fi fi
mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL" if ! mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"; then
if [ ! "$?" = "0" ]; then
cryptsetup luksClose encrypted_usb cryptsetup luksClose encrypted_usb
echo $'Format of drive $USB_DRIVE failed' echo $'Format of drive $USB_DRIVE failed'
exit 73218 exit 73218

View File

@ -41,7 +41,7 @@ if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
VERBOSE=1 VERBOSE=1
fi fi
if [ ! -f $CONFIGURATION_FILE ]; then if [ ! -f "$CONFIGURATION_FILE" ]; then
exit 0 exit 0
fi fi
@ -52,28 +52,29 @@ function item_in_array {
} }
detected_codes=() detected_codes=()
codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq) codelines=$(grep "_CODE=" "$CONFIGURATION_FILE" | uniq)
while read -r line; do while read -r line; do
code=$(echo "$line" | awk -F '=' '{print $2}') code=$(echo "$line" | awk -F '=' '{print $2}')
item_in_array "$code" "${detected_codes[@]}" if ! item_in_array "$code" "${detected_codes[@]}"; then
if [[ $? != 0 ]]; then
detected_codes+=("$code") detected_codes+=("$code")
fi fi
done <<< "$codelines" done <<< "$codelines"
if [ ! -d $HOME/.freedns-update ]; then if [ ! -d "$HOME/.freedns-update" ]; then
mkdir $HOME/.freedns-update mkdir "$HOME/.freedns-update"
fi fi
cd $HOME/.freedns-update cd "$HOME/.freedns-update" || exit 2467824684
for code in "${detected_codes[@]}" for code in "${detected_codes[@]}"
do do
if [ $VERBOSE ]; then if [ $VERBOSE ]; then
echo $"command: $FREEDNS_WGET${code}=" echo $"command: $FREEDNS_WGET${code}="
# shellcheck disable=SC1066,SC1067
$FREEDNS_WGET${code}= $FREEDNS_WGET${code}=
else else
if [ -f /tmp/freedns ]; then if [ -f /tmp/freedns ]; then
rm /tmp/freedns rm /tmp/freedns
fi fi
# shellcheck disable=SC1066,SC1067,SC1007
$FREEDNS_WGET${code}= >> /tmp/freedns 2>&1 $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
fi fi
done done

View File

@ -46,7 +46,7 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -79,37 +79,37 @@ if ! [[ $MYUSERNAME && $EMAIL_ADDRESS ]]; then
fi fi
fi fi
MUTTRC=/home/$MYUSERNAME/.muttrc MUTTRC="/home/$MYUSERNAME/.muttrc"
PM=/home/$MYUSERNAME/.procmailrc PM="/home/$MYUSERNAME/.procmailrc"
# Ignore if subject line contains text # Ignore if subject line contains text
if [ "$SUBJECT_TEXT" ]; then if [ "$SUBJECT_TEXT" ]; then
if ! grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then if ! grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
echo "# Ignore rule for $SUBJECT_TEXT" >> $PM { echo "# Ignore rule for $SUBJECT_TEXT";
echo ":0" >> $PM echo ":0";
echo " * ^Subject:.*$SUBJECT_TEXT" >> $PM echo " * ^Subject:.*$SUBJECT_TEXT";
echo "/dev/null" >> $PM echo "/dev/null";
echo "# End of ignore rule" >> $PM echo "# End of ignore rule"; } >> "$PM"
chown $MYUSERNAME:$MYUSERNAME $PM chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
fi fi
fi fi
# ignore an email address # ignore an email address
if [ $EMAIL_ADDRESS ]; then if [ "$EMAIL_ADDRESS" ]; then
if ! grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then if ! grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
echo "# Ignore rule for $EMAIL_ADDRESS" >> $PM { echo "# Ignore rule for $EMAIL_ADDRESS";
echo ":0" >> $PM echo ":0";
echo " * ^From:.*$EMAIL_ADDRESS" >> $PM echo " * ^From:.*$EMAIL_ADDRESS";
echo "/dev/null" >> $PM echo "/dev/null";
echo "# End of ignore rule" >> $PM echo "# End of ignore rule"; } >> "$PM"
chown $MYUSERNAME:$MYUSERNAME $PM chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
fi fi
fi fi
PROCMAILLOG=/home/$MYUSERNAME/log PROCMAILLOG=/home/$MYUSERNAME/log
if [ ! -d $PROCMAILLOG ]; then if [ ! -d "$PROCMAILLOG" ]; then
mkdir $PROCMAILLOG mkdir "$PROCMAILLOG"
chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
fi fi
exit 0 exit 0

View File

@ -42,14 +42,14 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
PROJECT_INSTALL_DIR=/usr/bin PROJECT_INSTALL_DIR=/usr/bin
fi fi
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
#get the project repo #get the project repo
PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}" PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
read_config_param PROJECT_REPO read_config_param PROJECT_REPO
@ -64,7 +64,7 @@ GENERIC_IMAGE_PASSWORD='freedombone'
IMAGE_TYPE='beaglebone' IMAGE_TYPE='beaglebone'
CURR_DIR=$(pwd) CURR_DIR=$(pwd)
CURR_USER=$(echo $USER) CURR_USER="$USER"
TEMPBUILD_DIR=~/.tmp_${PROJECT_NAME}_build TEMPBUILD_DIR=~/.tmp_${PROJECT_NAME}_build
VMDEBOOTSTRAP_REPO=git://git.liw.fi/vmdebootstrap VMDEBOOTSTRAP_REPO=git://git.liw.fi/vmdebootstrap
VMDEBOOTSTRAP_VERSION=0.8 VMDEBOOTSTRAP_VERSION=0.8
@ -73,7 +73,7 @@ IMAGE_SIZE=7.9G
IMAGE_SIZE_SPECIFIED= IMAGE_SIZE_SPECIFIED=
IMAGE_NAME='full' IMAGE_NAME='full'
USERNAME=$(echo $USER) USERNAME="$USER"
PASSWORD= PASSWORD=
# IP address of the router (gateway) # IP address of the router (gateway)
@ -96,7 +96,7 @@ CONFIG_FILENAME=
DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local" DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
# Minimum number of characters in a password # Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
# Optional ssh public key to allow # Optional ssh public key to allow
SSH_PUBKEY="no" SSH_PUBKEY="no"
@ -175,38 +175,36 @@ function image_setup {
sudo pacman -S --noconfirm qemu-static binfmt-qemu-static uboot-tools qemu parted sudo pacman -S --noconfirm qemu-static binfmt-qemu-static uboot-tools qemu parted
sudo pacman -S --noconfirm dpkg-devtools bin86 arch-install-scripts qemu-arch-extra sudo pacman -S --noconfirm dpkg-devtools bin86 arch-install-scripts qemu-arch-extra
sudo pacman -S --noconfirm syncthing sudo pacman -S --noconfirm syncthing
mkdir $USERHOME/develop mkdir "$USERHOME/develop"
if [ -d $USERHOME/develop/python-cliapp ]; then if [ -d "$USERHOME/develop/python-cliapp" ]; then
sudo rm -rf $USERHOME/develop/python-cliapp sudo rm -rf "$USERHOME/develop/python-cliapp"
fi fi
git_clone $CLIAPP_REPO $USERHOME/develop/python-cliapp if ! git_clone "$CLIAPP_REPO" "$USERHOME/develop/python-cliapp"; then
if [ ! "$?" = "0" ]; then
echo $"Failed to clone python-cliapp" echo $"Failed to clone python-cliapp"
return return
fi fi
if [ ! -d $USERHOME/develop/python-cliapp ]; then if [ ! -d "$USERHOME/develop/python-cliapp" ]; then
echo $"Couldn't clone python-cliapp" echo $"Couldn't clone python-cliapp"
return return
fi fi
sudo pacman -S --noconfirm python2-coverage python2-pytest-cov python2-sphinx sudo pacman -S --noconfirm python2-coverage python2-pytest-cov python2-sphinx
sudo pacman -S --noconfirm autopep8 python2-pylint python2-yaml python2-xdg python2-pip sudo pacman -S --noconfirm autopep8 python2-pylint python2-yaml python2-xdg python2-pip
cd $USERHOME/develop/python-cliapp cd "$USERHOME/develop/python-cliapp" || exit 7824526242
git checkout $CLIAPP_COMMIT -b $CLIAPP_COMMIT git checkout $CLIAPP_COMMIT -b $CLIAPP_COMMIT
sudo python2 setup.py install sudo python2 setup.py install
sudo pip2 install distro-info logging sudo pip2 install distro-info logging
if [ -d $USERHOME/develop/mbr ]; then if [ -d "$USERHOME/develop/mbr" ]; then
sudo rm -rf $USERHOME/develop/mbr sudo rm -rf "$USERHOME/develop/mbr"
fi fi
git_clone $MBR_REPO $USERHOME/develop/mbr if ! git_clone $MBR_REPO "$USERHOME/develop/mbr"; then
if [ ! "$?" = "0" ]; then
echo $"Failed to clone mbr" echo $"Failed to clone mbr"
return return
fi fi
if [ ! -d $USERHOME/develop/mbr ]; then if [ ! -d "$USERHOME/develop/mbr" ]; then
echo $"Couldn't clone mbr" echo $"Couldn't clone mbr"
return return
fi fi
cd $USERHOME/develop/mbr cd "$USERHOME/develop/mbr" || exit 2468724524
git checkout $MBR_COMMIT -b $MBR_COMMIT git checkout $MBR_COMMIT -b $MBR_COMMIT
makepkg --force --noconfirm makepkg --force --noconfirm
if [ ! -f mbr-${MBR_VERSION}.tar.gz ]; then if [ ! -f mbr-${MBR_VERSION}.tar.gz ]; then
@ -214,11 +212,11 @@ function image_setup {
return return
fi fi
tar -xzvf mbr-${MBR_VERSION}.tar.gz tar -xzvf mbr-${MBR_VERSION}.tar.gz
if [ ! -d $USERHOME/develop/mbr/mbr-${MBR_VERSION} ]; then if [ ! -d "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" ]; then
echo $"mbr tarball could not be extracted" echo $"mbr tarball could not be extracted"
return return
fi fi
cd $USERHOME/develop/mbr/mbr-${MBR_VERSION} cd "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" || exit 13584584
cp ../*.patch . cp ../*.patch .
patch -p0 < *.patch patch -p0 < *.patch
./configure ./configure
@ -229,35 +227,34 @@ function image_setup {
return return
fi fi
sudo cp /usr/local/sbin/install-mbr /sbin sudo cp /usr/local/sbin/install-mbr /sbin
if [ -d $USERHOME/develop/multipath-tools ]; then if [ -d "$USERHOME/develop/multipath-tools" ]; then
sudo rm -rf $USERHOME/develop/multipath-tools sudo rm -rf "$USERHOME/develop/multipath-tools"
fi fi
git_clone $MULTIPATH_TOOLS_REPO $USERHOME/develop/multipath-tools if ! git_clone "$MULTIPATH_TOOLS_REPO" "$USERHOME/develop/multipath-tools"; then
if [ ! "$?" = "0" ]; then
echo $"Failed to clone multipath-tools" echo $"Failed to clone multipath-tools"
return return
fi fi
if [ ! -d $USERHOME/develop/multipath-tools ]; then if [ ! -d "$USERHOME/develop/multipath-tools" ]; then
echo $"Couldn't clone multipath-tools" echo $"Couldn't clone multipath-tools"
return return
fi fi
sudo pacman -S --noconfirm device-mapper libaio liburcu fakeroot sudo pacman -S --noconfirm device-mapper libaio liburcu fakeroot
cd $USERHOME/develop/multipath-tools cd "$USERHOME/develop/multipath-tools" || exit 27462454
makepkg --force --noconfirm makepkg --force --noconfirm
makepkg -i --force --noconfirm makepkg -i --force --noconfirm
sudo wget https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION} -O /usr/share/debootstrap/scripts/debscript sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
sudo cp -f /usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION} sudo cp -f "/usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
if [ ! -f /usr/share/debootstrap/scripts/${DEBIAN_VERSION} ]; then if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
echo $"No debian debootstrap script was found for $DEBIAN_VERSION" echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
return return
fi fi
debian_script_hash=$(sha256sum /usr/share/debootstrap/scripts/${DEBIAN_VERSION} | awk -F ' ' '{print $1}') debian_script_hash=$(sha256sum "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" | awk -F ' ' '{print $1}')
expected_debian_script_hash='620fa84c7ef64d10349aed38fa9cc2e7f00a6fcd1bc425f33ca2b57cc946fd0c' expected_debian_script_hash='620fa84c7ef64d10349aed38fa9cc2e7f00a6fcd1bc425f33ca2b57cc946fd0c'
if [[ "$debian_script_hash" != "$expected_debian_script_hash" ]]; then if [[ "$debian_script_hash" != "$expected_debian_script_hash" ]]; then
echo $"Invalid hash for debootstrap ${DEBIAN_VERSION} script" echo $"Invalid hash for debootstrap ${DEBIAN_VERSION} script"
return return
fi fi
sudo chmod +x /usr/share/debootstrap/scripts/${DEBIAN_VERSION} sudo chmod +x "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
;; ;;
*) *)
echo $'Unkown operating system' echo $'Unkown operating system'
@ -271,29 +268,29 @@ function image_setup {
function mesh_router_setup_script { function mesh_router_setup_script {
# create a setup script for a mesh router # create a setup script for a mesh router
mesh_script_filename=$1 mesh_script_filename=$1
echo "MY_USERNAME=${USERNAME}" > $mesh_script_filename { echo "MY_USERNAME=${USERNAME}";
echo "DEFAULT_DOMAIN_NAME=${USERNAME}" >> $mesh_script_filename echo "DEFAULT_DOMAIN_NAME=${USERNAME}";
echo 'SYSTEM_TYPE=mesh' >> $mesh_script_filename echo 'SYSTEM_TYPE=mesh';
echo 'INSTALLING_ON_BBB=no' >> $mesh_script_filename echo 'INSTALLING_ON_BBB=no';
echo 'USB_DRIVE=/dev/sda1' >> $mesh_script_filename echo 'USB_DRIVE=/dev/sda1';
echo 'DDNS_PROVIDER=' >> $mesh_script_filename echo 'DDNS_PROVIDER=';
echo 'DDNS_USERNAME=' >> $mesh_script_filename echo 'DDNS_USERNAME=';
echo 'DDNS_PASSWORD=' >> $mesh_script_filename echo 'DDNS_PASSWORD=';
echo 'DEFAULT_LANGUAGE=en_GB.UTF-8' >> $mesh_script_filename echo 'DEFAULT_LANGUAGE=en_GB.UTF-8';
echo 'MY_EMAIL_ADDRESS=' >> $mesh_script_filename echo 'MY_EMAIL_ADDRESS=';
echo 'ENABLE_BATMAN=yes' >> $mesh_script_filename echo 'ENABLE_BATMAN=yes';
echo 'DEBIAN_REPO=' >> $mesh_script_filename echo 'DEBIAN_REPO=';
echo 'NAMESERVER1=' >> $mesh_script_filename echo 'NAMESERVER1=';
echo 'NAMESERVER2=' >> $mesh_script_filename echo 'NAMESERVER2=';
echo 'NAMESERVER3=' >> $mesh_script_filename echo 'NAMESERVER3=';
echo 'NAMESERVER4=' >> $mesh_script_filename echo 'NAMESERVER4=';
echo 'NAMESERVER5=' >> $mesh_script_filename echo 'NAMESERVER5=';
echo 'NAMESERVER6=' >> $mesh_script_filename echo 'NAMESERVER6=';
echo 'BATMAN_CELLID=any' >> $mesh_script_filename echo 'BATMAN_CELLID=any';
echo 'WIFI_CHANNEL=9' >> $mesh_script_filename echo 'WIFI_CHANNEL=9'; } > "$mesh_script_filename"
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -304,11 +301,11 @@ do
-c|--config) -c|--config)
shift shift
CONFIG_FILENAME="$1" CONFIG_FILENAME="$1"
if [ ! -f $CONFIG_FILENAME ]; then if [ ! -f "$CONFIG_FILENAME" ]; then
echo $"Config file $CONFIG_FILENAME not found" echo $"Config file $CONFIG_FILENAME not found"
exit 3 exit 3
fi fi
DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}') DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
;; ;;
-t|--target|--board) -t|--target|--board)
shift shift
@ -321,7 +318,7 @@ do
-p|--password) -p|--password)
shift shift
PASSWORD="$1" PASSWORD="$1"
if [ ${#PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then if [ ${#PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters" echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters"
exit 3628 exit 3628
fi fi
@ -415,7 +412,7 @@ do
shift shift
MIRROR="$1" MIRROR="$1"
;; ;;
--debianonly|--basic|--minimal) --debianonly|--basic)
shift shift
DEBIAN_INSTALL_ONLY="$1" DEBIAN_INSTALL_ONLY="$1"
;; ;;
@ -467,9 +464,9 @@ done
if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then
${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL" ${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL"
if [ -f $HOME/${PROJECT_NAME}.cfg ]; then if [ -f "$HOME/${PROJECT_NAME}.cfg" ]; then
CONFIG_FILENAME=$HOME/${PROJECT_NAME}.cfg CONFIG_FILENAME=$HOME/${PROJECT_NAME}.cfg
DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}') DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
fi fi
fi fi
@ -480,34 +477,36 @@ fi
if [ ! $PASSWORD ]; then if [ ! $PASSWORD ]; then
# generate a random password # generate a random password
PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${MINIMUM_PASSWORD_LENGTH}) PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${MINIMUM_PASSWORD_LENGTH}")
fi fi
# Move any existing images into a build subdirectory # Move any existing images into a build subdirectory
image_types=( xz img sig vdi qcow2 ) image_types=( xz img sig vdi qcow2 )
for im in "${image_types[@]}" for im in "${image_types[@]}"
do do
# shellcheck disable=SC2012,SC2086
no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l) no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
if (( no_of_files > 0 )); then if (( no_of_files > 0 )); then
if [ ! -d ${CURR_DIR}/build ]; then if [ ! -d "${CURR_DIR}/build" ]; then
mkdir ${CURR_DIR}/build mkdir "${CURR_DIR}/build"
fi fi
mv -f ${CURR_DIR}/${PROJECT_NAME}*.${im} ${CURR_DIR}/build mv -f "${CURR_DIR}/${PROJECT_NAME}*.${im}" "${CURR_DIR}/build"
fi fi
done done
# Delete anything which didn't move # Delete anything which didn't move
for im in "${image_types[@]}" for im in "${image_types[@]}"
do do
# shellcheck disable=SC2012,SC2086
no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l) no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
if (( no_of_files > 0 )); then if (( no_of_files > 0 )); then
rm -f ${CURR_DIR}/${PROJECT_NAME}*.${im} rm -f "${CURR_DIR}/${PROJECT_NAME}*.${im}"
fi fi
done done
# Remove any existing login credentials file # Remove any existing login credentials file
if [ -f ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt ]; then if [ -f "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt" ]; then
rm ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt rm "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
fi fi
if [ -d $TEMPBUILD_DIR ]; then if [ -d $TEMPBUILD_DIR ]; then
@ -522,8 +521,8 @@ fi
cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR
rm -rf $TEMPBUILD_DIR/vendor rm -rf $TEMPBUILD_DIR/vendor
chown -R $CURR_USER:$CURR_USER $TEMPBUILD_DIR chown -R "$CURR_USER":"$CURR_USER" $TEMPBUILD_DIR
cd $TEMPBUILD_DIR cd $TEMPBUILD_DIR || exit 24729847
if [[ $MINIMAL_INSTALL == "yes" ]]; then if [[ $MINIMAL_INSTALL == "yes" ]]; then
IMAGE_NAME=$'min' IMAGE_NAME=$'min'
@ -565,8 +564,8 @@ if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; t
IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}" IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
fi fi
cd $TEMPBUILD_DIR cd $TEMPBUILD_DIR || exit 724245267
make $IMAGE_TYPE \ make "$IMAGE_TYPE" \
MYUSERNAME="$USERNAME" \ MYUSERNAME="$USERNAME" \
MYPASSWORD="$PASSWORD" \ MYPASSWORD="$PASSWORD" \
ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \ ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \
@ -603,6 +602,7 @@ make $IMAGE_TYPE \
SOCIALINSTANCE="$SOCIALINSTANCE" \ SOCIALINSTANCE="$SOCIALINSTANCE" \
LOCAL_NAME="$LOCAL_NAME" LOCAL_NAME="$LOCAL_NAME"
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $'Build failed' echo $'Build failed'
rm -rf $TEMPBUILD_DIR rm -rf $TEMPBUILD_DIR
@ -615,7 +615,7 @@ if [[ $IMAGE_TYPE == "qemu"* ]]; then
fi fi
shopt -s nullglob shopt -s nullglob
imgfiles=(build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}) imgfiles=("build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}")
if [ ${#imgfiles[@]} -eq 0 ]; then if [ ${#imgfiles[@]} -eq 0 ]; then
echo $'Image was not created' echo $'Image was not created'
rm -rf $TEMPBUILD_DIR rm -rf $TEMPBUILD_DIR
@ -625,17 +625,18 @@ fi
# Move images from temporary directory to the current directory # Move images from temporary directory to the current directory
for im in "${image_types[@]}" for im in "${image_types[@]}"
do do
# shellcheck disable=SC2012,SC2086
no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l) no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
if (( no_of_files > 0 )); then if (( no_of_files > 0 )); then
mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/ mv "build/${PROJECT_NAME}*.${im}" "${CURR_DIR}/"
sudo chown ${CURR_USER}:${CURR_USER} ${CURR_DIR}/*.${im} sudo chown "${CURR_USER}":"${CURR_USER}" "${CURR_DIR}/*.${im}"
fi fi
done done
# Remove the temporary directory # Remove the temporary directory
rm -rf ${TEMPBUILD_DIR} rm -rf ${TEMPBUILD_DIR}
cd ${CURR_DIR} cd "${CURR_DIR}" || exit 2842845284
clear clear
if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then
@ -676,13 +677,13 @@ ls -lh ${PROJECT_NAME}*.img ${PROJECT_NAME}*.sig ${PROJECT_NAME}*.xz ${PROJECT_N
# Remove the mesh script after use # Remove the mesh script after use
if [[ $VARIANT == "mesh"* ]]; then if [[ $VARIANT == "mesh"* ]]; then
rm -f $CONFIG_FILENAME rm -f "$CONFIG_FILENAME"
fi fi
# record the default login credentials for later use # record the default login credentials for later use
echo $"Username: $USERNAME echo $"Username: $USERNAME
Password: $PASSWORD" > ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt Password: $PASSWORD" > "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
chmod 600 ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt chmod 600 "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
if [[ $IMAGE_TYPE != "qemu"* ]]; then if [[ $IMAGE_TYPE != "qemu"* ]]; then
echo '' echo ''

