free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tidying

This commit is contained in:
Bob Mottram 2018-03-02 22:20:49 +00:00
parent 9a6aee1de7
commit ec6e2e5851
12 changed files with 767 additions and 761 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/freedombone-utils-passwords
View File

@ -51,7 +51,7 @@ function enforce_good_passwords {
}
function create_password {
openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${1} ; echo -n ''
openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${1}" ; echo -n ''
}
# NOTE: deliberately no exit 0

63
src/freedombone-utils-postgresql
View File

@ -35,14 +35,14 @@ POSTGRESQL_PACKAGES='postgresql-9.6 postgresql-contrib-9.6 postgresql-client'
function store_original_postgresql_password {
if [ ! -f /root/.postgresqloriginal ]; then
echo $'Storing original postgresql password'
ORIGINAL_POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
ORIGINAL_POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
# We can store this in plaintext because it will soon be of historical interest only
echo -n "$ORIGINAL_POSTGRESQL_PASSWORD" > /root/.postgresqloriginal
fi
}
function get_postgresql_password {
POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
if [[ "$POSTGRESQL_PASSWORD" == *'failed'* ]]; then
echo $'Could not obtain postgresql password'
exit 7835272
@ -50,14 +50,15 @@ function get_postgresql_password {
}
function mesh_install_postgresql {
chroot "$rootdir" apt-get -yq install $POSTGRESQL_PACKAGES
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install "$POSTGRESQL_PACKAGES"
if [ ! -d $rootdir/etc/postgresql ]; then
if [ ! -d "$rootdir/etc/postgresql" ]; then
echo $"ERROR: postgresql does not appear to have installed."
exit 78352
fi
if [ ! -f $rootdir/usr/bin/psql ]; then
if [ ! -f "$rootdir/usr/bin/psql" ]; then
echo $"ERROR: psql command does not appear to have installed."
exit 835290
fi
@ -75,16 +76,16 @@ function install_postgresql {
function_check get_postgresql_password
get_postgresql_password
if [ ! $POSTGRESQL_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
POSTGRESQL_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ ! "$POSTGRESQL_PASSWORD" ]; then
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
POSTGRESQL_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
POSTGRESQL_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
POSTGRESQL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
${PROJECT_NAME}-pass -u root -a postgresql -p "$POSTGRESQL_PASSWORD"
"${PROJECT_NAME}-pass" -u root -a postgresql -p "$POSTGRESQL_PASSWORD"
apt-get -yq install $POSTGRESQL_PACKAGES
apt-get -yq install "$POSTGRESQL_PACKAGES"
apt-get -yq remove --purge apache2-bin*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
@ -107,7 +108,7 @@ function install_postgresql {
function add_postgresql_user {
postgresql_username=$1
postgresql_password=$2
cd /etc/postgresql
cd /etc/postgresql || exit 2468246
if [[ "$3" != 'encrypt'* ]]; then
sudo -u postgres psql -c "create user $postgresql_username password '$postgresql_password';"
else
@ -118,14 +119,14 @@ function add_postgresql_user {
function remove_postgresql_user {
postgresql_username=$1
cd /etc/postgresql
cd /etc/postgresql || exit 24624624
sudo -u postgres psql -c "drop user $postgresql_username"
}
function drop_database_postgresql {
database_name="$1"
database_owner_name="$2"
cd /etc/postgresql
cd /etc/postgresql || exit 2482468242
sudo -u postgres psql -c "drop database $database_name"
if [ ${#database_owner_name} -gt 0 ]; then
sudo -u postgres psql -c "drop user $database_owner_name"
@ -134,31 +135,31 @@ function drop_database_postgresql {
function run_system_query_postgresql {
query=$1
cd /etc/postgresql
cd /etc/postgresql || exit 24624649846
sudo -u postgres psql -c "$query"
}
function run_query_postgresql {
database_name=$1
database_query=$2
cd /etc/postgresql
sudo -u postgres psql -d $database_name -c "$database_query"
cd /etc/postgresql || exit 2492464684
sudo -u postgres psql -d "$database_name" -c "$database_query"
}
function run_query_postgresql_with_output {
database_name=$1
database_query=$2
cd /etc/postgresql
output=$(sudo -u postgres psql -d $database_name -c "$database_query")
cd /etc/postgresql || exit 2482462846
output=$(sudo -u postgres psql -d "$database_name" -c "$database_query")
echo "$output"
}
function initialise_database_postgresql {
database_name=$1
database_file=$2
cd /etc/postgresql
sudo -u postgres psql $database_name < $database_file
if [ ! "$?" = "0" ]; then
cd /etc/postgresql || exit 239246992469
