free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2017-12-19 21:29:36 +00:00
parent 379d7ffee5 e25cf8e561
commit e1b96e4aa3
4 changed files with 187 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
code-of-conduct.md
View File

@ -1,11 +1,35 @@
Instead of having some tedious *Code of Conduct* which tries to micro-manage how folks communicate privately with each other this project has a set of guiding principles, which are as follows:
# Freedombone "Code of Conduct"
* Enable users to help themselves to provide their own personal software infrastructure.
* Enable users to help each other to provide software infrastructure for a community.
* Principle of self-management: apps should require miniumum configuration and maintain themselves as far as possible.
* There should be no single point of failure. Assume that other servers can and will fail occasionally.
* Minimum data retention. Only store the data which users actually want or need, and within apps implement the function which allows logging to be turned off.
* Respect other users right to run their own stuff and have their own policies on their own hardware.
* Remove as many intermediating organisations as possible. For example, Google tracking embedded within some Free Software apps.
* No tollbooths, rent-seeking, gatekeepers or paywalls.
* Maximize energy efficiency. No systems which fundamentally depend upon proof-of-work block solving or other compute-heavy methods. The target here is small single board computers.
## Be respectful
In a project the size of Freedombone, inevitably there will be people with whom you may disagree, or find it difficult to cooperate. Accept that, but even so, remain respectful. Disagreement is no excuse for poor behaviour or personal attacks, and a community in which people feel threatened is not a healthy community.
## Assume good faith
Freedombone Contributors have many ways of reaching our common goal of providing freedom respecting internet or mesh systems which may differ from your ways. Assume that other people are working towards this goal.
## Be collaborative
Freedombone is a moderately complex project, though nothing big and professional like GNU. It's good to ask for help when you need it. Similarly, offers for help should be seen in the context of our shared goal of improving the system.
When you make something for the benefit of the project, be willing to explain to others how it works, so that they can build on your work to make it even better.
## Try to be concise
If you're submitting documentation then keep in mind that what you write once could be read by many other people. To avoid TL;DR keep it as short and concise as possible. This will also reduce the amount of translations effort needed.
If you're discussing an issue or bug, try to stay on topic, especially in discussions that are already fairly large.
## Be open
Most ways of communication used within Freedombone (eg Matrix/XMPP) allow for public and private communication. Prefer public methods of communication for Freedombone-related messages, unless posting something sensitive.
This applies to messages for help, too; not only is a public support request much more likely to result in an answer to your question, it also makes sure that any inadvertent mistakes made by people answering your question will be more easily detected and corrected.
## In case of problems
While this code of conduct should be adhered to by participants, we recognize that sometimes people may have a bad day, or be unaware of some of the guidelines in this code of conduct. When that happens, you may reply to them and point out this code of conduct. Such messages may be in public or in private, whatever is most appropriate. However, regardless of whether the message is public or not, it should still adhere to the relevant parts of this code of conduct; in particular, it should not be abusive or disrespectful. Assume good faith; it is more likely that participants are unaware of their bad behaviour than that they intentionally try to degrade the quality of the discussion.
Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed.
Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net.