File diff suppressed because it is too large Load Diff

View File

@ -34,12 +34,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
enable_serial_console() { enable_serial_console() {
# By default, spawn a console on the serial port # By default, spawn a console on the serial port
device="$1" device="$1"
echo $"Adding a getty on the serial port" echo "Adding a getty on the serial port"
echo "T0:12345:respawn:/sbin/getty -L $device 115200 vt100" >> /etc/inittab echo "T0:12345:respawn:/sbin/getty -L $device 115200 vt100" >> /etc/inittab
} }
beaglebone_setup_boot() { beaglebone_setup_boot() {
bbb_version=$1
# Setup uEnv.txt # Setup uEnv.txt
if grep -q btrfs /etc/fstab ; then if grep -q btrfs /etc/fstab ; then
@ -47,12 +46,9 @@ beaglebone_setup_boot() {
else else
fstype=ext4 fstype=ext4
fi fi
if [ ! $bbb_version ]; then # shellcheck disable=SC2012
kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4) kernelVersion=$(ls "/usr/lib/*/am335x-boneblack.dtb" | head -1 | cut -d/ -f4)
else version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
fi
version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
initRd=initrd.img-$version initRd=initrd.img-$version
vmlinuz=vmlinuz-$version vmlinuz=vmlinuz-$version
@ -103,7 +99,6 @@ beaglebone_flash() {
} }
beaglebone_repack_kernel() { beaglebone_repack_kernel() {
bbb_version=$1
# process installed kernel to create uImage, uInitrd, dtb # process installed kernel to create uImage, uInitrd, dtb
# using flash-kernel would be a good approach, except it fails in the # using flash-kernel would be a good approach, except it fails in the
# cross build environment due to too many environment checks... # cross build environment due to too many environment checks...
@ -119,12 +114,10 @@ beaglebone_repack_kernel() {
echo "info: repacking beaglebone kernel and initrd" echo "info: repacking beaglebone kernel and initrd"
bbb_dtb='am335x-boneblack' bbb_dtb='am335x-boneblack'
if [ $bbb_version ]; then
bbb_dtb="am335x-boneblack-${bbb_version}"
fi
kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4) # shellcheck disable=SC2012
version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/') kernelVersion=$(ls "/usr/lib/*/${bbb_dtb}.dtb" | head -1 | cut -d/ -f4)
version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
initRd=initrd.img-$version initRd=initrd.img-$version
vmlinuz=vmlinuz-$version vmlinuz=vmlinuz-$version
@ -143,23 +136,23 @@ beaglebone_repack_kernel() {
mkdir /tmp/initrd-repack mkdir /tmp/initrd-repack
(cd /tmp/initrd-repack ; \ (cd /tmp/initrd-repack || exit 2468246 ; \
zcat /boot/$initRd | cpio -i ; \ zcat "/boot/$initRd" | cpio -i ; \
rm -f conf/param.conf ; \ rm -f conf/param.conf ; \
find . | cpio --quiet -o -H newc | \ find . | cpio --quiet -o -H newc | \
gzip -9 > /boot/$initRd ) gzip -9 > "/boot/$initRd" )
rm -rf /tmp/initrd-repack rm -rf /tmp/initrd-repack
(cd /boot ; \ (cd /boot || exit 246824684 ; \
cp ${bbb_dtb_file} dtb ; \ cp "${bbb_dtb_file}" dtb ; \
cat $vmlinuz dtb >> temp-kernel ; \ cat "$vmlinuz" dtb >> temp-kernel ; \
mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \ mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \ -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
rm -f temp-kernel ; \ rm -f temp-kernel ; \
mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \ mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
-n "Debian ramdisk ${version}" \ -n "Debian ramdisk ${version}" \
-d $initRd uInitrd ) -d "$initRd" uInitrd )
} }
a20_setup_boot() { a20_setup_boot() {
@ -171,8 +164,9 @@ a20_setup_boot() {
else else
fstype=ext4 fstype=ext4
fi fi
kernelVersion=$(ls /usr/lib/*/$dtb | head -1 | cut -d/ -f4) # shellcheck disable=SC2012
version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/') kernelVersion=$(ls "/usr/lib/*/$dtb" | head -1 | cut -d/ -f4)
version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
initRd=initrd.img-$version initRd=initrd.img-$version
vmlinuz=vmlinuz-$version vmlinuz=vmlinuz-$version
@ -213,7 +207,7 @@ EOF
# Copy all DTBs # Copy all DTBs
mkdir -p /boot/dtbs mkdir -p /boot/dtbs
cp /usr/lib/$kernelVersion/* /boot/dtbs cp "/usr/lib/$kernelVersion/*" /boot/dtbs
# extra boot modules # extra boot modules
echo "rtc_sunxi" >> /etc/initramfs-tools/modules echo "rtc_sunxi" >> /etc/initramfs-tools/modules
@ -224,7 +218,7 @@ setup_flash_kernel() {
if [ ! -d /etc/flash-kernel ] ; then if [ ! -d /etc/flash-kernel ] ; then
mkdir /etc/flash-kernel mkdir /etc/flash-kernel
fi fi
echo -n "$1" > /etc/flash-kernel/machine echo "$1" > /etc/flash-kernel/machine
command_line="" command_line=""
if [ -n "$2" ] ; then if [ -n "$2" ] ; then

View File

@ -35,11 +35,11 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-make
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
PROJECT_INSTALL_DIR=/usr/local/bin PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
PROJECT_INSTALL_DIR=/usr/bin PROJECT_INSTALL_DIR=/usr/bin
fi fi
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup"
#set -x # Enable debugging #set -x # Enable debugging
@ -103,7 +103,7 @@ a20_pkgs="linux-image-armmp-lpae u-boot-tools u-boot u-boot-sunxi"
# Packages needed for self-hosted development # Packages needed for self-hosted development
dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial" dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
echo Building $MACHINE $PROJECT_NAME for $ARCHITECTURE. echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
case "$MACHINE" in case "$MACHINE" in
beaglebone) beaglebone)
@ -164,7 +164,7 @@ for p in $base_pkgs $extra_pkgs; do
done done
# Make sure file is owned by current user, not root # Make sure file is owned by current user, not root
touch $(dirname $IMAGE)/${PROJECT_NAME}.log touch "$(dirname "$IMAGE")/${PROJECT_NAME}.log"
if [ -x vendor/vmdebootstrap/vmdebootstrap ] ; then if [ -x vendor/vmdebootstrap/vmdebootstrap ] ; then
VMDEBOOTSTRAP=vendor/vmdebootstrap/vmdebootstrap VMDEBOOTSTRAP=vendor/vmdebootstrap/vmdebootstrap
@ -173,15 +173,15 @@ else
fi fi
PROJECT_INSTALL_DIR=/usr/local/bin PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
PROJECT_INSTALL_DIR=/usr/bin PROJECT_INSTALL_DIR=/usr/bin
fi fi
echo $'Making customised customisation script' echo $'Making customised customisation script'
TEMP_CUSTOMISE=/etc/${PROJECT_NAME}/image-customise TEMP_CUSTOMISE="/etc/${PROJECT_NAME}/image-customise"
TEMP_CUSTOMISE2=/tmp/${PROJECT_NAME}-image-customise2 TEMP_CUSTOMISE2="/tmp/${PROJECT_NAME}-image-customise2"
TEMP_CUSTOMISE3=/tmp/${PROJECT_NAME}-image-customise3 TEMP_CUSTOMISE3="/tmp/${PROJECT_NAME}-image-customise3"
TEMP_CUSTOMISE4=/tmp/${PROJECT_NAME}-image-customise4 TEMP_CUSTOMISE4="/tmp/${PROJECT_NAME}-image-customise4"
# cat all the things together # cat all the things together
combine_all_scripts $TEMP_CUSTOMISE2 combine_all_scripts $TEMP_CUSTOMISE2
@ -191,43 +191,43 @@ if [ ! -f $TEMP_CUSTOMISE2 ]; then
fi fi
echo $'Changing values within customised customisation script' echo $'Changing values within customised customisation script'
cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise $TEMP_CUSTOMISE3 cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise" "$TEMP_CUSTOMISE3"
if [ $MYUSERNAME ]; then if [ "$MYUSERNAME" ]; then
sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" $TEMP_CUSTOMISE3 sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" "$TEMP_CUSTOMISE3"
fi fi
if [ $MYPASSWORD ]; then if [ "$MYPASSWORD" ]; then
sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" $TEMP_CUSTOMISE3 sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" "$TEMP_CUSTOMISE3"
fi fi
sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" $TEMP_CUSTOMISE3 sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" $TEMP_CUSTOMISE3 sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" $TEMP_CUSTOMISE3 sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" "$TEMP_CUSTOMISE3"
sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" $TEMP_CUSTOMISE3 sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" "$TEMP_CUSTOMISE3"
sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" $TEMP_CUSTOMISE3 sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" "$TEMP_CUSTOMISE3"
sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" $TEMP_CUSTOMISE3 sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" "$TEMP_CUSTOMISE3"
sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" $TEMP_CUSTOMISE3 sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" "$TEMP_CUSTOMISE3"
sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" $TEMP_CUSTOMISE3 sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" "$TEMP_CUSTOMISE3"
sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" $TEMP_CUSTOMISE3 sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" "$TEMP_CUSTOMISE3"
sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" $TEMP_CUSTOMISE3 sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" "$TEMP_CUSTOMISE3"
sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" $TEMP_CUSTOMISE3 sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" "$TEMP_CUSTOMISE3"
sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" $TEMP_CUSTOMISE3 sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" "$TEMP_CUSTOMISE3"
sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" $TEMP_CUSTOMISE3 sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" $TEMP_CUSTOMISE3 sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" $TEMP_CUSTOMISE3 sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" $TEMP_CUSTOMISE3 sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" $TEMP_CUSTOMISE3 sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" $TEMP_CUSTOMISE3 sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" $TEMP_CUSTOMISE3 sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" $TEMP_CUSTOMISE3 sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" $TEMP_CUSTOMISE3 sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" $TEMP_CUSTOMISE3 sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" $TEMP_CUSTOMISE3 sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3 sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3 sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3 sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3 sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3 sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3 sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3 sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
if [ -f $TEMP_CUSTOMISE ]; then if [ -f $TEMP_CUSTOMISE ]; then
@ -256,19 +256,19 @@ sudo -H \
SOURCE="$SOURCE" \ SOURCE="$SOURCE" \
CUSTOM_SETUP="$CUSTOM_SETUP" \ CUSTOM_SETUP="$CUSTOM_SETUP" \
$VMDEBOOTSTRAP \ $VMDEBOOTSTRAP \
--log $(dirname $IMAGE)/${PROJECT_NAME}.log \ --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
--log-level debug \ --log-level debug \
--size $IMAGE_SIZE \ --size "$IMAGE_SIZE" \
--image $IMAGE.img \ --image "$IMAGE.img" \
--hostname ${PROJECT_NAME} \ --hostname ${PROJECT_NAME} \
--verbose \ --verbose \
--mirror $BUILD_MIRROR \ --mirror "$BUILD_MIRROR" \
--customize "$TEMP_CUSTOMISE" \ --customize "$TEMP_CUSTOMISE" \
--lock-root-password \ --lock-root-password \
--arch $ARCHITECTURE \ --arch "$ARCHITECTURE" \
--distribution $SUITE \ --distribution "$SUITE" \
$extra_opts \ "$extra_opts" \
$pkgopts "$pkgopts"
echo $'Removing customised customisation script' echo $'Removing customised customisation script'
sudo shred -zu $TEMP_CUSTOMISE sudo shred -zu $TEMP_CUSTOMISE

File diff suppressed because it is too large Load Diff

View File

@ -36,7 +36,7 @@ VMDEBOOTSTRAP_BRANCH='bashrc/freedombone'
mkdir -p vendor mkdir -p vendor
if [ -d vendor/vmdebootstrap ] ; then if [ -d vendor/vmdebootstrap ] ; then
(cd vendor/vmdebootstrap; git checkout .; git pull) (cd vendor/vmdebootstrap || exit 246824624; git checkout .; git pull)
else else
git clone $VMDEBOOTSTRAP_REPO vendor/vmdebootstrap git clone $VMDEBOOTSTRAP_REPO vendor/vmdebootstrap
fi fi
@ -103,5 +103,5 @@ EOF
sudo mv /tmp/ubuntu.csv /usr/share/distro-info/ sudo mv /tmp/ubuntu.csv /usr/share/distro-info/
fi fi
cd vendor/vmdebootstrap cd vendor/vmdebootstrap || exit 2648726446
git checkout $VMDEBOOTSTRAP_BRANCH git checkout $VMDEBOOTSTRAP_BRANCH