# shellcheck disable=SC2024
if ! sudo -u postgres psql "$database_name" < "$database_file"; then
exit 7238525
fi
}
@ -167,10 +168,10 @@ function create_database_postgresql {
app_name="$1"
app_admin_password="$2"
app_admin_username=$3
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir "$INSTALL_DIR"
fi
if [ ! $app_admin_username ]; then
if [ ! "$app_admin_username" ]; then
app_admin_username=${app_name}admin
fi
@ -178,9 +179,11 @@ function create_database_postgresql {
CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
flush privileges;
quit" > $INSTALL_DIR/batch.sql
chmod 600 $INSTALL_DIR/batch.sql
cd /etc/postgresql
sudo -u postgres psql -d $database_name --file=$INSTALL_DIR/batch.sql
shred -zu $INSTALL_DIR/batch.sql
quit" > "$INSTALL_DIR/batch.sql"
chmod 600 "$INSTALL_DIR/batch.sql"
cd /etc/postgresql || exit 247284684
sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql"
shred -zu "$INSTALL_DIR/batch.sql"
}
# NOTE: deliberately there is no "exit 0"

66
src/freedombone-utils-repos
View File

@ -38,17 +38,17 @@ function create_repo_sources {
rm -rf /var/lib/apt/lists/*
apt-get clean
echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" > /etc/apt/sources.list
echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" >> /etc/apt/sources.list
echo '' >> /etc/apt/sources.list
echo "deb http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
echo "deb-src http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
echo '' >> /etc/apt/sources.list
echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
echo '' >> /etc/apt/sources.list
echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
{ echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main";
echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main";
echo '';
echo "deb http://security.debian.org/ ${DEBIAN_VERSION}/updates main";
echo "deb-src http://security.debian.org/ ${DEBIAN_VERSION}/updates main";
echo '';
echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main";
echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main";
echo '';
echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main";
echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main"; } > /etc/apt/sources.list
apt-get update
apt-get -yq install apt-transport-https
@ -63,28 +63,28 @@ function create_git_project {
fi
apt-get -yq install git
echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
{ echo '#!/bin/bash';
echo '';
echo "GIT_PROJECT_NAME=\$1";
echo "if [ ! \$GIT_PROJECT_NAME ]; then";
echo ' echo "Please specify a project name, without any spaces"';
echo ' exit 1';
echo 'fi';
echo '';
echo "if [ ! -d /home/\$USER/projects/\$GIT_PROJECT_NAME ]; then";
echo " mkdir -p /home/\$USER/projects/\$GIT_PROJECT_NAME";
echo 'fi';
echo '';
echo "cd /home/\$USER/projects/\$GIT_PROJECT_NAME";
echo 'git init --bare';
echo '';
echo -n 'echo "Your project has been created, ';
echo 'use the following command to clone the repository"';
echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT";
echo "/home/\$USER/projects/\$GIT_PROJECT_NAME";
echo '';
echo 'exit 0'; } > "/usr/bin/$CREATE_GIT_PROJECT_COMMAND"
chmod +x "/usr/bin/$CREATE_GIT_PROJECT_COMMAND"
mark_completed "${FUNCNAME[0]}"
}

16
src/freedombone-utils-rng
View File

@ -66,11 +66,11 @@ function check_onerng_verification {
return
fi
echo $'Checking OneRNG firmware verification'
last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
last_onerng_validation=$(grep "OneRNG: firmware verification" /var/log/syslog.1 | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
last_onerng_validation=$(grep "OneRNG: firmware verification" /var/log/syslog | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
echo $last_onerng_validation
echo "$last_onerng_validation"
echo $'OneRNG firmware verification failed'
exit 735026
fi
@ -85,14 +85,14 @@ function install_onerng {
apt-get -yq install rng-tools at python-gnupg
# Move to the installation directory
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir "$INSTALL_DIR"
fi
cd $INSTALL_DIR
cd "$INSTALL_DIR" || exit 24762464
# Download the package
if [ ! -f $ONERNG_PACKAGE ]; then
wget $ONERNG_PACKAGE_DOWNLOAD
wget "$ONERNG_PACKAGE_DOWNLOAD"
mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
fi
if [ ! -f $ONERNG_PACKAGE ]; then
@ -102,7 +102,7 @@ function install_onerng {
# Check the hash
hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
if [[ "$hash" != "$ONERNG_PACKAGE_HASH" ]]; then
echo $"OneRNG package: $ONERNG_PACKAGE"
echo $"Hash does not match. This could indicate that the package has been tampered with."
echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"

171
src/freedombone-utils-selector
View File

@ -49,8 +49,8 @@ INSTALLED_APPS_LIST=/usr/share/${PROJECT_NAME}/installed.txt
# so that when a new app is added existing users can be added
APP_USERS_FILE=$HOME/app_users.txt
if [ ! $COMPLETION_FILE ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
if [ ! "$COMPLETION_FILE" ]; then
COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
fi
# Loads variables defined at the beginning of an app script
@ -58,16 +58,20 @@ function app_load_variables {
app_name=$1
config_var_name=${app_name}_variables
# shellcheck disable=SC2086
if [ ! ${!config_var_name} ]; then
echo $"${app_name}_variables was not found"
return
fi
#shellcheck disable=SC1087,SC2125,SC2178
configvarname=$config_var_name[@]
#shellcheck disable=SC2206
configvarname=( ${!configvarname} )
for v in "${configvarname[@]}"
do
read_config_param $v
read_config_param "$v"
done
}
@ -76,22 +80,26 @@ function app_save_variables {
app_name=$1
config_var_name=${app_name}_variables
#shellcheck disable=SC2086
if [ ! ${!config_var_name} ]; then
return
fi
#shellcheck disable=SC1087,SC2125,SC2178
configvarname=$config_var_name[@]
#shellcheck disable=SC2206
configvarname=( ${!configvarname} )
for v in "${configvarname[@]}"
do
write_config_param $v "${!v}"
write_config_param "$v" "${!v}"
done
}
# gets the variants list from an app script
function app_variants {
filename=$1
variants_line=$(cat ${filename} | grep 'VARIANTS=')
variants_line=$(grep 'VARIANTS=' "${filename}")
if [[ "$variants_line" == *"'"* ]]; then
variants_list=$(echo "$variants_line" | awk -F '=' '{print $2}' | awk -F "'" '{print $2}')
else
@ -112,21 +120,22 @@ function item_in_array {
function available_system_variants {
function_check item_in_array
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
new_available_variants_list=()
for filename in $FILES
do
system_variants_list=$(app_variants $filename)
system_variants_list=$(app_variants "$filename")
# shellcheck disable=SC2206
variants_array=($system_variants_list)
for variant_str in "${variants_array[@]}"
do
item_in_array "${variant_str}" "${new_available_variants_list[@]}"
if [[ $? != 0 ]]; then
if ! item_in_array "${variant_str}" "${new_available_variants_list[@]}"; then
new_available_variants_list+=("$variant_str")
fi
done
done
# shellcheck disable=SC2207
available_variants_list=($(sort <<<"${new_available_variants_list[*]}"))
}
@ -167,11 +176,11 @@ function remove_app {
if ! grep -Fxq "_${app_name}_" $REMOVED_APPS_FILE; then
echo "_${app_name}_" >> $REMOVED_APPS_FILE
fi
if grep -Fxq "install_${app_name}" $COMPLETION_FILE; then
sed -i "/install_${app_name}/d" $COMPLETION_FILE
if grep -Fxq "install_${app_name}" "$COMPLETION_FILE"; then
sed -i "/install_${app_name}/d" "$COMPLETION_FILE"
fi
if grep -Fxq "install_${app_name}" $INSTALLED_APPS_LIST; then
sed -i "/install_${app_name}/d" $INSTALLED_APPS_LIST
if grep -Fxq "install_${app_name}" "$INSTALLED_APPS_LIST"; then
sed -i "/install_${app_name}/d" "$INSTALLED_APPS_LIST"