150
src/freedombone-app-cryptpad
View File

@ -36,8 +36,9 @@ SHOW_ICANN_ADDRESS_ON_ABOUT=0
CRYPTPAD_ONION_PORT=8119
CRYPTPAD_PORT=9003
CRYPTPAD_PORT2=9005
CRYPTPAD_REPO="https://github.com/xwiki-labs/cryptpad"
CRYPTPAD_COMMIT='52d344c3d1404d75d2bf4ae8845e5c024e85ec7f'
CRYPTPAD_COMMIT='cfc9ce33d6c7034a13cb0e6d606de6fba38697e0'
CRYPTPAD_DIR=/etc/cryptpad
cryptpad_variables=(ONION_ONLY)
@ -76,6 +77,18 @@ function reconfigure_cryptpad {
fi
}
function cryptpad_generate_api_config {
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}
function upgrade_cryptpad {
CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit")
if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then
@ -89,14 +102,17 @@ function upgrade_cryptpad {
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
cd $CRYPTPAD_DIR
cryptpad_create_config
npm upgrade
npm install
su -c 'echo "2" | bower update' - cryptpad
su -c 'bower install --config.interactive=false' - cryptpad
cryptpad_generate_api_config
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad
systemctl start cryptpad
}
function backup_local_cryptpad {
source_directory=$CRYPTPAD_DIR/datastore
if [ -d $source_directory ]; then
@ -215,6 +231,108 @@ function remove_cryptpad {
userdel -r cryptpad
}
function cryptpad_create_config {
cryptpad_install_type=$1
cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then
cryptpad_prefix=$rootdir
fi
echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " 'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
fi
echo ' defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo " rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo ' //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js
}
function mesh_install_cryptpad {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
return
@ -343,10 +461,7 @@ EOF
rm $rootdir/usr/bin/install_cryptpad
sed -i "s|httpPort:.*|httpPort: $CRYPTPAD_PORT,|g" $rootdir$CRYPTPAD_DIR/config.js
sed -i "s|// domain:|domain:|g" $rootdir$CRYPTPAD_DIR/config.js
sed -i 's|openFileLimit:.*|openFileLimit: 1024,|g' $rootdir$CRYPTPAD_DIR/config.js
sed -i "s|domain:.*|domain: 'http://P${PEER_ID}.local',|g" $rootdir$CRYPTPAD_DIR/config.js
cryptpad_create_config mesh
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
@ -422,6 +537,11 @@ function install_cryptpad_main {
echo '' >> $cryptpad_nginx_site
echo ' index index.html;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' if ($args ~ ver=) {' >> $cryptpad_nginx_site
echo ' set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
@ -510,11 +630,7 @@ function install_cryptpad {
exit 628252
fi
sed -i "s|httpPort:.*|httpPort: $CRYPTPAD_PORT,|g" config.js
sed -i "s|// domain:|domain:|g" config.js
sed -i 's|openFileLimit:.*|openFileLimit: 1024,|g' config.js
sed -i "s|domain:.*|domain: 'http://$CRYPTPAD_ONION_HOSTNAME',|g" config.js
cryptpad_create_config
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
@ -540,15 +656,7 @@ function install_cryptpad {
sleep 6
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_generate_api_config
# install again
cd $CRYPTPAD_DIR

25
src/freedombone-app-fedwiki
View File

@ -28,7 +28,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS=""
VARIANTS="full full-vim media"
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
@ -39,9 +39,11 @@ FEDWIKI_VERSION='0.13.0'
FEDWIKI_ONION_PORT=8131
FEDWIKI_PORT=3053
FEDWIKI_DATA=/var/lib/fedwiki
FEDWIKI_COOKIE=
fedwiki_variables=(FEDWIKI_DOMAIN_NAME
FEDWIKI_CODE
FEDWIKI_COOKIE
FEDWIKI_ADMIN_PASSWORD
ONION_ONLY
DDNS_PROVIDER
@ -80,6 +82,14 @@ function fedwiki_remove_bad_links {
if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2 ]; then
rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2
fi
if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-twitter ]; then
rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-twitter
fi
if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-github ]; then
rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-github
fi
}
function logging_on_fedwiki {
@ -303,6 +313,12 @@ function fedwiki_setup_web {
function_check nginx_ssl
nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file
sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file
sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file
sed -i '/X-Download-Options/d' $fedwiki_nginx_file
sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
@ -395,8 +411,9 @@ function install_fedwiki {
FEDWIKI_ONION_HOSTNAME=$(add_onion_service fedwiki 80 ${FEDWIKI_ONION_PORT})
#TODO add a config file for the identity system
# $FEDWIKI_DATA/config.json
if [ ! $FEDWIKI_COOKIE ]; then
FEDWIKI_COOKIE="$(create_password 30)$(create_password 30)$(create_password 30)"
fi
echo '[Unit]' > /etc/systemd/system/fedwiki.service
echo 'Description=Fedwiki Decentralized video streaming platform' >> /etc/systemd/system/fedwiki.service
@ -407,7 +424,7 @@ function install_fedwiki {
echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
echo "ExecStart=/usr/local/bin/wiki --config $FEDWIKI_DATA/config.json --data $FEDWIKI_DATA -p $FEDWIKI_PORT" >> /etc/systemd/system/fedwiki.service
echo "ExecStart=/usr/local/bin/wiki --security_type friends --cookieSecret '${FEDWIKI_COOKIE}' --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT" >> /etc/systemd/system/fedwiki.service
echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service

3
src/freedombone-image-mesh
View File

@ -155,6 +155,9 @@ function enable_cryptpad {
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
if [ -f $CRYPTPAD_DIR/config.js ]; then
sed -i "s|myDomain:.*|myDomain: 'http://P${PEER_ID}.local',|g" $CRYPTPAD_DIR/config.js
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'