View File

@ -48,7 +48,7 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -87,17 +87,17 @@ do
shift shift
done done
if [ ! $MY_USERNAME ]; then if [ ! "$MY_USERNAME" ]; then
echo $'No username given' echo $'No username given'
exit 69350 exit 69350
fi fi
if [ ! -d /home/$MY_USERNAME ]; then if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"Home directory for $MY_USERNAME not found. This user may not exist on the system" echo $"Home directory for $MY_USERNAME not found. This user may not exist on the system"
exit 72378 exit 72378
fi fi
if [ ! -b $USB_DRIVE ]; then if [ ! -b "$USB_DRIVE" ]; then
echo $'Please attach a USB drive' echo $'Please attach a USB drive'
exit 65743 exit 65743
fi fi
@ -113,18 +113,15 @@ cryptsetup luksClose encrypted_usb
# optionally format the drive # optionally format the drive
if [[ $FORMAT == "yes" ]]; then if [[ $FORMAT == "yes" ]]; then
${PROJECT_NAME}-format ${USB_DRIVE::-1} if ! "${PROJECT_NAME}-format" "${USB_DRIVE::-1}"; then
if [ ! "$?" = "0" ]; then
exit 36823 exit 36823
fi fi
fi fi
cryptsetup luksOpen $USB_DRIVE encrypted_usb if cryptsetup luksOpen "$USB_DRIVE" encrypted_usb; then
if [ "$?" = "0" ]; then
USB_DRIVE=/dev/mapper/encrypted_usb USB_DRIVE=/dev/mapper/encrypted_usb
fi fi
mount $USB_DRIVE $USB_MOUNT if ! mount $USB_DRIVE $USB_MOUNT; then
if [ ! "$?" = "0" ]; then
echo $"There was a problem mounting the USB drive to $USB_MOUNT" echo $"There was a problem mounting the USB drive to $USB_MOUNT"
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
exit 78543 exit 78543
@ -132,7 +129,7 @@ fi
# optionally create a master drive which contains the full GPG keyring # optionally create a master drive which contains the full GPG keyring
if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
if [ ! -d /home/$MY_USERNAME/.gnupg ]; then if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
echo $"No .gnupg directory was found for $MY_USERNAME" echo $"No .gnupg directory was found for $MY_USERNAME"
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
@ -145,11 +142,11 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
export GPG_TTY export GPG_TTY
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME) GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME) GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
gpgerrstr=$'error' gpgerrstr=$'error'
gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID) gpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_ID")
if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting public gpg key' echo $'Problem exporting public gpg key'
echo "$gpgkey" echo "$gpgkey"
@ -157,7 +154,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
fi fi
echo '' echo ''
echo $'Enter your gpg private key passphrase:' echo $'Enter your gpg private key passphrase:'
gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID) gpgprivkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_ID")
if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting private gpg key' echo $'Problem exporting private gpg key'
echo "$gpgprivkey" echo "$gpgprivkey"
@ -168,13 +165,13 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
# Dummy password to get around not being able to create a key without passphrase # Dummy password to get around not being able to create a key without passphrase
BACKUP_DUMMY_PASSWORD='backup' BACKUP_DUMMY_PASSWORD='backup'
backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID) backupgpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_BACKUP_ID")
if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting public gpg backup key' echo $'Problem exporting public gpg backup key'
echo "$backupgpgkey" echo "$backupgpgkey"
exit 735282 exit 735282
fi fi
backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID) backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_BACKUP_ID")
if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting private gpg backup key' echo $'Problem exporting private gpg backup key'
echo "$backupgpgprivkey" echo "$backupgpgprivkey"
@ -187,7 +184,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT cp -rf "/home/$MY_USERNAME/.gnupg" $USB_MOUNT
if [ -d /etc/letsencrypt ]; then if [ -d /etc/letsencrypt ]; then
cp -rf /etc/letsencrypt $USB_MOUNT cp -rf /etc/letsencrypt $USB_MOUNT
@ -220,25 +217,25 @@ fi
FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
# make a directory to contain the fragments # make a directory to contain the fragments
if [ ! -d $FRAGMENTS_DIR ]; then if [ ! -d "$FRAGMENTS_DIR" ]; then
mkdir -p $FRAGMENTS_DIR mkdir -p "$FRAGMENTS_DIR"
echo $"Made directory $FRAGMENTS_DIR" echo $"Made directory $FRAGMENTS_DIR"
fi fi
if [ ! -d $FRAGMENTS_DIR ]; then if [ ! -d "$FRAGMENTS_DIR" ]; then
echo $"There was a problem making the directory $FRAGMENTS_DIR" echo $"There was a problem making the directory $FRAGMENTS_DIR"
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
exit 6843 exit 6843
fi fi
cd $FRAGMENTS_DIR cd "$FRAGMENTS_DIR" || exit 13389478368
no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l) # shellcheck disable=SC2012
if [ ! "$?" = "0" ]; then if ! no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l); then
no_of_usb_shares=0 no_of_usb_shares=0
fi fi
if (( no_of_usb_shares > 0 )); then if (( no_of_usb_shares > 0 )); then
echo $"A key fragment already exists on the drive for the user $MY_USERNAME" echo $"A key fragment already exists on the drive for the user $MY_USERNAME"
cd ~/ cd ~/ || exit 34678264583
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
exit 58945 exit 58945
@ -247,43 +244,44 @@ fi
# copy a random fragment to the drive # copy a random fragment to the drive
LOCAL_FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments LOCAL_FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
if [ ! -d $LOCAL_FRAGMENTS_DIR ]; then if [ ! -d "$LOCAL_FRAGMENTS_DIR" ]; then
${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
fi fi
cd $LOCAL_FRAGMENTS_DIR cd "$LOCAL_FRAGMENTS_DIR" || exit 7822452644
no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l) # shellcheck disable=SC2012
if [ ! "$?" = "0" ]; then if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
no_of_local_shares=0 no_of_local_shares=0
fi fi
if (( no_of_local_shares < 3 )); then if (( no_of_local_shares < 3 )); then
${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
cd $LOCAL_FRAGMENTS_DIR cd "$LOCAL_FRAGMENTS_DIR" || exit 724524242
no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l) # shellcheck disable=SC2012
if [ ! "$?" = "0" ]; then if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
no_of_local_shares=0 no_of_local_shares=0
fi fi
fi fi
if (( no_of_local_shares < 3 )); then if (( no_of_local_shares < 3 )); then
echo $"Not enough key fragments available ${no_of_local_shares}" echo $"Not enough key fragments available ${no_of_local_shares}"
cd ~/ cd ~/ || exit 7245267457
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
exit 63386 exit 63386
fi fi
share_files=($LOCAL_FRAGMENTS_DIR/keyshare.asc.*) share_files=("$LOCAL_FRAGMENTS_DIR/keyshare.asc.*")
SHARE_FILENAME=${share_files[RANDOM % ${#share_files[@]}]} SHARE_FILENAME=${share_files[RANDOM % ${#share_files[@]}]}
cp -f $SHARE_FILENAME $FRAGMENTS_DIR cp -f "$SHARE_FILENAME" "$FRAGMENTS_DIR"
cd $FRAGMENTS_DIR cd "$FRAGMENTS_DIR" || exit 2543244726
# shellcheck disable=SC2012
no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l) no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
echo $"Number of fragments on the drive: ${no_of_usb_shares}" echo $"Number of fragments on the drive: ${no_of_usb_shares}"
if (( no_of_usb_shares > 1 )); then if (( no_of_usb_shares > 1 )); then
echo $"Too many key fragments exist in $FRAGMENTS_DIR" echo $"Too many key fragments exist in $FRAGMENTS_DIR"
ls $FRAGMENTS_DIR ls "$FRAGMENTS_DIR"
cd ~/ cd ~/ || 357836582645
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
exit 54292 exit 54292
@ -291,14 +289,14 @@ fi
if (( no_of_usb_shares <= 0 )); then if (( no_of_usb_shares <= 0 )); then
echo $"There was a problem copying the key fragment to $USB_DRIVE" echo $"There was a problem copying the key fragment to $USB_DRIVE"
echo $"Files found: ${no_of_usb_shares}" echo $"Files found: ${no_of_usb_shares}"
ls $FRAGMENTS_DIR ls "$FRAGMENTS_DIR"
cd ~/ cd ~/ || exit 743452452
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
exit 54292 exit 54292
fi fi
cd ~/ cd ~/ || exit 245672457
umount -f $USB_MOUNT umount -f $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
echo $"Key fragment copied to $USB_DRIVE. You may now remove the drive." echo $"Key fragment copied to $USB_DRIVE. You may now remove the drive."

View File

@ -42,28 +42,28 @@ REMOVE_FILES_COMMAND='rm -rf'
source /usr/local/bin/${PROJECT_NAME}-vars source /usr/local/bin/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES for f in $APP_FILES
do do
source $f source "$f"
done done
APPS_AVAILABLE=() APPS_AVAILABLE=()
function logging_get_app_names { function logging_get_app_names {
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for filename in $FILES for filename in $FILES
do do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}') app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
if grep -q "logging_on_" ${filename}; then if grep -q "logging_on_" "${filename}"; then
if grep -q "logging_off_" ${filename}; then if grep -q "logging_off_" "${filename}"; then
APPS_AVAILABLE+=("${app_name}") APPS_AVAILABLE+=("${app_name}")
fi fi
fi fi
@ -76,7 +76,7 @@ function turn_logging_on {
for a in "${APPS_AVAILABLE[@]}" for a in "${APPS_AVAILABLE[@]}"
do do
echo $"Turning on logging for ${a}" echo $"Turning on logging for ${a}"
logging_on_${a} "logging_on_${a}"
done done
} }
@ -86,7 +86,7 @@ function turn_logging_off {
for a in "${APPS_AVAILABLE[@]}" for a in "${APPS_AVAILABLE[@]}"
do do
echo $"Turning off logging for ${a}" echo $"Turning off logging for ${a}"
logging_off_${a} "logging_off_${a}"
done done
} }
@ -162,14 +162,14 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
fi fi
for filename in /etc/nginx/sites-available/* ; do for filename in /etc/nginx/sites-available/* ; do
filename_domain=$(echo "$filename" | awk -F '/' '{print $5}') filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
done done
sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
fi fi
if [ -f /etc/init.d/spamassassin ]; then if [ -f /etc/init.d/spamassassin ]; then
sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
fi fi
if [ -d /etc/exim4 ]; then if [ -d /etc/exim4 ]; then
if [ ! -d /var/log/exim4 ]; then if [ ! -d /var/log/exim4 ]; then
@ -211,16 +211,16 @@ else
fi fi
if [ -d /etc/nginx ]; then if [ -d /etc/nginx ]; then
for filename in /etc/nginx/sites-available/* ; do for filename in /etc/nginx/sites-available/* ; do
sed -i 's|access_log.*|access_log /dev/null;|g' $filename sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
sed -i 's|error_log.*|error_log /dev/null;|g' $filename sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
done done
sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
$REMOVE_FILES_COMMAND /var/log/nginx/* $REMOVE_FILES_COMMAND /var/log/nginx/*
fi fi
if [ -f /etc/init.d/spamassassin ]; then if [ -f /etc/init.d/spamassassin ]; then
sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
fi fi
if [ -d /etc/exim4 ]; then if [ -d /etc/exim4 ]; then
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs

View File

@ -29,7 +29,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone' PROJECT_NAME='freedombone'
COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt COMPLETION_FILE="/root/${PROJECT_NAME}-completed.txt"
# hotspot passphrase must be 5 characters or longer # hotspot passphrase must be 5 characters or longer
HOTSPOT_PASSPHRASE="${PROJECT_NAME}" HOTSPOT_PASSPHRASE="${PROJECT_NAME}"
@ -40,28 +40,29 @@ source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
mesh_protocol_init mesh_protocol_init
update_wifi_adaptors update_wifi_adaptors
if [ ! $IFACE ]; then if [ ! "$IFACE" ]; then
echo $'No wlan adaptor' echo $'No wlan adaptor'
exit 0 exit 0
fi fi
if [ -e /etc/default/batctl ]; then if [ -e /etc/default/batctl ]; then
# shellcheck disable=SC1091
. /etc/default/batctl . /etc/default/batctl
fi fi
function status { function status {
batctl o batctl o
if grep -q "bmx6" $MESH_CURRENT_PROTOCOL; then if grep -q "bmx6" "$MESH_CURRENT_PROTOCOL"; then
bmx6 -c show=originators bmx6 -c show=originators
fi fi
if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then if grep -q "bmx7" "$MESH_CURRENT_PROTOCOL"; then
bmx7 -c show=originators bmx7 -c show=originators
fi fi
} }
function stop { function stop {
if [ ! -f $MESH_CURRENT_PROTOCOL ]; then if [ ! -f "$MESH_CURRENT_PROTOCOL" ]; then
return return
fi fi
@ -81,32 +82,33 @@ function stop {
systemctl stop dnsmasq systemctl stop dnsmasq
systemctl disable dnsmasq systemctl disable dnsmasq
# shellcheck disable=SC2153
if [ "$EIFACE" ]; then if [ "$EIFACE" ]; then
brctl delif $BRIDGE bat0 brctl delif "$BRIDGE" bat0
ifconfig $BRIDGE down || true ifconfig "$BRIDGE" down || true
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
if [[ "$ethernet_connected" != "0" ]]; then if [[ "$ethernet_connected" != "0" ]]; then
systemctl stop hostapd systemctl stop hostapd
brctl delif $BRIDGE $EIFACE brctl delif "$BRIDGE" "$EIFACE"
ifconfig $EIFACE down -promisc ifconfig "$EIFACE" down -promisc
fi fi
brctl delbr $BRIDGE brctl delbr "$BRIDGE"
fi fi
ifconfig bat0 down -promisc ifconfig bat0 down -promisc
batctl if del $IFACE batctl if del "$IFACE"
ifconfig $IFACE mtu 1500 ifconfig "$IFACE" mtu 1500
ifconfig $IFACE down ifconfig "$IFACE" down
iwconfig $IFACE mode managed iwconfig "$IFACE" mode managed
if [ $IFACE_SECONDARY ]; then if [ "$IFACE_SECONDARY" ]; then
systemctl stop hostapd systemctl stop hostapd
systemctl disable hostapd systemctl disable hostapd
batctl if del $IFACE_SECONDARY batctl if del "$IFACE_SECONDARY"
ifconfig $IFACE_SECONDARY mtu 1500 ifconfig "$IFACE_SECONDARY" mtu 1500
ifconfig $IFACE_SECONDARY down ifconfig "$IFACE_SECONDARY" down
iwconfig $IFACE_SECONDARY mode managed iwconfig "$IFACE_SECONDARY" mode managed
fi fi
rmmod batman-adv rmmod batman-adv
@ -115,55 +117,56 @@ function stop {
systemctl restart network-manager systemctl restart network-manager
if [ -f $MESH_CURRENT_PROTOCOL ]; then if [ -f "$MESH_CURRENT_PROTOCOL" ]; then
rm $MESH_CURRENT_PROTOCOL rm "$MESH_CURRENT_PROTOCOL"
fi fi
} }
function verify { function verify {
tempfile="$(mktemp)" tempfile="$(mktemp)"
batctl o > $tempfile batctl o > "$tempfile"
if grep -q "disabled" $tempfile; then if grep -q "disabled" "$tempfile"; then
echo $'B.A.T.M.A.N. not enabled' echo $'B.A.T.M.A.N. not enabled'
rm $tempfile rm "$tempfile"
stop stop
exit 726835 exit 726835
fi fi
echo $'B.A.T.M.A.N. is running' echo $'B.A.T.M.A.N. is running'
rm $tempfile rm "$tempfile"
} }
function add_wifi_interface { function add_wifi_interface {
ifname=$1 ifname=$1
ifssid=$WIFI_SSID ifssid=$WIFI_SSID
if [ $2 ]; then if [ "$2" ]; then
ifssid=$2 ifssid=$2
fi fi
ifmode=ad-hoc ifmode=ad-hoc
if [ $3 ]; then if [ "$3" ]; then
ifmode=$3 ifmode=$3
fi fi
ifchannel=$CHANNEL ifchannel=$CHANNEL
if [ $4 ]; then if [ "$4" ]; then
ifchannel=$4 ifchannel=$4
fi fi
ifconfig $ifname down ifconfig "$ifname" down
ifconfig $ifname mtu 1532 ifconfig "$ifname" mtu 1532
peermac=$(assign_peer_address) peermac=$(assign_peer_address)
if [ ! $peermac ]; then if [ ! "$peermac" ]; then
echo $"Unable to obtain MAC address for $peermac on $ifname" echo $"Unable to obtain MAC address for $peermac on $ifname"
return return
fi fi
ifconfig $ifname hw ether $peermac ifconfig "$ifname" hw ether "$peermac"
echo $"$ifname assigned MAC address $peermac" echo $"$ifname assigned MAC address $peermac"
iwconfig $ifname enc off iwconfig "$ifname" enc off
iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel iwconfig "$ifname" mode "$ifmode" essid "$ifssid" channel "$ifchannel"
batctl if add $ifname batctl if add "$ifname"
ifconfig $ifname up ifconfig "$ifname" up
} }
# shellcheck disable=SC2120
function start { function start {
update_wifi_adaptors update_wifi_adaptors
@ -188,11 +191,11 @@ function start {
global_rate_limit global_rate_limit
# Might have to re-enable wifi # Might have to re-enable wifi
rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
secondary_wifi_available= secondary_wifi_available=
if [ $IFACE_SECONDARY ]; then if [ "$IFACE_SECONDARY" ]; then
if [[ $IFACE != $IFACE_SECONDARY ]]; then if [[ "$IFACE" != "$IFACE_SECONDARY" ]]; then
if [ -d /etc/hostapd ]; then if [ -d /etc/hostapd ]; then
if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then
secondary_wifi_available=1 secondary_wifi_available=1
@ -215,23 +218,23 @@ function start {
sed -i "s|ExecStart=.*|ExecStart=/usr/local/bin/babeld ${IFACE}|g" /etc/systemd/system/babel.service sed -i "s|ExecStart=.*|ExecStart=/usr/local/bin/babeld ${IFACE}|g" /etc/systemd/system/babel.service
systemctl daemon-reload systemctl daemon-reload
add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL add_wifi_interface "$IFACE" "$WIFI_SSID" ad-hoc "$CHANNEL"
# NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself # NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself
ifconfig bat0 up promisc ifconfig bat0 up promisc
brctl addbr $BRIDGE brctl addbr "$BRIDGE"
brctl addif $BRIDGE bat0 brctl addif "$BRIDGE" bat0
ifconfig bat0 0.0.0.0 ifconfig bat0 0.0.0.0
ethernet_connected='0' ethernet_connected='0'
if [ "$EIFACE" ] ; then if [ "$EIFACE" ] ; then
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
if [[ "$ethernet_connected" != "0" ]]; then if [[ "$ethernet_connected" != "0" ]]; then
echo $'Trying ethernet bridge to the internet' echo $'Trying ethernet bridge to the internet'
brctl addif $BRIDGE $EIFACE brctl addif "$BRIDGE" "$EIFACE"
ifconfig $EIFACE 0.0.0.0 ifconfig "$EIFACE" 0.0.0.0
ifconfig $EIFACE up promisc ifconfig "$EIFACE" up promisc
echo $'End of ethernet bridge' echo $'End of ethernet bridge'
sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service
@ -243,8 +246,8 @@ function start {
echo $"$EIFACE is not connected" echo $"$EIFACE is not connected"
fi fi
fi fi
ifconfig $BRIDGE up ifconfig "$BRIDGE" up
dhclient $BRIDGE dhclient "$BRIDGE"
enable_mesh_seconary_wifi enable_mesh_seconary_wifi
@ -257,34 +260,34 @@ function start {
systemctl restart nginx systemctl restart nginx
if [ ! -f $MESH_DEFAULT_PROTOCOL ]; then if [ ! -f "$MESH_DEFAULT_PROTOCOL" ]; then
echo 'bmx6' > $MESH_DEFAULT_PROTOCOL echo 'bmx6' > "$MESH_DEFAULT_PROTOCOL"
fi fi
if grep -q "bmx6" $MESH_DEFAULT_PROTOCOL; then if grep -q "bmx6" "$MESH_DEFAULT_PROTOCOL"; then
systemctl enable bmx6 systemctl enable bmx6
systemctl restart bmx6 systemctl restart bmx6
sed -i 's|<type>.*|<type>_bmx6._tcp</type>|g' /etc/avahi/services/routing.service sed -i 's|<type>.*|<type>_bmx6._tcp</type>|g' /etc/avahi/services/routing.service
fi fi
if grep -q "bmx7" $MESH_DEFAULT_PROTOCOL; then if grep -q "bmx7" "$MESH_DEFAULT_PROTOCOL"; then
systemctl enable bmx7 systemctl enable bmx7
systemctl restart bmx7 systemctl restart bmx7
sed -i 's|<type>.*|<type>_bmx7._tcp</type>|g' /etc/avahi/services/routing.service sed -i 's|<type>.*|<type>_bmx7._tcp</type>|g' /etc/avahi/services/routing.service
fi fi
if grep -q "olsr" $MESH_DEFAULT_PROTOCOL; then if grep -q "olsr" "$MESH_DEFAULT_PROTOCOL"; then
IFACE=$(cat /etc/systemd/system/olsr2.service | grep ExecStart | awk -F ' ' '{print $2}') IFACE=$(grep ExecStart "/etc/systemd/system/olsr2.service" | awk -F ' ' '{print $2}')
mesh_generate_ipv6_address $IFACE mesh_generate_ipv6_address "$IFACE"
systemctl enable olsr2 systemctl enable olsr2
systemctl restart olsr2 systemctl restart olsr2
sed -i 's|<type>.*|<type>_olsr2._tcp</type>|g' /etc/avahi/services/routing.service sed -i 's|<type>.*|<type>_olsr2._tcp</type>|g' /etc/avahi/services/routing.service
fi fi
if grep -q "babel" $MESH_DEFAULT_PROTOCOL; then if grep -q "babel" "$MESH_DEFAULT_PROTOCOL"; then
IFACE=$(cat /etc/systemd/system/babel.service | grep ExecStart | awk -F ' ' '{print $2}') IFACE=$(grep ExecStart /etc/systemd/system/babel.service | awk -F ' ' '{print $2}')
mesh_generate_ipv6_address $IFACE mesh_generate_ipv6_address "$IFACE"
systemctl enable babel systemctl enable babel
systemctl restart babel systemctl restart babel
@ -295,7 +298,7 @@ function start {
verify verify
echo "$(cat $MESH_DEFAULT_PROTOCOL)" > $MESH_CURRENT_PROTOCOL cat "$MESH_DEFAULT_PROTOCOL" > "$MESH_CURRENT_PROTOCOL"
} }
function monitor { function monitor {
@ -329,32 +332,33 @@ function monitor {
echo '' echo ''
# Might have to re-enable wifi # Might have to re-enable wifi
rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
ifconfig $IFACE down ifconfig "$IFACE" down
ifconfig $IFACE mtu 1532 ifconfig "$IFACE" mtu 1532
ifconfig $IFACE hw ether $(assign_peer_address) ifconfig "$IFACE" hw ether "$(assign_peer_address)"
iwconfig $IFACE enc off iwconfig "$IFACE" enc off
iwconfig $IFACE mode monitor channel $CHANNEL iwconfig "$IFACE" mode monitor channel "$CHANNEL"
sleep 1 sleep 1
iwconfig $IFACE ap $CELLID iwconfig "$IFACE" ap "$CELLID"
modprobe batman-adv modprobe batman-adv
batctl if add $IFACE batctl if add "$IFACE"
ifconfig $IFACE up ifconfig "$IFACE" up
horst -i $IFACE horst -i "$IFACE"
clear clear
echo '' echo ''
echo $'*** Restarting the network daemon. This may take a while. ***' echo $'*** Restarting the network daemon. This may take a while. ***'
echo '' echo ''
# shellcheck disable=SC2119
start start
} }
if ! grep -q "$IFACE" /proc/net/dev; then if ! grep -q "$IFACE" /proc/net/dev; then
echo 'Interface $IFACE was not found' echo "Interface \$IFACE was not found"
stop stop
exit 1 exit 1
fi fi
@ -374,10 +378,11 @@ case "$1" in
echo '' echo ''
echo $'*** Starting mesh network connection ***' echo $'*** Starting mesh network connection ***'
echo '' echo ''
# shellcheck disable=SC2119
start start
;; ;;
ping) ping)
batctl ping $2 batctl ping "$2"
;; ;;
data) data)
watch -n1 "batctl s | grep mgmt | grep bytes" watch -n1 "batctl s | grep mgmt | grep bytes"
@ -387,7 +392,7 @@ case "$1" in
;; ;;
*) *)
echo "error: invalid parameter $1" echo "error: invalid parameter $1"
echo 'usage: $0 {start|stop|restart|status|ping|ls|list}' echo "usage: \$0 {start|stop|restart|status|ping|ls|list}"
exit 2 exit 2
;; ;;
esac esac