fi
}
@ -196,7 +205,7 @@ function reinstall_app {
if [ ! -f $REMOVED_APPS_FILE ]; then
return
fi
if [[ $(app_is_removed $app_name) == "1" ]]; then
if [[ $(app_is_removed "$app_name") == "1" ]]; then
sed -i "/_${app_name}_/d" $REMOVED_APPS_FILE
fi
}
@ -207,8 +216,8 @@ function app_is_installed {
# Why does this secondary file exist, apart from COMPLETION_FILE ?
# It's so that it is visible to unprivileged users from the user control panel
if [ -f $INSTALLED_APPS_LIST ]; then
if ! grep -Fxq "install_${app_name}" $INSTALLED_APPS_LIST; then
if [ -f "$INSTALLED_APPS_LIST" ]; then
if ! grep -Fxq "install_${app_name}" "$INSTALLED_APPS_LIST"; then
echo "0"
else
echo "1"
@ -217,12 +226,12 @@ function app_is_installed {
fi
# check the completion file to see if it was installed
if [ ! -f $COMPLETION_FILE ]; then
if [ ! -f "$COMPLETION_FILE" ]; then
echo "0"
return
fi
if ! grep -Fxq "install_${app_name}" $COMPLETION_FILE; then
if ! grep -Fxq "install_${app_name}" "$COMPLETION_FILE"; then
echo "0"
else
echo "1"
@ -231,11 +240,11 @@ function app_is_installed {
# called at the end of the install section of an app script
function install_completed {
if [ ! ${1} ]; then
if [ ! "${1}" ]; then
exit 673935
fi
if ! grep -Fxq "install_${1}" $COMPLETION_FILE; then
echo "install_${1}" >> $COMPLETION_FILE
if ! grep -Fxq "install_${1}" "$COMPLETION_FILE"; then
echo "install_${1}" >> "$COMPLETION_FILE"
fi
}
@ -243,7 +252,7 @@ function install_completed {
function get_apps_installed {
for a in "${APPS_AVAILABLE[@]}"
do
APPS_INSTALLED+=("$(app_is_installed $a)")
APPS_INSTALLED+=("$(app_is_installed "$a")")
done
}
@ -252,7 +261,7 @@ function get_apps_installed_names {
APPS_INSTALLED_NAMES=()
for a in "${APPS_AVAILABLE[@]}"
do
if [[ $(app_is_installed $a) == "1" ]]; then
if [[ $(app_is_installed "$a") == "1" ]]; then
APPS_INSTALLED_NAMES+=("$a")
fi
done
@ -260,7 +269,7 @@ function get_apps_installed_names {
# detects what apps are available
function detect_apps {
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
function_check item_in_array
@ -272,8 +281,7 @@ function detect_apps {
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
if [[ $? != 0 ]]; then
if ! item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
APPS_AVAILABLE+=("${app_name}")
APPS_CHOSEN+=("0")
fi
@ -288,7 +296,7 @@ function detect_apps {
# If the variants list within an app script is an empty string then
# it is considered to be too experimental to be installable
function detect_installable_apps {
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
APPS_AVAILABLE=()
APPS_CHOSEN=()
@ -304,15 +312,14 @@ function detect_installable_apps {
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
if [[ $? != 0 ]]; then
variants_list=$(app_variants $filename)
if ! item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
variants_list=$(app_variants "$filename")
# check for empty string
if [ ${#variants_list} -gt 0 ]; then
APPS_AVAILABLE+=("${app_name}")
APPS_CHOSEN+=("0")
APPS_INSTALLED+=("$(app_is_installed $app_name)")
if [[ $(app_is_installed $app_name) == "1" ]]; then
APPS_INSTALLED+=("$(app_is_installed "$app_name")")
if [[ $(app_is_installed "$app_name") == "1" ]]; then
APPS_INSTALLED_NAMES+=("$app_name")
fi
fi
@ -321,7 +328,7 @@ function detect_installable_apps {
}
function detect_installed_apps {
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
APPS_AVAILABLE=()