View File

@ -42,17 +42,17 @@ BLOG_EDITOR='pluma'
DEFAULT_BLOG_TITLE=$"Freedombone Blog" DEFAULT_BLOG_TITLE=$"Freedombone Blog"
function remove_bad_blog_links { function remove_bad_blog_links {
find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \; find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \; find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \; find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \; find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \; find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \; find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
} }
function ipfs_publish { function ipfs_publish {
DIR_TO_CHECK=/home/$USER/Public DIR_TO_CHECK=/home/$USER/Public
if [ ! -d $DIR_TO_CHECK ]; then if [ ! -d "$DIR_TO_CHECK" ]; then
return return
fi fi
@ -60,13 +60,13 @@ function ipfs_publish {
echo $'Publishing to IPFS. This may take some time...' echo $'Publishing to IPFS. This may take some time...'
OLD_STAT_FILE=/home/$USER/.old_stat.txt OLD_STAT_FILE=/home/$USER/.old_stat.txt
NEW_STAT=$(stat -t $DIR_TO_CHECK) NEW_STAT=$(stat -t "$DIR_TO_CHECK")
echo $($IPFS_COMMAND add -rq /home/$USER/Public | tail -n 1) > $IPFS_PUBLIC $IPFS_COMMAND add -rq "/home/$USER/Public" | tail -n 1 > "$IPFS_PUBLIC"
echo "$NEW_STAT" > $OLD_STAT_FILE echo "$NEW_STAT" > "$OLD_STAT_FILE"
if [ -f $IPFS_PUBLIC ]; then if [ -f "$IPFS_PUBLIC" ]; then
IPFS_PUBLIC_ID=$(cat $IPFS_PUBLIC) IPFS_PUBLIC_ID=$(cat "$IPFS_PUBLIC")
$IPFS_COMMAND name publish /ipfs/$IPFS_PUBLIC_ID $IPFS_COMMAND name publish "/ipfs/$IPFS_PUBLIC_ID"
fi fi
} }
@ -75,7 +75,7 @@ function regenerate_blog {
echo '' echo ''
echo $'Regenerating blog...' echo $'Regenerating blog...'
cd $BLOG_PATH cd $BLOG_PATH || exit 246872648
if grep -q "SITENAME=u'${DEFAULT_BLOG_TITLE}'" $BLOG_PATH/pelicanconf.py; then if grep -q "SITENAME=u'${DEFAULT_BLOG_TITLE}'" $BLOG_PATH/pelicanconf.py; then
TOX_NICK=$(toxid --showuser) TOX_NICK=$(toxid --showuser)
BLOG_TITLE=$"${TOX_NICK}'s Blog" BLOG_TITLE=$"${TOX_NICK}'s Blog"
@ -83,7 +83,7 @@ function regenerate_blog {
fi fi
make html make html
cd $BLOG_PATH cd $BLOG_PATH || exit 23682468
remove_bad_blog_links remove_bad_blog_links
ipfs_publish ipfs_publish
@ -97,19 +97,19 @@ function view_blog {
function new_blog { function new_blog {
DATESTR=$(date "+%Y-%m-%d %H:%M:%S") DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
echo $'Title: Blog Post Title' > ~/.new-blog-entry { echo $'Title: Blog Post Title';
echo $"Date: ${DATESTR}" >> ~/.new-blog-entry echo $"Date: ${DATESTR}";
echo $"Author: $(toxid --showuser)" >> ~/.new-blog-entry echo $"Author: $(toxid --showuser)";
echo $'Category: default' >> ~/.new-blog-entry echo $'Category: default';
echo $'Tags: blog, tag' >> ~/.new-blog-entry echo $'Tags: blog, tag';
echo '' >> ~/.new-blog-entry echo '';
echo $'Add your text here' >> ~/.new-blog-entry echo $'Add your text here';
echo '' >> ~/.new-blog-entry echo '';
echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ' >> ~/.new-blog-entry echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ';
echo $'then link to it with:' >> ~/.new-blog-entry echo $'then link to it with:';
echo '' >> ~/.new-blog-entry echo '';
echo $'![My image]({filename}images/myimage.jpg)' >> ~/.new-blog-entry echo $'![My image]({filename}images/myimage.jpg)';
echo '' >> ~/.new-blog-entry echo ''; } > ~/.new-blog-entry
$BLOG_EDITOR ~/.new-blog-entry $BLOG_EDITOR ~/.new-blog-entry
@ -119,26 +119,26 @@ function new_blog {
if grep -q $"Blog Post Title" ~/.new-blog-entry; then if grep -q $"Blog Post Title" ~/.new-blog-entry; then
return return
fi fi
if [ ! -f $CURRENT_BLOG_INDEX ]; then if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
echo '0' > $CURRENT_BLOG_INDEX echo '0' > "$CURRENT_BLOG_INDEX"
fi fi
# move to the content directory # move to the content directory
CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX) CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
mv ~/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md mv ~/.new-blog-entry "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
# increment the index # increment the index
CURRENT_INDEX=$((CURRENT_INDEX + 1)) CURRENT_INDEX=$((CURRENT_INDEX + 1))
echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
regenerate_blog regenerate_blog
} }
function edit_blog { function edit_blog {
if [ ! -f $CURRENT_BLOG_INDEX ]; then if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
return return
fi fi
CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX) CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
PREVIOUS_INDEX=$((CURRENT_INDEX - 1)) PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
if [ ! -f $LAST_BLOG_ENTRY ]; then if [ ! -f $LAST_BLOG_ENTRY ]; then
@ -149,23 +149,23 @@ function edit_blog {
} }
function delete_blog { function delete_blog {
if [ ! -f $CURRENT_BLOG_INDEX ]; then if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
return return
fi fi
CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX) CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
PREVIOUS_INDEX=$((CURRENT_INDEX - 1)) PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
if [ ! -f $LAST_BLOG_ENTRY ]; then if [ ! -f $LAST_BLOG_ENTRY ]; then
return return
fi fi
if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
rm $LAST_BLOG_ENTRY rm $LAST_BLOG_ENTRY
if [ $CURRENT_INDEX -gt 0 ]; then if [ "$CURRENT_INDEX" -gt 0 ]; then
CURRENT_INDEX=$PREVIOUS_INDEX CURRENT_INDEX=$PREVIOUS_INDEX
echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
else else
rm -f $CURRENT_BLOG_INDEX rm -f "$CURRENT_BLOG_INDEX"
fi fi
regenerate_blog regenerate_blog
fi fi
@ -180,8 +180,8 @@ function change_theme {
n=1 n=1
curr_theme_index= curr_theme_index=
if [ -f /home/$USER/.blog-theme-index ]; then if [ -f "/home/$USER/.blog-theme-index" ]; then
curr_theme_index=$(cat /home/$USER/.blog-theme-index) curr_theme_index=$(cat "/home/$USER/.blog-theme-index")
fi fi
if [ -f /tmp/.blog-themes ]; then if [ -f /tmp/.blog-themes ]; then
rm /tmp/.blog-themes rm /tmp/.blog-themes
@ -189,10 +189,11 @@ function change_theme {
for a in "${THEMES[@]}" for a in "${THEMES[@]}"
do do
echo "$n $a" >> /tmp/.blog-themes echo "$n $a" >> /tmp/.blog-themes
n=$[n+1] n=$((n+1))
done done
CHOSEN_THEME_INDEX=$( CHOSEN_THEME_INDEX=$(
# shellcheck disable=SC2002
cat /tmp/.blog-themes | \ cat /tmp/.blog-themes | \
awk -F ' ' '{ awk -F ' ' '{
for(i=1;i<=NF;i++){ for(i=1;i<=NF;i++){
@ -204,15 +205,15 @@ function change_theme {
--column=$'Index' --column=$'Theme' \ --column=$'Index' --column=$'Theme' \
--print-column=1 --hide-column=1 --width=300 --height=400) --print-column=1 --hide-column=1 --width=300 --height=400)
rm /tmp/.blog-themes rm /tmp/.blog-themes
if [ ! $CHOSEN_THEME_INDEX ]; then if [ ! "$CHOSEN_THEME_INDEX" ]; then
exit 1 exit 1
fi fi
echo "$CHOSEN_THEME_INDEX" > /home/$USER/.blog-theme-index echo "$CHOSEN_THEME_INDEX" > "/home/$USER/.blog-theme-index"
CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1)) CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]} CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
cd cd $BLOG_PATH/themes/$CHOSEN_THEME cd "$BLOG_PATH/themes/$CHOSEN_THEME" || exit 346746824
remove_bad_blog_links remove_bad_blog_links
if grep -q "THEME=" $BLOG_PATH/pelicanconf.py; then if grep -q "THEME=" $BLOG_PATH/pelicanconf.py; then
sed -i "s|THEME=.*|THEME='themes/${CHOSEN_THEME}'|g" $BLOG_PATH/pelicanconf.py sed -i "s|THEME=.*|THEME='themes/${CHOSEN_THEME}'|g" $BLOG_PATH/pelicanconf.py

View File

@ -54,7 +54,8 @@ function vpn_generate_keys {
fi fi
cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa || exit 246872464
# shellcheck disable=SC1091
. ./vars . ./vars
./clean-all ./clean-all
vpn_openssl_version='1.0.0' vpn_openssl_version='1.0.0'
@ -147,12 +148,12 @@ function mesh_setup_vpn {
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel* chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
# create an archive of the vpn client files # create an archive of the vpn client files
cd /home/$MY_USERNAME cd /home/$MY_USERNAME || exit 346825628354
tar -czvf vpn.tar.gz stunnel* client.ovpn tar -czvf vpn.tar.gz stunnel* client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
if [ -f vpn.tar.gz ]; then if [ -f vpn.tar.gz ]; then
zenity --info --title $"Generate VPN client keys" --text $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600 zenity --info --title $"Generate VPN client keys" --text $"\\nNew VPN client keys have been generated in the /home/fbone directory.\\n\\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\\n\\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
fi fi
} }
@ -190,7 +191,7 @@ function connect_to_mesh {
sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
clear clear
cd ~/ cd ~/ || exit 234628422874
sudo stunnel stunnel-client.conf sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn sudo openvpn client.ovpn
fi fi

View File

@ -108,26 +108,26 @@ function mesh_avahi {
fi fi
# Add a mesh routing protocol service # Add a mesh routing protocol service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/routing.service { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/routing.service echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>' >> $rootdir/etc/avahi/services/routing.service echo '<service-group>';
echo ' <name replace-wildcards="yes">%h routing</name>' >> $rootdir/etc/avahi/services/routing.service echo ' <name replace-wildcards="yes">%h routing</name>';
echo ' <service>' >> $rootdir/etc/avahi/services/routing.service echo ' <service>';
echo ' <type>_bmx6._tcp</type>' >> $rootdir/etc/avahi/services/routing.service echo ' <type>_bmx6._tcp</type>';
echo ' </service>' >> $rootdir/etc/avahi/services/routing.service echo ' </service>';
echo '</service-group>' >> $rootdir/etc/avahi/services/routing.service echo '</service-group>'; } > "$rootdir/etc/avahi/services/routing.service"
# keep the daemon running # keep the daemon running
WATCHDOG_SCRIPT_NAME="keepon" WATCHDOG_SCRIPT_NAME="keepon"
echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME { echo '';
echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo '# keep avahi daemon running';
echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo "AVAHI_RUNNING=\$(pgrep avahi-daemon > /dev/null && echo Running)";
echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo "if [ ! \$AVAHI_RUNNING ]; then";
echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo ' systemctl start avahi-daemon';
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo " echo -n \$CURRENT_DATE >> \$LOGFILE";
echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo " echo \" Avahi daemon restarted\" >> \$LOGFILE";
echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo 'fi'; } >> "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
} }
function install_batman_remove { function install_batman_remove {
@ -154,23 +154,23 @@ function install_batman {
fi fi
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
echo '[Unit]' > $BATMAN_DAEMON { echo '[Unit]';
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON echo 'Description=B.A.T.M.A.N. Advanced';
echo 'After=network.target' >> $BATMAN_DAEMON echo 'After=network.target';
echo '' >> $BATMAN_DAEMON echo '';
echo '[Service]' >> $BATMAN_DAEMON echo '[Service]';
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON echo 'RemainAfterExit=yes';
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON echo "ExecStart=/var/lib/batman start";
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON echo "ExecStop=/var/lib/batman stop";
echo 'Restart=on-failure' >> $BATMAN_DAEMON echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON echo 'RestartForceExitStatus=3 4';
echo '' >> $BATMAN_DAEMON echo '';
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON echo '# Allow time for the server to start/stop';
echo 'TimeoutSec=300' >> $BATMAN_DAEMON echo 'TimeoutSec=300';
echo '' >> $BATMAN_DAEMON echo '';
echo '[Install]' >> $BATMAN_DAEMON echo '[Install]';
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
$CHROOT_PREFIX systemctl enable batman $CHROOT_PREFIX systemctl enable batman
} }
@ -178,79 +178,79 @@ function mesh_firewall {
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT { echo '#!/bin/bash';
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -P INPUT ACCEPT';
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -P INPUT ACCEPT';
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT echo 'iptables -F';
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -F';
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT echo 'iptables -t nat -F';
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -t nat -F';
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT echo 'iptables -X';
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -X';
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -P INPUT DROP';
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -P INPUT DROP';
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -i lo -j ACCEPT';
echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -i lo -j ACCEPT';
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
echo '' >> $MESH_FIREWALL_SCRIPT echo '';
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT echo '# Make sure incoming tcp connections are SYN packets';
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
echo '' >> $MESH_FIREWALL_SCRIPT echo '';
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT echo '# Drop packets with incoming fragments';
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -f -j DROP';
echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -f -j DROP';
echo '' >> $MESH_FIREWALL_SCRIPT echo '';
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT echo '# Drop bogons';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
echo '' >> $MESH_FIREWALL_SCRIPT echo '';
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT echo '# Incoming malformed NULL packets:';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
echo '' >> $MESH_FIREWALL_SCRIPT echo '';
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
echo '# OLSR2/MANET' >> $MESH_FIREWALL_SCRIPT echo '# OLSR2/MANET';
echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT';
echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT';
echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT';
echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT';
echo '# Babel' >> $MESH_FIREWALL_SCRIPT echo '# Babel';
echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT';
echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT'; } > "$MESH_FIREWALL_SCRIPT"
chmod +x $MESH_FIREWALL_SCRIPT chmod +x $MESH_FIREWALL_SCRIPT
echo '[Unit]' > $FIREWALL_FILENAME { echo '[Unit]';
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME echo 'Description=Mesh Firewall';
echo '' >> $FIREWALL_FILENAME echo '';
echo '[Service]' >> $FIREWALL_FILENAME echo '[Service]';
echo 'Type=oneshot' >> $FIREWALL_FILENAME echo 'Type=oneshot';
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME echo 'ExecStart=/usr/bin/mesh-firewall';
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME echo 'RemainAfterExit=no';
echo '' >> $FIREWALL_FILENAME echo '';
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME echo 'TimeoutSec=30';
echo '' >> $FIREWALL_FILENAME echo '';
echo '[Install]' >> $FIREWALL_FILENAME echo '[Install]';
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME echo 'WantedBy=multi-user.target'; } > $FIREWALL_FILENAME
chmod +x $FIREWALL_FILENAME chmod +x $FIREWALL_FILENAME
$CHROOT_PREFIX systemctl enable meshfirewall $CHROOT_PREFIX systemctl enable meshfirewall
} }
@ -275,7 +275,7 @@ function mesh_tox_client_toxic_from_repo {
echo "Toxic Installed." echo "Toxic Installed."
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -290,7 +290,7 @@ do
-r|--rootdir) -r|--rootdir)
shift shift
rootdir="$1" rootdir="$1"
CHROOT_PREFIX='chroot "${rootdir}"' CHROOT_PREFIX="chroot \"\${rootdir}\""
;; ;;
-w|--wifi|--interface) -w|--wifi|--interface)
shift shift

View File

@ -35,13 +35,13 @@ invite=$(sudo -- bash -c 'su -c "sbot invite.create 1" - scuttlebot' | awk -F '"
if [ ${#invite} -lt 10 ]; then if [ ${#invite} -lt 10 ]; then
dialog --title $"Create Invite" \ dialog --title $"Create Invite" \
--msgbox $"\nThe invite could not be created" 7 70 --msgbox $"\\nThe invite could not be created" 7 70
exit 1 exit 1
fi fi
echo "$invite" | xclip -selection c echo "$invite" | xclip -selection c
dialog --title $"Create Invite" \ dialog --title $"Create Invite" \
--msgbox $"\nThe invite has been copied to the clipboard.\n\nYou can paste it with CTRL+v" 9 70 --msgbox $"\\nThe invite has been copied to the clipboard.\\n\\nYou can paste it with CTRL+v" 9 70
exit 0 exit 0

View File

@ -43,12 +43,12 @@ if ! zenity --question --title=$'New Identity' --text=$"Do you want to reset you
sudo pkill midori sudo pkill midori
sudo pkill patchwork sudo pkill patchwork
sudo rm -f $MESH_INSTALL_COMPLETED sudo rm -f $MESH_INSTALL_COMPLETED
sudo ${PROJECT_NAME}-image-mesh $USER new sudo "${PROJECT_NAME}-image-mesh" "$USER" new
sudo batman start sudo batman start
if [ -f $HOME/mesh-desktop.sh ]; then if [ -f "$HOME/mesh-desktop.sh" ]; then
$HOME/mesh-desktop.sh "$HOME/mesh-desktop.sh"
else else
zenity --info --title=$"New Identity" --text=$"You now have a new identity" --width=200 zenity --info --title=$"New Identity" --text=$"You now have a new identity" --width=200
fi fi

View File

@ -31,34 +31,34 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-mesh-routing export TEXTDOMAIN=${PROJECT_NAME}-mesh-routing
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi"
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh"
function mesh_stop_daemon { function mesh_stop_daemon {
daemon_name=$1 daemon_name=$1
clear clear
echo '' echo ''
echo $"Stopping $1..." echo $"Stopping ${daemon_name}..."
sudo systemctl stop $1 sudo systemctl stop "${daemon_name}"
echo $"Disabling $1..." echo $"Disabling ${daemon_name}..."
sudo systemctl disable $1 sudo systemctl disable "${daemon_name}"
} }
clear clear
echo '' echo ''
echo $'Scanning for BMX6 protocol...' echo $'Scanning for BMX6 protocol...'
bmx6_peers=$(avahi-browse -at | grep routing | grep bmx6 | wc -l) bmx6_peers=$(avahi-browse -at | grep routing | grep -c bmx6)
clear clear
echo '' echo ''
echo $'Scanning for OLSR2 protocol...' echo $'Scanning for OLSR2 protocol...'
olsr2_peers=$(avahi-browse -at | grep routing | grep olsr2 | wc -l) olsr2_peers=$(avahi-browse -at | grep routing | grep -c olsr2)
clear clear
echo '' echo ''
echo $'Scanning for Babel protocol...' echo $'Scanning for Babel protocol...'
babel_peers=$(avahi-browse -at | grep routing | grep babel | wc -l) babel_peers=$(avahi-browse -at | grep routing | grep -c babel)
clear clear
@ -71,28 +71,28 @@ case $sel in
esac esac
temp_script=$HOME/.change_routing temp_script=$HOME/.change_routing
echo '#!/bin/bash' > $temp_script { echo '#!/bin/bash';
echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL" >> $temp_script echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL";
echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL" >> $temp_script echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL";
echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service" >> $temp_script echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service";
echo 'systemctl restart avahi-daemon' >> $temp_script echo 'systemctl restart avahi-daemon';
echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')" >> $temp_script echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')";
echo 'network=fd66:66:66' >> $temp_script echo 'network=fd66:66:66';
echo 'search_ipv6=$(ifconfig $1 | grep $network)' >> $temp_script echo "search_ipv6=\$(ifconfig \$1 | grep \$network)";
echo 'if [ $search_ipv6 ]; then' >> $temp_script echo "if [ \$search_ipv6 ]; then";
echo " result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')" >> $temp_script echo " result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')";
echo ' ip -6 addr add ${result}/128 dev $1' >> $temp_script echo " ip -6 addr add \${result}/128 dev \$1";
echo 'else' >> $temp_script echo 'else';
echo ' ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )' >> $temp_script echo ' ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )';
echo ' a=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script echo " a=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
echo ' b=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script echo " b=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
echo ' c=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script echo " c=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
echo ' d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script echo " d=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
echo ' e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script echo " e=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
echo ' result=$network:$a:$b:$c:$d:$e' >> $temp_script echo " result=\$network:\$a:\$b:\$c:\$d:\$e";
echo ' ip -6 addr add ${result}/128 dev $1' >> $temp_script echo " ip -6 addr add \${result}/128 dev \$1";
echo 'fi' >> $temp_script echo 'fi'; } > "$temp_script"
chmod +x $temp_script chmod +x "$temp_script"
clear clear
echo '' echo ''
@ -100,7 +100,7 @@ echo $'Authentication to change mesh protocol'
echo '' echo ''
case $data in case $data in
1) sudo $temp_script 'bmx6' 1) sudo "$temp_script" 'bmx6'
mesh_stop_daemon 'bmx7' mesh_stop_daemon 'bmx7'
mesh_stop_daemon 'olsr2' mesh_stop_daemon 'olsr2'
mesh_stop_daemon 'babel' mesh_stop_daemon 'babel'
@ -111,7 +111,7 @@ case $data in
echo $'Starting BMX6...' echo $'Starting BMX6...'
sudo systemctl start bmx6 sudo systemctl start bmx6
;; ;;
2) sudo $temp_script 'olsr2' 2) sudo "$temp_script" 'olsr2'
mesh_stop_daemon 'bmx6' mesh_stop_daemon 'bmx6'
mesh_stop_daemon 'bmx7' mesh_stop_daemon 'bmx7'
mesh_stop_daemon 'babel' mesh_stop_daemon 'babel'
@ -122,7 +122,7 @@ case $data in
echo $'Starting OLSR2...' echo $'Starting OLSR2...'
sudo systemctl start olsr2 sudo systemctl start olsr2
;; ;;
3) sudo $temp_script 'babel' 3) sudo "$temp_script" 'babel'
mesh_stop_daemon 'bmx6' mesh_stop_daemon 'bmx6'
mesh_stop_daemon 'bmx7' mesh_stop_daemon 'bmx7'
mesh_stop_daemon 'olsr2' mesh_stop_daemon 'olsr2'
@ -135,6 +135,6 @@ case $data in
;; ;;
esac esac
rm $temp_script rm "$temp_script"
exit 0 exit 0

View File

@ -51,7 +51,7 @@ fi
USERS_FILE_LINES=$(wc -l $USERS_FILE | awk -F ' ' '{print $1}') USERS_FILE_LINES=$(wc -l $USERS_FILE | awk -F ' ' '{print $1}')
if [ $USERS_FILE_LINES -gt 200 ]; then if [ "$USERS_FILE_LINES" -gt 200 ]; then
# If there are more than a Dunbar number of peers then ask for the peer name or ID # If there are more than a Dunbar number of peers then ask for the peer name or ID
data=$(zenity --entry --title="Visit IPFS site" --text="Enter the username or Tox ID for the site you wish to visit") data=$(zenity --entry --title="Visit IPFS site" --text="Enter the username or Tox ID for the site you wish to visit")
sel=$? sel=$?
@ -62,7 +62,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
if ! grep -q "$TOX_USERNAME_OR_ID" $USERS_FILE; then if ! grep -q "$TOX_USERNAME_OR_ID" $USERS_FILE; then
TOX_ID="$TOX_USERNAME_OR_ID" TOX_ID="$TOX_USERNAME_OR_ID"
else else
TOX_ID=$(cat "$USERS_FILE" | grep "$TOX_USERNAME_OR_ID" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//') TOX_ID=$(grep "$TOX_USERNAME_OR_ID" "$USERS_FILE" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
fi fi
if [ ${#TOX_ID} -gt 5 ]; then if [ ${#TOX_ID} -gt 5 ]; then
@ -70,7 +70,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
zenity --info --title $"Visit a site" --text $"An IPFS site was not found for the user '$TOX_USERNAME_OR_ID'" --width 500 zenity --info --title $"Visit a site" --text $"An IPFS site was not found for the user '$TOX_USERNAME_OR_ID'" --width 500
exit 3 exit 3
fi fi
IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}') IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
pkill $BROWSER pkill $BROWSER
setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null & setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
@ -85,7 +85,8 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
else else
# If there are a relatively small number of users then choose from a list # If there are a relatively small number of users then choose from a list
TOX_ID=$( TOX_ID=$(
cat $USERS_FILE | \ # shellcheck disable=SC2002
cat "$USERS_FILE" | \
awk -F ' ' '{ awk -F ' ' '{
for(i=1;i<=NF;i++){ for(i=1;i<=NF;i++){
print $i; print $i;
@ -95,10 +96,10 @@ else
--title='Visit the site of another user' \ --title='Visit the site of another user' \
--column='Username' --column='Tox ID' \ --column='Username' --column='Tox ID' \
--print-column=2 --hide-column=2 --width=300 --height=400) --print-column=2 --hide-column=2 --width=300 --height=400)
if [ ! $TOX_ID ]; then if [ ! "$TOX_ID" ]; then
exit 0 exit 0
fi fi
IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}') IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
pkill $BROWSER pkill $BROWSER
setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null & setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &

View File

@ -60,7 +60,7 @@ function get_backup_key_id {
MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//') MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
echo $"Error: gpg backup key was not found" echo $"Error: gpg backup key was not found"
return 58213 exit 58213
fi fi
} }
@ -99,7 +99,7 @@ function pad_string {
pass_string="$1" pass_string="$1"
str_length=${#pass_string} str_length=${#pass_string}
total_padding=$((128 - str_length)) total_padding=$((128 - str_length))
leading_padding=$((1 + RANDOM % $total_padding)) leading_padding=$((1 + RANDOM % total_padding))
trailing_padding=$((total_padding - leading_padding)) trailing_padding=$((total_padding - leading_padding))
leading=$(printf "%-${leading_padding}s") leading=$(printf "%-${leading_padding}s")
trailing=$(printf "%-${trailing_padding}s") trailing=$(printf "%-${trailing_padding}s")
@ -118,8 +118,7 @@ function run_tests {
echo $'Incorrect padded length' echo $'Incorrect padded length'
exit 78352 exit 78352
fi fi
${PROJECT_NAME}-pass -u root -a tests -p "$pass" if ! "${PROJECT_NAME}-pass" -u root -a tests -p "$pass"; then
if [ ! "$?" = "0" ]; then
echo $'Unable to encrypt password' echo $'Unable to encrypt password'
exit 72725 exit 72725
fi fi
@ -142,8 +141,8 @@ function clear_passwords {
for d in /root/.passwords/*/ ; do for d in /root/.passwords/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $4}') USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
if [[ "$USERNAME" != 'root' ]]; then if [[ "$USERNAME" != 'root' ]]; then
shred -zu /root/.passwords/$USERNAME/* shred -zu "/root/.passwords/$USERNAME/*"
rm -rf /root/.passwords/$USERNAME rm -rf "/root/.passwords/$USERNAME"
fi fi
done done
if [ ! -f $NO_PASSWORD_STORE_FILE ]; then if [ ! -f $NO_PASSWORD_STORE_FILE ]; then
@ -156,39 +155,39 @@ function clear_passwords {
function export_to_keepass { function export_to_keepass {
filename="$1" filename="$1"
echo '<database>' > $filename { echo '<database>';
echo ' <group>' >> $filename echo ' <group>';
echo " <title>${PROJECT_NAME}</title>" >> $filename echo " <title>${PROJECT_NAME}</title>";
echo ' <icon>48</icon>' >> $filename echo ' <icon>48</icon>'; } > "$filename"
for d in /root/.passwords/*/ ; do for d in /root/.passwords/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $4}') USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
echo ' <group>' >> $filename { echo ' <group>';
echo " <title>$USERNAME</title>" >> $filename echo " <title>$USERNAME</title>";
echo ' <icon>0</icon>' >> $filename echo ' <icon>0</icon>'; } >> "$filename"
for a in /root/.passwords/$USERNAME/* ; do for a in /root/.passwords/$USERNAME/* ; do
APP_NAME=$(basename $a) APP_NAME=$(basename "$a")
app_password=$(${PROJECT_NAME}-pass -u $USERNAME -a $APP_NAME) app_password=$("${PROJECT_NAME}-pass" -u "$USERNAME" -a "$APP_NAME")
echo ' <entry>' >> $filename { echo ' <entry>';
echo " <title>$APP_NAME</title>" >> $filename echo " <title>$APP_NAME</title>";
echo " <username>$USERNAME</username>" >> $filename echo " <username>$USERNAME</username>";
echo " <password>$app_password</password>" >> $filename echo " <password>$app_password</password>";
echo ' <url/>' >> $filename echo ' <url/>';
echo ' <comment/>' >> $filename echo ' <comment/>';
echo ' <icon>0</icon>' >> $filename echo ' <icon>0</icon>';
echo ' <expire>Never</expire>' >> $filename echo ' <expire>Never</expire>';
echo ' </entry>' >> $filename echo ' </entry>'; } >> "$filename"
done done
echo ' </group>' >> $filename echo ' </group>' >> "$filename"
done done
echo ' </group>' >> $filename echo ' </group>' >> "$filename"
echo '</database>' >> $filename echo '</database>' >> "$filename"
echo $"Exported $filename" echo $"Exported $filename"
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -245,9 +244,9 @@ do
shift shift
done done
if [ ${REMOVE_USERNAME} ]; then if [ "${REMOVE_USERNAME}" ]; then
if [ -d ~/.passwords/${REMOVE_USERNAME} ]; then if [ -d "${HOME}/.passwords/${REMOVE_USERNAME}" ]; then
rm -rf ~/.passwords/${REMOVE_USERNAME} rm -rf "${HOME}/.passwords/${REMOVE_USERNAME}"
fi fi
exit 0 exit 0
fi fi
@ -271,43 +270,43 @@ if [ $TESTS ]; then
exit 0 exit 0
fi fi
if [ $EXPORT_FILENAME ]; then if [ "$EXPORT_FILENAME" ]; then
export_to_keepass $EXPORT_FILENAME export_to_keepass "$EXPORT_FILENAME"
exit 0 exit 0
fi fi
if [ ! $CURR_USERNAME ]; then if [ ! "$CURR_USERNAME" ]; then
echo $'Error: No username given' echo $'Error: No username given'
exit 1 exit 1
fi fi
if [ ! -d /home/$CURR_USERNAME ]; then if [ ! -d "/home/$CURR_USERNAME" ]; then
if [[ "$CURR_USERNAME" != "root" ]]; then if [[ "$CURR_USERNAME" != "root" ]]; then
echo $"Error: User $CURR_USERNAME does not exist" echo $"Error: User $CURR_USERNAME does not exist"
exit 2 exit 2
fi fi
fi fi
if [ ${REMOVE_APP} ]; then if [ "${REMOVE_APP}" ]; then
if [ -d ~/.passwords/${CURR_USERNAME}/${REMOVE_APP} ]; then if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
shred -zu ~/.passwords/${CURR_USERNAME}/${REMOVE_APP} shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
fi fi
exit 0 exit 0
fi fi
if [ ! $CURR_APP ]; then if [ ! "$CURR_APP" ]; then
echo $'Error: No app name given' echo $'Error: No app name given'
exit 3 exit 3
fi fi
if [ ${#CURR_PASSWORD} -eq 0 ]; then if [ ${#CURR_PASSWORD} -eq 0 ]; then
# retrieve password # retrieve password
if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
MASTER_PASSWORD= MASTER_PASSWORD=
echo "" echo ""
exit 4 exit 4
else else
pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP) pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP")
remove_padding "${pass}" remove_padding "${pass}"
fi fi
else else
@ -318,12 +317,12 @@ else
exit 0 exit 0
fi fi
fi fi
if [ ! -d ~/.passwords/$CURR_USERNAME ]; then if [ ! -d "${HOME}/.passwords/$CURR_USERNAME" ]; then
mkdir -p ~/.passwords/$CURR_USERNAME mkdir -p "${HOME}/.passwords/$CURR_USERNAME"
fi fi
# padding helps to ensure than nothing can be learned from the length of the cyphertext # padding helps to ensure than nothing can be learned from the length of the cyphertext
pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP"
if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
MASTER_PASSWORD= MASTER_PASSWORD=
exit 5 exit 5
fi fi