APPS_INSTALLED=()
@ -336,10 +343,9 @@ function detect_installed_apps {
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
if [[ $(app_is_installed $app_name) == "1" ]]; then
item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
if [[ $? != 0 ]]; then
variants_list=$(app_variants $filename)
if [[ $(app_is_installed "$app_name") == "1" ]]; then
if ! item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
variants_list=$(app_variants "$filename")
if [ ${#variants_list} -gt 0 ]; then
APPS_AVAILABLE+=("${app_name}")
APPS_INSTALLED_NAMES+=("$app_name")
@ -363,7 +369,7 @@ function choose_apps_for_variant {
exit 237567
fi
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
APPS_CHOSEN=()
@ -372,16 +378,15 @@ function choose_apps_for_variant {
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
if [[ $? == 0 ]]; then
if grep -q "VARIANTS=" ${filename}; then
variants_list=$(app_variants $filename)
if item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
if grep -q "VARIANTS=" "${filename}"; then
variants_list=$(app_variants "$filename")
if [[ "${variants_list}" == 'all'* || \
"${variants_list}" == "$variant_name" || \
"${variants_list}" == "$variant_name "* || \
"${variants_list}" == *" $variant_name "* || \
"${variants_list}" == *" $variant_name" ]]; then
if [[ $(app_is_removed ${a}) == "0" ]]; then
if [[ $(app_is_removed "${a}") == "0" ]]; then
#echo $"${app_name} chosen"
APPS_CHOSEN+=("1")
else
@ -408,7 +413,7 @@ function list_chosen_apps {
if [[ ${APPS_CHOSEN[$app_index]} == "1" ]]; then
echo $"${a}"
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
}
@ -421,23 +426,23 @@ function remove_apps {
echo $"Removing users for application: ${a}"
function_check remove_users_for_app
remove_users_for_app ${a}
remove_users_for_app "${a}"
echo $"Removing application: ${a}"
function_check app_load_variables
app_load_variables ${a}
app_load_variables "${a}"
function_check remove_app
remove_app ${a}
remove_app "${a}"
function_check remove_${a}
remove_${a}
function_check "remove_${a}"
"remove_${a}"
echo $"${a} was removed"
fi
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
update_installed_apps_list
}
@ -450,13 +455,13 @@ function install_apps_interactive {
if [[ ${APPS_INSTALLED[$app_index]} == "0" ]]; then
if [[ ${APPS_CHOSEN[$app_index]} == "1" ]]; then
# interactively obtain settings for this app
if [[ $(function_exists install_interactive_${a}) == "1" ]]; then
install_interactive_${a}
if [[ $(function_exists "install_interactive_${a}") == "1" ]]; then
"install_interactive_${a}"
fi
fi
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
echo $"Interactive settings complete"
}
@ -466,8 +471,8 @@ function user_added_to_app {
app_name="$2"
if [[ $(is_valid_user "$user_name") == "1" ]]; then
if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
if grep -Fxq "${app_name}_${user_name}" $APP_USERS_FILE; then
if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
if grep -Fxq "${app_name}_${user_name}" "$APP_USERS_FILE"; then
echo "1"
return
fi
@ -482,7 +487,7 @@ function add_users_after_install {
read_config_param MY_USERNAME
# ensure a minimum password length
if [ ! $MINIMUM_PASSWORD_LENGTH ]; then
if [ ! "$MINIMUM_PASSWORD_LENGTH" ]; then
MINIMUM_PASSWORD_LENGTH=20
fi
if [ ${#MINIMUM_PASSWORD_LENGTH} -lt 20 ]; then
@ -490,7 +495,7 @@ function add_users_after_install {
fi
ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ ! $ADMIN_USERNAME ]; then
if [ ! "$ADMIN_USERNAME" ]; then
ADMIN_USERNAME=$MY_USERNAME
fi
@ -501,8 +506,8 @@ function add_users_after_install {
if [[ $(user_added_to_app "${USERNAME}" "${app_name}") == "0" ]]; then
valstr=$"Login for user ${USERNAME}="
app_password="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
add_user_${app_name} "${USERNAME}" "${app_password}"
echo "${app_name}_${USERNAME}" >> $APP_USERS_FILE
"add_user_${app_name}" "${USERNAME}" "${app_password}"
echo "${app_name}_${USERNAME}" >> "$APP_USERS_FILE"
fi
fi
fi
@ -519,10 +524,10 @@ function remove_users_for_app {
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [[ "$USERNAME" != "$MY_USERNAME" ]]; then
if [[ $(user_added_to_app "${USERNAME}" "${app_name}") == "1" ]]; then
if [[ $(function_exists remove_user_${app_name}) == "1" ]]; then
remove_user_${app_name} "${USERNAME}"
if [[ $(function_exists "remove_user_${app_name}") == "1" ]]; then
"remove_user_${app_name}" "${USERNAME}"
fi
sed -i "/${app_name}_${USERNAME}/d" $APP_USERS_FILE
sed -i "/${app_name}_${USERNAME}/d" "$APP_USERS_FILE"
fi
fi
fi
@ -535,7 +540,7 @@ function install_apps {
APP_INSTALLED_SUCCESS=1
# interactive install configuration for each app
if [ ${is_interactive} ]; then
if [ "${is_interactive}" ]; then
install_apps_interactive
fi
@ -549,69 +554,69 @@ function install_apps {
# remove any temp files
rm -rf /tmp/*
if [ ${is_interactive} ]; then
if [ "${is_interactive}" ]; then
# clears any removal indicator
function_check reinstall_app
reinstall_app ${a}
reinstall_app "${a}"
function_check app_load_variables
app_load_variables ${a}
app_load_variables "${a}"
if [[ $(app_is_installed ${a}) == "1" ]]; then
if [[ $(app_is_installed "${a}") == "1" ]]; then
echo $"Upgrading application from interactive: ${a}"
upgrade_${a}
"upgrade_${a}"
echo $"${a} was upgraded from interactive"
else
echo $"Installing application from interactive: ${a}"
APP_INSTALLED=
install_${a}
"install_${a}"
if [ $APP_INSTALLED ]; then
function_check app_save_variables
app_save_variables ${a}
app_save_variables "${a}"
function_check add_users_after_install
add_users_after_install ${a}
add_users_after_install "${a}"
function_check lockdown_permissions
lockdown_permissions
function_check install_completed
install_completed ${a}
install_completed "${a}"
echo $"${a} was installed from interactive"
else
echo "Failed to install: ${a}" >> /var/log/${PROJECT_NAME}.log
echo "Failed to install: ${a}" >> "/var/log/${PROJECT_NAME}.log"
APP_INSTALLED_SUCCESS=
echo $"${a} was not installed from interactive"
fi
fi
else
# check if the app was removed
if [[ $(app_is_removed ${a}) == "0" ]]; then
if [[ $(app_is_removed "${a}") == "0" ]]; then
function_check app_load_variables
app_load_variables ${a}
if [[ $(app_is_installed ${a}) == "1" ]]; then
app_load_variables "${a}"
if [[ $(app_is_installed "${a}") == "1" ]]; then
echo $"Upgrading application: ${a}"
upgrade_${a}
"upgrade_${a}"
echo $"${a} was upgraded"
else
echo $"Installing application: ${a}"
APP_INSTALLED=
install_${a}
"install_${a}"
if [ $APP_INSTALLED ]; then
function_check app_save_variables
app_save_variables ${a}
app_save_variables "${a}"
function_check add_users_after_install
add_users_after_install ${a}
add_users_after_install "${a}"
function_check lockdown_permissions
lockdown_permissions
function_check install_completed