View File

@ -43,20 +43,20 @@ function pin_all_certs {
return return
fi fi
cd $WEBSITES_DIRECTORY cd $WEBSITES_DIRECTORY || exit 2468724684
for file in `dir -d *` ; do for file in $(dir -d "*") ; do
if grep -q "Public-Key-Pins" $file; then if grep -q "Public-Key-Pins" "$file"; then
DOMAIN_NAME=$file DOMAIN_NAME=$file
KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
if [ -f $KEY_FILENAME ]; then if [ -f "$KEY_FILENAME" ]; then
BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
if [ -f $BACKUP_KEY_FILENAME ]; then if [ -f "$BACKUP_KEY_FILENAME" ]; then
KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64) KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64) BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';" PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';"
sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$file"
echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH" echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
fi fi
fi fi
@ -65,7 +65,7 @@ function pin_all_certs {
done done
} }
if [[ $1 == "all" ]]; then if [[ "$1" == "all" ]]; then
pin_all_certs pin_all_certs
systemctl restart nginx systemctl restart nginx
exit 0 exit 0
@ -77,7 +77,7 @@ KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME} SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME}
if [ ! ${DOMAIN_NAME} ]; then if [ ! "${DOMAIN_NAME}" ]; then
exit 0 exit 0
fi fi
@ -86,8 +86,8 @@ if [ ! -f "$SITE_FILENAME" ]; then
fi fi
if [[ $REMOVE == "remove" ]]; then if [[ $REMOVE == "remove" ]]; then
if grep -q "Public-Key-Pins" $SITE_FILENAME; then if grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
sed -i "/Public-Key-Pins/d" $SITE_FILENAME sed -i "/Public-Key-Pins/d" "$SITE_FILENAME"
echo $"Removed pinning for ${DOMAIN_NAME}" echo $"Removed pinning for ${DOMAIN_NAME}"
systemctl restart nginx systemctl restart nginx
fi fi
@ -104,8 +104,8 @@ if [ ! -f "$BACKUP_KEY_FILENAME" ]; then
exit 2 exit 2
fi fi
KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64) KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64) BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
if [ ${#KEY_HASH} -lt 5 ]; then if [ ${#KEY_HASH} -lt 5 ]; then
echo 'Pin hash unexpectedly short' echo 'Pin hash unexpectedly short'
@ -118,15 +118,15 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
fi fi
PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';" PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then if ! grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
sed -i "/ssl_ciphers.*/a add_header ${PIN_HEADER}" $SITE_FILENAME sed -i "/ssl_ciphers.*/a add_header ${PIN_HEADER}" "$SITE_FILENAME"
else else
sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$SITE_FILENAME"
fi fi
systemctl restart nginx systemctl restart nginx
if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then if ! grep -q "add_header Public-Key-Pins" "$SITE_FILENAME"; then
echo $'Pinning failed' echo $'Pinning failed'
fi fi

View File

@ -56,23 +56,23 @@ __powerline() {
readonly WHITE_BRIGHT=15 readonly WHITE_BRIGHT=15
# Font effects # Font effects
readonly DIM="\[$(tput dim)\]" readonly DIM="\\[$(tput dim)\\]"
readonly REVERSE="\[$(tput rev)\]" readonly REVERSE="\\[$(tput rev)\\]"
readonly RESET="\[$(tput sgr0)\]" readonly RESET="\\[$(tput sgr0)\\]"
readonly BOLD="\[$(tput bold)\]" readonly BOLD="\\[$(tput bold)\\]"
# Generate terminal colour codes # Generate terminal colour codes
# $1 is an int (a colour) and $2 must be 'fg' or 'bg' # $1 is an int (a colour) and $2 must be 'fg' or 'bg'
__colour() { __colour() {
case "$2" in case "$2" in
'fg'*) 'fg'*)
echo "\[$(tput setaf "$1")\]" echo "\\[$(tput setaf "$1")\\]"
;; ;;
'bg'*) 'bg'*)
echo "\[$(tput setab "$1")\]" echo "\\[$(tput setab "$1")\\]"
;; ;;
*) *)
echo "\[$(tput setab "$1")\]" echo "\\[$(tput setab "$1")\\]"
;; ;;
esac esac
} }
@ -288,7 +288,7 @@ __powerline() {
if [ ! -z "${text+x}" ]; then if [ ! -z "${text+x}" ]; then
text+="@" text+="@"
fi fi
text+="\h" text+="\\h"
fi fi
if [ ! -z ${text+x} ]; then if [ ! -z ${text+x} ]; then

View File

@ -33,13 +33,13 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-recoverkey export TEXTDOMAIN=${PROJECT_NAME}-recoverkey
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
# include utils which allow function_check, go and drive mount # include utils which allow function_check, go and drive mount
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
FRIENDS_SERVERS_LIST= FRIENDS_SERVERS_LIST=
@ -53,7 +53,7 @@ function show_help {
exit 0 exit 0
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -78,69 +78,71 @@ do
shift shift
done done
if [ ! $MY_USERNAME ]; then if [ ! "$MY_USERNAME" ]; then
show_help show_help
fi fi
if [ ! -d /home/$MY_USERNAME ]; then if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"User $MY_USERNAME does not exist on the system" echo $"User $MY_USERNAME does not exist on the system"
exit 7270 exit 7270
fi fi
if [ ! $MY_USERNAME ]; then if [ ! "$MY_USERNAME" ]; then
echo $'No username given' echo $'No username given'
exit 3578 exit 3578
fi fi
if [ ! -d /home/$MY_USERNAME ]; then if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"User $MY_USERNAME does not exist on the system" echo $"User $MY_USERNAME does not exist on the system"
exit 7270 exit 7270
fi fi
FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments FRAGMENTS_DIR="/home/$MY_USERNAME/.gnupg_fragments"
# if no remote backup list was given then assume recover from USB # if no remote backup list was given then assume recover from USB
if [ ! $FRIENDS_SERVERS_LIST ]; then if [ ! "$FRIENDS_SERVERS_LIST" ]; then
interactive_gpg_from_usb interactive_gpg_from_usb
exit 0 exit 0
fi fi
# obtain shares/fragments from remote locations # obtain shares/fragments from remote locations
if [ $FRIENDS_SERVERS_LIST ]; then if [ "$FRIENDS_SERVERS_LIST" ]; then
# For each remote server # For each remote server
while read remote_server while read -r remote_server
do do
# Get the server and its password # Get the server and its password
# Format is: # Format is:
# username@domain:/home/username <port number> <ssh password> # username@domain:/home/username <port number> <ssh password>
REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}') REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
if [ $REMOTE_SERVER ]; then if [ "$REMOTE_SERVER" ]; then
REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}') REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $3}') REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
# create a directory if it doesn't exist # create a directory if it doesn't exist
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
mkdir -p /home/$MY_USERNAME/.gnupg_fragments mkdir -p "/home/$MY_USERNAME/.gnupg_fragments"
fi fi
echo -n $"Starting key retrieval from $REMOTE_SERVER..." echo -n $"Starting key retrieval from $REMOTE_SERVER..."
/usr/bin/sshpass -p $REMOTE_PASSWORD \ /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
scp -r -P $REMOTE_SSH_PORT $REMOTE_SERVER/.gnupg_fragments/* /home/$MY_USERNAME/.gnupg_fragments scp -r -P "$REMOTE_SSH_PORT" "$REMOTE_SERVER/.gnupg_fragments/*" "/home/$MY_USERNAME/.gnupg_fragments"
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $'FAILED' echo $'FAILED'
else else
echo $'Ok' echo $'Ok'
fi fi
fi fi
done < $FRIENDS_SERVERS_LIST done < "$FRIENDS_SERVERS_LIST"
fi fi
# was a directory created? # was a directory created?
if [ ! -d $FRAGMENTS_DIR ]; then if [ ! -d "$FRAGMENTS_DIR" ]; then
echo $'No fragments have been recovered, so the key cannot be recovered' echo $'No fragments have been recovered, so the key cannot be recovered'
exit 7483 exit 7483
fi fi
# was anything downloaded? # was anything downloaded?
cd $FRAGMENTS_DIR cd "$FRAGMENTS_DIR" || exit 24682468
# shellcheck disable=SC2012
no_of_shares=$(ls -afq keyshare.asc.* | wc -l) no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
if (( no_of_shares == 0 )); then if (( no_of_shares == 0 )); then
echo $'No key fragments were retrieved' echo $'No key fragments were retrieved'
@ -148,14 +150,14 @@ if (( no_of_shares == 0 )); then
fi fi
# set permissions on the fragments # set permissions on the fragments
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg_fragments chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg_fragments"
# decrypt the file # decrypt the file
KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
cd $FRAGMENTS_DIR cd "$FRAGMENTS_DIR" || exit 482746874624
gfcombine $KEYS_FILE.* gfcombine "$KEYS_FILE.*"
if [ ! -f $KEYS_FILE ]; then if [ ! -f "$KEYS_FILE" ]; then
echo $'Unable to decrypt key. This may mean that not enough fragments are available' echo $'Unable to decrypt key. This may mean that not enough fragments are available'
exit 6283 exit 6283
fi fi
@ -163,15 +165,14 @@ fi
echo $'Key fragments recombined' echo $'Key fragments recombined'
# import the gpg key # import the gpg key
gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
if [ ! "$?" = "0" ]; then
echo $'Unable to import gpg key' echo $'Unable to import gpg key'
shred -zu $KEYS_FILE shred -zu "$KEYS_FILE"
exit 3682 exit 3682
fi fi
shred -zu $KEYS_FILE shred -zu "$KEYS_FILE"
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
chmod -R 600 /home/$MY_USERNAME/.gnupg chmod -R 600 "/home/$MY_USERNAME/.gnupg"
echo $'GPG key was recovered' echo $'GPG key was recovered'

View File

@ -35,7 +35,7 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-remote export TEXTDOMAIN=${PROJECT_NAME}-remote
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
# User to create the list for # User to create the list for
MY_USERNAME=$USER MY_USERNAME=$USER
@ -44,7 +44,7 @@ MY_USERNAME=$USER
FRIENDS_SERVERS_LIST= FRIENDS_SERVERS_LIST=
# Minimum password length in characters # Minimum password length in characters
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
# How many remote locations were specified # How many remote locations were specified
entering_remote_backups_ctr=0 entering_remote_backups_ctr=0
@ -75,7 +75,7 @@ function show_help {
} }
# Get the commandline options # Get the commandline options
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -117,24 +117,24 @@ do
done done
function interactive_config_remote_backups { function interactive_config_remote_backups {
if [ ! $MY_USERNAME ]; then if [ ! "$MY_USERNAME" ]; then
echo $'Please specify a username with the -u option' echo $'Please specify a username with the -u option'
exit 7356 exit 7356
fi fi
if [ ! /home/$MY_USERNAME ]; then if [ ! -d "/home/$MY_USERNAME" ]; then
echo $"The user /home/$MY_USERNAME does not exist on the system" echo $"The user /home/$MY_USERNAME does not exist on the system"
exit 3689 exit 3689
fi fi
if [ ! $FRIENDS_SERVERS_LIST ]; then if [ ! "$FRIENDS_SERVERS_LIST" ]; then
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
fi fi
# clear any existing list # clear any existing list
if [ -f $FRIENDS_SERVERS_LIST ]; then if [ -f "$FRIENDS_SERVERS_LIST" ]; then
rm -f $FRIENDS_SERVERS_LIST rm -f "$FRIENDS_SERVERS_LIST"
touch $FRIENDS_SERVERS_LIST touch "$FRIENDS_SERVERS_LIST"
fi fi
# number of entries made # number of entries made
entering_remote_backups_ctr=1 entering_remote_backups_ctr=1
@ -148,57 +148,57 @@ function interactive_config_remote_backups {
remote_ssh_reciprocal_password="" remote_ssh_reciprocal_password=""
while [[ $entering_remote_backups_done == "no" ]] while [[ $entering_remote_backups_done == "no" ]]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $RECIPROCAL == "yes" ]]; then if [[ $RECIPROCAL == "yes" ]]; then
dialog --backtitle "Freedombone Configuration" \ dialog --backtitle "Freedombone Configuration" \
--title "$TITLE ${entering_remote_backups_ctr}" \ --title "$TITLE ${entering_remote_backups_ctr}" \
--form "\nPlease specify the SSH login details for the remote server\n\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \ --form "\\nPlease specify the SSH login details for the remote server\\n\\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
"Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \ "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
"Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \ "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
"SSH port:" 3 1 "2222" 3 23 5 4 \ "SSH port:" 3 1 "2222" 3 23 5 4 \
"Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \ "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
"Reciprocal Username:" 5 1 "$remote_ssh_reciprocal_username" 5 23 20 100 \ "Reciprocal Username:" 5 1 "$remote_ssh_reciprocal_username" 5 23 20 100 \
"Reciprocal Password:" 6 1 "$remote_ssh_reciprocal_password" 6 23 20 100 \ "Reciprocal Password:" 6 1 "$remote_ssh_reciprocal_password" 6 23 20 100 \
2> $data 2> "$data"
else else
dialog --backtitle "Freedombone Configuration" \ dialog --backtitle "Freedombone Configuration" \
--title "$TITLE ${entering_remote_backups_ctr}" \ --title "$TITLE ${entering_remote_backups_ctr}" \
--form "\nPlease specify the SSH login details for the remote server" 15 50 4 \ --form "\\nPlease specify the SSH login details for the remote server" 15 50 4 \
"Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \ "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
"Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \ "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
"SSH port:" 3 1 "2222" 3 23 5 4 \ "SSH port:" 3 1 "2222" 3 23 5 4 \
"Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \ "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
2> $data 2> "$data"
fi fi
sel=$? sel=$?
case $sel in case $sel in
1) entering_remote_backups_done="yes";; 1) entering_remote_backups_done="yes";;
255) entering_remote_backups_done="yes";; 255) entering_remote_backups_done="yes";;
esac esac
remote_ssh_username=$(cat $data | sed -n 1p) remote_ssh_username=$(sed -n 1p < "$data")
remote_ssh_domain=$(cat $data | sed -n 2p) remote_ssh_domain=$(sed -n 2p < "$data")
remote_ssh_port=$(cat $data | sed -n 3p) remote_ssh_port=$(sed -n 3p < "$data")
remote_ssh_password=$(cat $data | sed -n 4p) remote_ssh_password=$(sed -n 4p < "$data")
remote_ssh_reciprocal_username=$(cat $data | sed -n 5p) remote_ssh_reciprocal_username=$(sed -n 5p < "$data")
remote_ssh_reciprocal_password=$(cat $data | sed -n 6p) remote_ssh_reciprocal_password=$(sed -n 6p < "$data")
rm -f "$data"
if [[ $remote_ssh_username != "" && \ if [[ $remote_ssh_username != "" && \
$remote_ssh_domain != "" && \ $remote_ssh_domain != "" && \
$remote_ssh_port != "" && \ $remote_ssh_port != "" && \
$remote_ssh_password != "" ]]; then $remote_ssh_password != "" ]]; then
if [ ${#remote_ssh_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then if [ ${#remote_ssh_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
dialog --title "Password quality check" --msgbox "The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40 dialog --title "Password quality check" --msgbox "The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
else else
if [[ $RECIPROCAL == "yes" ]]; then if [[ $RECIPROCAL == "yes" ]]; then
if [[ $remote_ssh_reciprocal_username != "" && \ if [[ $remote_ssh_reciprocal_username != "" && \
$remote_ssh_reciprocal_password != "" ]]; then $remote_ssh_reciprocal_password != "" ]]; then
if [ ${#remote_ssh_reciprocal_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then if [ ${#remote_ssh_reciprocal_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
dialog --title "Password quality check" --msgbox "The reciprocal password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40 dialog --title "Password quality check" --msgbox "The reciprocal password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
else else
echo ${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash | newusers echo "${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash" | newusers
echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
remote_ssh_username="" remote_ssh_username=""
remote_ssh_domain="" remote_ssh_domain=""
remote_ssh_port="" remote_ssh_port=""
@ -208,7 +208,7 @@ function interactive_config_remote_backups {
entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1)) entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
fi fi
else else
echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
remote_ssh_username="" remote_ssh_username=""
remote_ssh_domain="" remote_ssh_domain=""
remote_ssh_port="" remote_ssh_port=""
@ -218,7 +218,7 @@ function interactive_config_remote_backups {
entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1)) entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
fi fi
else else
echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
remote_ssh_username="" remote_ssh_username=""
remote_ssh_domain="" remote_ssh_domain=""
remote_ssh_port="" remote_ssh_port=""
@ -231,18 +231,18 @@ function interactive_config_remote_backups {
entering_remote_backups_done="yes" entering_remote_backups_done="yes"
fi fi
done done
if [ -f $FRIENDS_SERVERS_LIST ]; then if [ -f "$FRIENDS_SERVERS_LIST" ]; then
chown $MY_USERNAME:$MY_USERNAME $FRIENDS_SERVERS_LIST chown "$MY_USERNAME":"$MY_USERNAME" "$FRIENDS_SERVERS_LIST"
fi fi
} }
function show_result { function show_result {
clear clear
if (( $entering_remote_backups_ctr < 2 )); then if (( "$entering_remote_backups_ctr" < 2 )); then
echo $'No remote backup locations were specified' echo $'No remote backup locations were specified'
exit 0 exit 0
fi fi
if [ ! -f $FRIENDS_SERVERS_LIST ]; then if [ ! -f "$FRIENDS_SERVERS_LIST" ]; then
echo $"No remote backups list found: $FRIENDS_SERVERS_LIST" echo $"No remote backups list found: $FRIENDS_SERVERS_LIST"
exit 7358 exit 7358
fi fi
@ -251,11 +251,11 @@ function show_result {
echo '' echo ''
echo $'Contents:' echo $'Contents:'
echo '' echo ''
cat $FRIENDS_SERVERS_LIST cat "$FRIENDS_SERVERS_LIST"
echo '' echo ''
} }
if [ ! $FRIENDS_SERVERS_LIST ]; then if [ ! "$FRIENDS_SERVERS_LIST" ]; then
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
fi fi

View File

@ -59,8 +59,7 @@ function renew_letsencrypt {
echo $"Renewing Let's Encrypt certificate" echo $"Renewing Let's Encrypt certificate"
fi fi
${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH if ! ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH; then
if [ ! "$?" = "0" ]; then
echo $"Unable to add Let's encrypt certificate" echo $"Unable to add Let's encrypt certificate"
exit 6328 exit 6328
fi fi
@ -172,7 +171,7 @@ function renew_startssl {
${PROJECT_NAME}-pin-cert $HOSTNAME remove ${PROJECT_NAME}-pin-cert $HOSTNAME remove
} }
while [[ $# > 1 ]] while [ $# -gt 1 ]
do do
key="$1" key="$1"
@ -195,7 +194,7 @@ esac
shift shift
done done
if [ ! $HOSTNAME ]; then if [ ! "$HOSTNAME" ]; then
echo $'No hostname specified' echo $'No hostname specified'
exit 5748 exit 5748
fi fi
@ -206,7 +205,7 @@ if ! which openssl > /dev/null ;then
fi fi
# check that the web site exists # check that the web site exists
if [ ! -f /etc/nginx/sites-available/$HOSTNAME ]; then if [ ! -f "/etc/nginx/sites-available/$HOSTNAME" ]; then
echo $"/etc/nginx/sites-available/$HOSTNAME does not exist" echo $"/etc/nginx/sites-available/$HOSTNAME does not exist"
exit 7598 exit 7598
fi fi

View File

@ -29,16 +29,16 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone' PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
export TEXTDOMAIN=${PROJECT_NAME}-repair-databases export TEXTDOMAIN=${PROJECT_NAME}-repair-databases
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
# The database to be repaired # The database to be repaired
DATABASE=$1 DATABASE="$1"
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME} ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
# Frequency - daily/weekly # Frequency - daily/weekly
@ -62,36 +62,36 @@ TEMPFILE=/root/repair-database-$DATABASE
umask 0077 umask 0077
if [ $2 ]; then if [ "$2" ]; then
BACKUP_TYPE=$2 BACKUP_TYPE="$2"
fi fi
# check the database # check the database
mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
# Attempt to repair the database if it contains errors # Attempt to repair the database if it contains errors
if grep -q "Error" "$TEMPFILE"; then if grep -q "Error" "$TEMPFILE"; then
mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair $DATABASE mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair "$DATABASE"
else else
# No errors were found, so exit # No errors were found, so exit
rm -f $TEMPFILE rm -f "$TEMPFILE"
exit 0 exit 0
fi fi
rm -f $TEMPFILE rm -f "$TEMPFILE"
# Check the database again # Check the database again
mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
# If it still contains errors then restore from backup # If it still contains errors then restore from backup
if grep -q "Error" "$TEMPFILE"; then if grep -q "Error" "$TEMPFILE"; then
mysql -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE -o < /var/backups/${DATABASE}_${BACKUP_TYPE}.sql mysql -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" -o < "/var/backups/${DATABASE}_${BACKUP_TYPE}.sql"
# Send a warning email # Send a warning email
echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" $ADMIN_EMAIL_ADDRESS echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" "$ADMIN_EMAIL_ADDRESS"
rm -f $TEMPFILE rm -f "$TEMPFILE"
exit 1 exit 1
fi fi
rm -f $TEMPFILE rm -f "$TEMPFILE"
exit 0 exit 0

View File

@ -31,7 +31,7 @@
PROJECT_NAME='freedombone' PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
MONGODB_APPS_FILE=$HOME/.mongodbapps MONGODB_APPS_FILE=$HOME/.mongodbapps
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
# whether to restore everything or just a specific application # whether to restore everything or just a specific application
@ -67,10 +67,10 @@ please_wait
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
# include utils which allow function_check, go and drive mount # include utils which allow function_check, go and drive mount
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
clear clear
@ -83,7 +83,7 @@ ADMIN_NAME=
read_config_param USB_DRIVE read_config_param USB_DRIVE
if [ -f $COMPLETION_FILE ]; then if [ -f "$COMPLETION_FILE" ]; then
ADMIN_USERNAME=$(get_completion_param "Admin user") ADMIN_USERNAME=$(get_completion_param "Admin user")
fi fi
@ -98,7 +98,7 @@ function check_backup_exists {
function check_admin_user { function check_admin_user {
echo $"Checking that admin user exists" echo $"Checking that admin user exists"
if [ ! -d /home/$ADMIN_USERNAME ]; then if [ ! -d "/home/$ADMIN_USERNAME" ]; then
echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username." echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -108,7 +108,7 @@ function check_admin_user {
function copy_gpg_keys { function copy_gpg_keys {
echo $"Copying GPG keys from admin user to root" echo $"Copying GPG keys from admin user to root"
cp -r /home/$ADMIN_USERNAME/.gnupg /root cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
gpg_set_permissions root gpg_set_permissions root
} }
@ -185,12 +185,11 @@ function restore_configfiles {
# fi # fi
#fi #fi
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
rm -rf $temp_restore_dir rm -rf "$temp_restore_dir"
exit 859034853 exit 859034853
fi fi
fi fi
@ -210,12 +209,11 @@ function restore_configfiles {
# fi # fi
#fi #fi
if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES} if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
rm -rf $temp_restore_dir rm -rf "$temp_restore_dir"
exit 62121 exit 62121
fi fi
fi fi
@ -274,6 +272,7 @@ function restore_mariadb {
else else
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql) mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup" echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb) db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@ -283,6 +282,7 @@ function restore_mariadb {
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql) mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess" echo "$mysqlsuccess"
set_user_permissions set_user_permissions
@ -292,9 +292,9 @@ function restore_mariadb {
echo $"Restarting database" echo $"Restarting database"
systemctl restart mariadb systemctl restart mariadb
echo $"Ensure MariaDB handles authentication" echo $"Ensure MariaDB handles authentication"
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
mariadb_fix_authentication mariadb_fix_authentication
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -328,6 +328,7 @@ function restore_postgresql {
else else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql) mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup" echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql) db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
@ -337,6 +338,7 @@ function restore_postgresql {
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql) mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess" echo "$mysqlsuccess"
set_user_permissions set_user_permissions
@ -346,8 +348,8 @@ function restore_postgresql {
echo $"Restarting database" echo $"Restarting database"
systemctl restart postgresql systemctl restart postgresql
echo $"Ensure postgresql handles authentication" echo $"Ensure postgresql handles authentication"
POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql) POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql) DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
@ -411,30 +413,30 @@ function restore_mutt_settings {
fi fi
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Mutt configurations for $USERNAME" echo $"Restoring Mutt configurations for $USERNAME"
restore_directory_from_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
echo $"Restoring Mutt settings for $USERNAME" echo $"Restoring Mutt settings for $USERNAME"
temp_restore_dir=/root/tempmutt temp_restore_dir=/root/tempmutt
restore_directory_from_usb $temp_restore_dir mutt/$USERNAME restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
fi fi
if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc sed -i '/set sidebar_sort/d' /etc/Muttrc
fi fi
else else
if [ -f $temp_restore_dir/.muttrc ]; then if [ -f $temp_restore_dir/.muttrc ]; then
cp -f $temp_restore_dir/.muttrc /home/$USERNAME/.muttrc cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
fi fi
if [ -f $temp_restore_dir/Muttrc ]; then if [ -f $temp_restore_dir/Muttrc ]; then
cp -f $temp_restore_dir/Muttrc /etc/Muttrc cp -f $temp_restore_dir/Muttrc /etc/Muttrc
@ -442,6 +444,7 @@ function restore_mutt_settings {
sed -i '/set sidebar_sort/d' /etc/Muttrc sed -i '/set sidebar_sort/d' /etc/Muttrc
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -463,20 +466,21 @@ function restore_gpg {
for d in $USB_MOUNT/backup/gnupg/*/ ; do for d in $USB_MOUNT/backup/gnupg/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring gnupg settings for $USERNAME" echo $"Restoring gnupg settings for $USERNAME"
temp_restore_dir=/root/tempgnupg temp_restore_dir=/root/tempgnupg
restore_directory_from_usb $temp_restore_dir gnupg/$USERNAME restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.gnupg ]; then if [ ! -d "/home/$USERNAME/.gnupg" ]; then
mkdir /home/$USERNAME/.gnupg mkdir "/home/$USERNAME/.gnupg"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/ cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -484,10 +488,9 @@ function restore_gpg {
exit 276 exit 276
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
gpg_set_permissions $USERNAME gpg_set_permissions "$USERNAME"
if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
cp -r /home/$USERNAME/.gnupg /root if ! cp -r "/home/$USERNAME/.gnupg" /root; then
if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
exit 283 exit 283
@ -509,18 +512,19 @@ function restore_procmail {
for d in $USB_MOUNT/backup/procmail/*/ ; do for d in $USB_MOUNT/backup/procmail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring procmail settings for $USERNAME" echo $"Restoring procmail settings for $USERNAME"
temp_restore_dir=/root/tempprocmail temp_restore_dir=/root/tempprocmail
restore_directory_from_usb $temp_restore_dir procmail/$USERNAME restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
if [ -d $temp_restore_dir ]; then if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/ cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
else else
cp -f $temp_restore_dir/.procmailrc /home/$USERNAME/.procmailrc cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -544,21 +548,22 @@ function restore_spamassassin {
for d in $USB_MOUNT/backup/spamassassin/*/ ; do for d in $USB_MOUNT/backup/spamassassin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring spamassassin settings for $USERNAME" echo $"Restoring spamassassin settings for $USERNAME"
temp_restore_dir=/root/tempspamassassin temp_restore_dir=/root/tempspamassassin
restore_directory_from_usb $temp_restore_dir spamassassin/$USERNAME restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME ]; then if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/ cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.spamassassin ]; then if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
mkdir /home/$USERNAME/.spamassassin mkdir "/home/$USERNAME/.spamassassin"
fi fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/ cp -rf "$temp_restore_dir/*" "/home/$USERNAME/.spamassassin/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -583,19 +588,20 @@ function restore_admin_readme {
# Make a backup of the original README file # Make a backup of the original README file
# incase old passwords need to be used # incase old passwords need to be used
if [ -f /home/$ADMIN_USERNAME/README ]; then if [ -f "/home/$ADMIN_USERNAME/README" ]; then
if [ ! -f /home/$ADMIN_USERNAME/README_original ]; then if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
cp /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/README_original cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
fi fi
fi fi
temp_restore_dir=/root/tempreadme temp_restore_dir=/root/tempreadme
restore_directory_from_usb $temp_restore_dir readme restore_directory_from_usb $temp_restore_dir readme
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/ cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
else else
cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -616,20 +622,21 @@ function restore_user_ssh_keys {
for d in $USB_MOUNT/backup/ssh/*/ ; do for d in $USB_MOUNT/backup/ssh/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring ssh keys for $USERNAME" echo $"Restoring ssh keys for $USERNAME"
temp_restore_dir=/root/tempssh temp_restore_dir=/root/tempssh
restore_directory_from_usb $temp_restore_dir ssh/$USERNAME restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.ssh ]; then if [ ! -d "/home/$USERNAME/.ssh" ]; then
mkdir /home/$USERNAME/.ssh mkdir "/home/$USERNAME/.ssh"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/.ssh/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -652,20 +659,21 @@ function restore_user_config {
for d in $USB_MOUNT/backup/config/*/ ; do for d in $USB_MOUNT/backup/config/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring config files for $USERNAME" echo $"Restoring config files for $USERNAME"
temp_restore_dir=/root/tempconfig temp_restore_dir=/root/tempconfig
restore_directory_from_usb $temp_restore_dir config/$USERNAME restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.config ]; then if [ ! -d "/home/$USERNAME/.config" ]; then
mkdir /home/$USERNAME/.config mkdir "/home/$USERNAME/.config"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/ cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -688,20 +696,21 @@ function restore_user_monkeysphere {
for d in $USB_MOUNT/backup/monkeysphere/*/ ; do for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring monkeysphere ids for $USERNAME" echo $"Restoring monkeysphere ids for $USERNAME"
temp_restore_dir=/root/tempmonkeysphere temp_restore_dir=/root/tempmonkeysphere
restore_directory_from_usb $temp_restore_dir monkeysphere/$USERNAME restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
mkdir /home/$USERNAME/.monkeysphere mkdir "/home/$USERNAME/.monkeysphere"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -716,8 +725,8 @@ function restore_user_monkeysphere {
MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}" MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
read_config_param MY_EMAIL_ADDRESS read_config_param MY_EMAIL_ADDRESS
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS") MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}') fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr monkeysphere-authentication add-identity-certifier "$fpr"
monkeysphere-authentication update-users monkeysphere-authentication update-users
fi fi
} }
@ -732,20 +741,21 @@ function restore_user_fin {
for d in $USB_MOUNT/backup/fin/*/ ; do for d in $USB_MOUNT/backup/fin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring fin files for $USERNAME" echo $"Restoring fin files for $USERNAME"
temp_restore_dir=/root/tempfin temp_restore_dir=/root/tempfin
restore_directory_from_usb $temp_restore_dir fin/$USERNAME restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.fin ]; then if [ ! -d "/home/$USERNAME/.fin" ]; then
mkdir /home/$USERNAME/.fin mkdir "/home/$USERNAME/.fin"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/.fin/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -768,20 +778,21 @@ function restore_user_local {
for d in $USB_MOUNT/backup/local/*/ ; do for d in $USB_MOUNT/backup/local/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring local files for $USERNAME" echo $"Restoring local files for $USERNAME"
temp_restore_dir=/root/templocal temp_restore_dir=/root/templocal
restore_directory_from_usb $temp_restore_dir local/$USERNAME restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.local ]; then if [ ! -d "/home/$USERNAME/.local" ]; then
mkdir /home/$USERNAME/.local mkdir "/home/$USERNAME/.local"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/ cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
set_user_permissions set_user_permissions
@ -809,6 +820,7 @@ function restore_certs {
else else
cp -r /root/tempssl/* /etc/ssl/ cp -r /root/tempssl/* /etc/ssl/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -853,24 +865,25 @@ function restore_personal_settings {
for d in $USB_MOUNT/backup/personal/*/ ; do for d in $USB_MOUNT/backup/personal/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring personal settings for $USERNAME" echo $"Restoring personal settings for $USERNAME"
temp_restore_dir=/root/temppersonal temp_restore_dir=/root/temppersonal
restore_directory_from_usb $temp_restore_dir personal/$USERNAME restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
if [ -d /home/$USERNAME/personal ]; then if [ -d "/home/$USERNAME/personal" ]; then
rm -rf /home/$USERNAME/personal rm -rf "/home/$USERNAME/personal"
fi fi
if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
else else
if [ ! -d /home/$USERNAME/personal ]; then if [ ! -d "/home/$USERNAME/personal" ]; then
mkdir /home/$USERNAME/personal mkdir "/home/$USERNAME/personal"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/ cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -898,6 +911,7 @@ function restore_mailing_list {
else else
cp -r $temp_restore_dir/* /var/spool/mlmmj/ cp -r $temp_restore_dir/* /var/spool/mlmmj/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -917,20 +931,21 @@ function restore_email {
for d in $USB_MOUNT/backup/mail/*/ ; do for d in $USB_MOUNT/backup/mail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring emails for $USERNAME" echo $"Restoring emails for $USERNAME"
temp_restore_dir=/root/tempmail temp_restore_dir=/root/tempmail
restore_directory_from_usb $temp_restore_dir mail/$USERNAME restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
if [ ! -d /home/$USERNAME/Maildir ]; then if [ ! -d "/home/$USERNAME/Maildir" ]; then
mkdir /home/$USERNAME/Maildir mkdir "/home/$USERNAME/Maildir"
fi fi
if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C / tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
else else
tar -xzvf $temp_restore_dir/maildir.tar.gz -C / tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -943,16 +958,16 @@ function restore_email {
} }
function get_restore_app { function get_restore_app {
if [ ${1} ]; then if [ "${1}" ]; then
if [ ! -d /home/${1} ]; then if [ ! -d "/home/${1}" ]; then
RESTORE_APP=${1} RESTORE_APP="${1}"
echo $"Restore $RESTORE_APP" echo $"Restore $RESTORE_APP"
fi fi
fi fi
} }
get_restore_app ${2} get_restore_app "${2}"
backup_mount_drive ${1} ${ADMIN_USERNAME} ${2} backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
check_backup_exists check_backup_exists
check_admin_user check_admin_user
copy_gpg_keys copy_gpg_keys
@ -979,7 +994,7 @@ restore_certs
restore_personal_settings restore_personal_settings
restore_mailing_list restore_mailing_list
restore_email restore_email
restore_apps local $RESTORE_APP restore_apps local "$RESTORE_APP"
set_user_permissions set_user_permissions
update_default_domain update_default_domain
backup_unmount_drive backup_unmount_drive

View File

@ -37,19 +37,19 @@ BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
export TEXTDOMAIN=${PROJECT_NAME}-restore-remote export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES for f in $UTILS_FILES
do do
source $f source "$f"
done done
SERVER_NAME=$1 SERVER_NAME="$1"
# whether to restore everything or just a specific application # whether to restore everything or just a specific application
RESTORE_APP='all' RESTORE_APP='all'
if [ ${2} ]; then if [ "${2}" ]; then
RESTORE_APP=${2} RESTORE_APP="${2}"
fi fi
ADMIN_USERNAME=$(get_completion_param "Admin user") ADMIN_USERNAME=$(get_completion_param "Admin user")
@ -60,46 +60,45 @@ SERVER_DIRECTORY=/root/remoterestore
BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
if [ ! $SERVER_NAME ]; then if [ ! "$SERVER_NAME" ]; then
echo $'restorefromfriend [server]' echo $'restorefromfriend [server]'
exit 1 exit 1
fi fi
if [ ! -f $BACKUP_LIST ]; then if [ ! -f "$BACKUP_LIST" ]; then
echo $"No friends list found at $BACKUP_LIST" echo $"No friends list found at $BACKUP_LIST"
exit 2 exit 2
fi fi
if ! grep -q "$SERVER_NAME" $BACKUP_LIST; then if ! grep -q "$SERVER_NAME" "$BACKUP_LIST"; then
echo $"Server not found within the friends list" echo $"Server not found within the friends list"
exit 3 exit 3
fi fi
REMOTE_SERVER=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $1}') REMOTE_SERVER=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $1}')
REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $2}') REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $2}')
REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $3}') REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $3}')
REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $4}') REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $4}')
REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
NOW=$(date +"%Y-%m-%d %H:%M:%S") NOW=$(date +"%Y-%m-%d %H:%M:%S")
echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $REMOTE_SERVER/backup $SERVER_DIRECTORY if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$REMOTE_SERVER/backup" "$SERVER_DIRECTORY"; then
if [ ! "$?" = "0" ]; then
echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
# Send a warning email # Send a warning email
echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" $ADMIN_EMAIL_ADDRESS echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" "$ADMIN_EMAIL_ADDRESS"
exit 790 exit 790
else else
echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
fi fi
# MariaDB password # MariaDB password
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
function copy_gpg_keys { function copy_gpg_keys {
echo $"Copying GPG keys from admin user to root" echo $"Copying GPG keys from admin user to root"
cp -r /home/$ADMIN_USERNAME/.gnupg /root cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
gpg_set_permissions root gpg_set_permissions root
} }
@ -110,7 +109,7 @@ function restore_blocklist {
fi fi
fi fi
if [ -d $USB_MOUNT/backup/blocklist ]; then if [ -d "$USB_MOUNT/backup/blocklist" ]; then
echo $"Restoring blocklist" echo $"Restoring blocklist"
temp_restore_dir=/root/tempblocklist temp_restore_dir=/root/tempblocklist
restore_directory_from_friend $temp_restore_dir blocklist restore_directory_from_friend $temp_restore_dir blocklist
@ -173,9 +172,8 @@ function restore_configfiles {
# fi # fi
#fi #fi
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
if [ ! "$?" = "0" ]; then
unmount_drive unmount_drive
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 7835335 exit 7835335
@ -196,9 +194,8 @@ function restore_configfiles {
# fi # fi
#fi #fi
if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES} if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
if [ ! "$?" = "0" ]; then
unmount_drive unmount_drive
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 62121 exit 62121
@ -242,6 +239,7 @@ function restore_mariadb {
else else
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql) mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup" echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb) db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@ -251,6 +249,7 @@ function restore_mariadb {
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql) mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess" echo "$mysqlsuccess"
exit 962 exit 962
@ -258,7 +257,7 @@ function restore_mariadb {
echo $"Restarting database" echo $"Restarting database"
systemctl restart mariadb systemctl restart mariadb
echo $"Ensure MariaDB handles authentication" echo $"Ensure MariaDB handles authentication"
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
mariadb_fix_authentication mariadb_fix_authentication
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
@ -293,15 +292,17 @@ function restore_postgresql {
else else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql) mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup" echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql) db_pass=$("${PROJECT_NAME}-pass" -u root -a postgresql)
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql) mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
else else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql) mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess" echo "$mysqlsuccess"
exit 962 exit 962
@ -309,7 +310,7 @@ function restore_postgresql {
echo $"Restarting database" echo $"Restarting database"
systemctl restart postgresql systemctl restart postgresql
echo $"Ensure postgresql handles authentication" echo $"Ensure postgresql handles authentication"
POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql) POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
fi fi
@ -367,31 +368,31 @@ function restore_mutt_settings {
fi fi
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/mutt/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring Mutt configurations for $USERNAME" echo $"Restoring Mutt configurations for $USERNAME"
restore_directory_from_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs restore_directory_from_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
echo $"Restoring Mutt settings for $USERNAME" echo $"Restoring Mutt settings for $USERNAME"
temp_restore_dir=/root/tempmutt temp_restore_dir=/root/tempmutt
restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME restore_directory_from_friend ${temp_restore_dir} "mutt/$USERNAME"
if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
fi fi
if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc sed -i '/set sidebar_sort/d' /etc/Muttrc
fi fi
else else
if [ -f ${temp_restore_dir}/.muttrc ]; then if [ -f ${temp_restore_dir}/.muttrc ]; then
cp -f ${temp_restore_dir}/.muttrc /home/$USERNAME/.muttrc cp -f "${temp_restore_dir}/.muttrc" "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
fi fi
if [ -f ${temp_restore_dir}/Muttrc ]; then if [ -f ${temp_restore_dir}/Muttrc ]; then
cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
@ -399,6 +400,7 @@ function restore_mutt_settings {
sed -i '/set sidebar_sort/d' /etc/Muttrc sed -i '/set sidebar_sort/d' /etc/Muttrc
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
exit 276 exit 276
@ -417,29 +419,29 @@ function restore_gpg {
for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/gnupg/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring gnupg settings for $USERNAME" echo $"Restoring gnupg settings for $USERNAME"
temp_restore_dir=/root/tempgnupg temp_restore_dir=/root/tempgnupg
restore_directory_from_friend ${temp_restore_dir} gnupg/$USERNAME restore_directory_from_friend ${temp_restore_dir} "gnupg/$USERNAME"
if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then if [ -d "${temp_restore_dir}/home/$USERNAME/.gnupg" ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/ cp -r "${temp_restore_dir}/home/$USERNAME/.gnupg" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.gnupg ]; then if [ ! -d "/home/$USERNAME/.gnupg" ]; then
mkdir /home/$USERNAME/.gnupg mkdir "/home/$USERNAME/.gnupg"
fi fi
cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/.gnupg/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
exit 276 exit 276
fi fi
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
cp -r /home/$USERNAME/.gnupg /root if ! cp -r "/home/$USERNAME/.gnupg" /root; then
if [ ! "$?" = "0" ]; then
exit 283 exit 283
fi fi
gpg_set_permissions root gpg_set_permissions root
@ -458,18 +460,19 @@ function restore_procmail {
for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/procmail/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring procmail settings for $USERNAME" echo $"Restoring procmail settings for $USERNAME"
temp_restore_dir=/root/tempprocmail temp_restore_dir=/root/tempprocmail
restore_directory_from_friend ${temp_restore_dir} procmail/$USERNAME restore_directory_from_friend ${temp_restore_dir} "procmail/$USERNAME"
if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/ cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
else else
cp -f ${temp_restore_dir}/.procmailrc /home/$USERNAME/.procmailrc cp -f "${temp_restore_dir}/.procmailrc" "/home/$USERNAME/.procmailrc"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
exit 276 exit 276
@ -489,21 +492,22 @@ function restore_spamassassin {
for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/spamassassin/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring spamassassin settings for $USERNAME" echo $"Restoring spamassassin settings for $USERNAME"
temp_restore_dir=/root/tempspamassassin temp_restore_dir=/root/tempspamassassin
restore_directory_from_friend $temp_restore_dir spamassassin/$USERNAME restore_directory_from_friend $temp_restore_dir "spamassassin/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME ]; then if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/ cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.spamassassin ]; then if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
mkdir /home/$USERNAME/.spamassassin mkdir "/home/$USERNAME/.spamassassin"
fi fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/ cp -rf $temp_restore_dir/* "/home/$USERNAME/.spamassassin/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 276 exit 276
@ -524,11 +528,12 @@ function restore_admin_readme {
echo $"Restoring README" echo $"Restoring README"
temp_restore_dir=/root/tempreadme temp_restore_dir=/root/tempreadme
restore_directory_from_friend $temp_restore_dir readme restore_directory_from_friend $temp_restore_dir readme
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/ cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
else else
cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 276 exit 276
@ -546,21 +551,22 @@ function restore_ssh_keys {
for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/ssh/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring ssh keys for $USERNAME" echo $"Restoring ssh keys for $USERNAME"
temp_restore_dir=/root/tempssh temp_restore_dir=/root/tempssh
restore_directory_from_friend $temp_restore_dir ssh/$USERNAME restore_directory_from_friend $temp_restore_dir "ssh/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.ssh ]; then if [ ! -d "/home/$USERNAME/.ssh" ]; then
mkdir /home/$USERNAME/.ssh mkdir "/home/$USERNAME/.ssh"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/ cp -r $temp_restore_dir/* "/home/$USERNAME/.ssh/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 664 exit 664
@ -580,21 +586,22 @@ function restore_user_config {
for d in $SERVER_DIRECTORY/backup/config/*/ ; do for d in $SERVER_DIRECTORY/backup/config/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/config/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring config files for $USERNAME" echo $"Restoring config files for $USERNAME"
temp_restore_dir=/root/tempconfig temp_restore_dir=/root/tempconfig
restore_directory_from_friend $temp_restore_dir config/$USERNAME restore_directory_from_friend $temp_restore_dir "config/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME ]; then if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.config ]; then if [ ! -d "/home/$USERNAME/.config" ]; then
mkdir /home/$USERNAME/.config mkdir "/home/$USERNAME/.config"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/.config/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 664 exit 664
@ -614,21 +621,22 @@ function restore_user_monkeysphere {
for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/monkeysphere/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring monkeysphere ids for $USERNAME" echo $"Restoring monkeysphere ids for $USERNAME"
temp_restore_dir=/root/tempmonkeysphere temp_restore_dir=/root/tempmonkeysphere
restore_directory_from_friend $temp_restore_dir monkeysphere/$USERNAME restore_directory_from_friend $temp_restore_dir "monkeysphere/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
mkdir /home/$USERNAME/.monkeysphere mkdir "/home/$USERNAME/.monkeysphere"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/ cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 664 exit 664
@ -641,8 +649,8 @@ function restore_user_monkeysphere {
MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}" MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
read_config_param MY_EMAIL_ADDRESS read_config_param MY_EMAIL_ADDRESS
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS") MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}') fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr monkeysphere-authentication add-identity-certifier "$fpr"
monkeysphere-authentication update-users monkeysphere-authentication update-users
done done
} }
@ -656,21 +664,22 @@ function restore_user_fin {
for d in $SERVER_DIRECTORY/backup/fin/*/ ; do for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/fin/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring fin files for $USERNAME" echo $"Restoring fin files for $USERNAME"
temp_restore_dir=/root/tempfin temp_restore_dir=/root/tempfin
restore_directory_from_friend $temp_restore_dir fin/$USERNAME restore_directory_from_friend $temp_restore_dir "fin/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.fin ]; then if [ ! -d "/home/$USERNAME/.fin" ]; then
mkdir /home/$USERNAME/.fin mkdir "/home/$USERNAME/.fin"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/ cp -r $temp_restore_dir/* "/home/$USERNAME/.fin/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 664 exit 664
@ -690,21 +699,22 @@ function restore_user_local {
for d in $SERVER_DIRECTORY/backup/local/*/ ; do for d in $SERVER_DIRECTORY/backup/local/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/local/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring local files for $USERNAME" echo $"Restoring local files for $USERNAME"
temp_restore_dir=/root/templocal temp_restore_dir=/root/templocal
restore_directory_from_friend $temp_restore_dir local/$USERNAME restore_directory_from_friend $temp_restore_dir "local/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/.local ]; then if [ ! -d "/home/$USERNAME/.local" ]; then
mkdir /home/$USERNAME/.local mkdir "/home/$USERNAME/.local"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/ cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
exit 664 exit 664
@ -729,6 +739,7 @@ function restore_certs {
else else
cp -r /root/tempssl/* /etc/ssl/ cp -r /root/tempssl/* /etc/ssl/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 276 exit 276
fi fi
@ -770,24 +781,25 @@ function restore_personal_settings {
for d in $SERVER_DIRECTORY/backup/personal/*/ ; do for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/personal/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring personal settings for $USERNAME" echo $"Restoring personal settings for $USERNAME"
temp_restore_dir=/root/temppersonal temp_restore_dir=/root/temppersonal
restore_directory_from_friend $temp_restore_dir personal/$USERNAME restore_directory_from_friend $temp_restore_dir "personal/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
if [ -d /home/$USERNAME/personal ]; then if [ -d "/home/$USERNAME/personal" ]; then
rm -rf /home/$USERNAME/personal rm -rf "/home/$USERNAME/personal"
fi fi
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
else else
if [ ! -d /home/$USERNAME/personal ]; then if [ ! -d "/home/$USERNAME/personal" ]; then
mkdir /home/$USERNAME/personal mkdir "/home/$USERNAME/personal"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/ cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 18437643 exit 18437643
fi fi
@ -812,6 +824,7 @@ function restore_mailing_list {
else else
cp -r $temp_restore_dir/* /var/spool/mlmmj/ cp -r $temp_restore_dir/* /var/spool/mlmmj/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 526 exit 526
fi fi
@ -828,21 +841,22 @@ function restore_email {
for d in $SERVER_DIRECTORY/backup/mail/*/ ; do for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then if [ -d "$SERVER_DIRECTORY/backup/mail/$USERNAME" ]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME ${PROJECT_NAME}-adduser "$USERNAME"
fi fi
echo $"Restoring emails for $USERNAME" echo $"Restoring emails for $USERNAME"
temp_restore_dir=/root/tempmail temp_restore_dir=/root/tempmail
restore_directory_from_friend $temp_restore_dir mail/$USERNAME restore_directory_from_friend $temp_restore_dir "mail/$USERNAME"
if [ ! -d /home/$USERNAME/Maildir ]; then if [ ! -d "/home/$USERNAME/Maildir" ]; then
mkdir /home/$USERNAME/Maildir mkdir "/home/$USERNAME/Maildir"
fi fi
if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C / tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
else else
tar -xzvf $temp_restore_dir/maildir.tar.gz -C / tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
exit 927 exit 927
fi fi
@ -854,7 +868,7 @@ function restore_email {
# Social key management # Social key management
# Recover any key fragments and reconstruct the gpg key # Recover any key fragments and reconstruct the gpg key
${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST ${PROJECT_NAME}-recoverkey -u "${ADMIN_USERNAME}" -l "$BACKUP_LIST"
copy_gpg_keys copy_gpg_keys
gpg_agent_setup root gpg_agent_setup root

Some files were not shown because too many files have changed in this diff Show More