install_completed ${a}
install_completed "${a}"
echo $"${a} was installed"
else
echo "Failed to install: ${a}" >> /var/log/${PROJECT_NAME}.log
echo "Failed to install: ${a}" >> "/var/log/${PROJECT_NAME}.log"
APP_INSTALLED_SUCCESS=
echo $"${a} was not installed"
fi
@ -622,7 +627,7 @@ function install_apps {
fi
fi
fi
app_index=$[app_index+1]
app_index=$((app_index+1))
done
function_check update_installed_apps_list

84
src/freedombone-utils-setup
View File

@ -63,7 +63,7 @@ BACKUP_MAX_DAYS=30
# file containing a list of remote locations to backup to
# Format: [username@friendsdomain//home/username] [ssh_password]
# With the only space character being between the server and the password
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
FRIENDS_SERVERS_LIST="/home/$MY_USERNAME/backup.list"
export DEBIAN_FRONTEND=noninteractive
@ -103,9 +103,9 @@ function detect_usb_drive {
# which is likely to be the last drive connected
read_config_param USB_DRIVE
partition_number='1'
if [[ "$1" == "nopath" ]]; then
partition_number=''
fi
#if [[ "$1" == "nopath" ]]; then
# partition_number=''
#fi
if [ -b /dev/sda${partition_number} ]; then
USB_DRIVE=/dev/sda${partition_number}
fi
@ -139,7 +139,7 @@ function separate_tmp_filesystem {
mkdir -p /tmp
fi
if ! grep -q '/tmp' /etc/fstab; then
mount -t tmpfs -o size=${tmp_filesystem_size_mb}m tmpfs /tmp
mount -t tmpfs -o size="${tmp_filesystem_size_mb}m" tmpfs /tmp
echo "tmpfs /tmp tmpfs nodev,nosuid,noexec,nodiratime,size=${tmp_filesystem_size_mb}M 0 0" >> /etc/fstab
fi
}
@ -183,7 +183,7 @@ function remove_bluetooth {
bluetooth_changed=1
fi
if [ $bluetooth_changed ]; then
update-initramfs -u -k `uname -r` -v
update-initramfs -u -k "$(uname -r)" -v
update-rc.d bluetooth remove
fi
}
@ -199,7 +199,7 @@ function running_as_root {
function reset_usb_devices {
for xhci in /sys/bus/pci/drivers/?hci-pci ; do
if ! cd $xhci ; then
if ! cd "$xhci" ; then
return
fi
@ -219,7 +219,7 @@ function install_backports_kernel {
if [[ "$architecture_type" == *"amd64"* ]]; then
package_installed=$(dpkg-query -W -f='${Package}\n' linux-image-amd64 2>/dev/null)
if [ ! $package_installed ]; then
if [ ! "$package_installed" ]; then
apt-get -yq install linux-image-amd64
fi
fi
@ -279,8 +279,8 @@ function initial_setup {
apt-get -yq install grub2 lvm2
fi
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p "$INSTALL_DIR"
fi
mark_completed "${FUNCNAME[0]}"
@ -308,8 +308,9 @@ function setup_grub {
}
function admin_user_sudo {
if ! grep -q "$MY_USERNAME ALL=(ALL) ALL" $rootdir/etc/sudoers; then
echo "$MY_USERNAME ALL=(ALL) ALL" >> $rootdir/etc/sudoers
# shellcheck disable=SC2154
if ! grep -q "$MY_USERNAME ALL=(ALL) ALL" "$rootdir/etc/sudoers"; then
echo "$MY_USERNAME ALL=(ALL) ALL" >> "$rootdir/etc/sudoers"
fi
}
@ -338,11 +339,11 @@ function search_for_attached_usb_drive {
if [ -f $USB_MOUNT/private_key.gpg ]; then
echo $'GPG private key found on USB drive'
MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
MY_GPG_PRIVATE_KEY="$USB_MOUNT/private_key.gpg"
fi
if [ -f $USB_MOUNT/public_key.gpg ]; then
echo $'GPG public key found on USB drive'
MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
MY_GPG_PUBLIC_KEY="$USB_MOUNT/public_key.gpg"
fi
if [ -f $USB_MOUNT/letsencrypt ]; then
@ -431,8 +432,8 @@ function remove_default_user {
}
function create_completion_file {
if [ ! -f $COMPLETION_FILE ]; then
touch $COMPLETION_FILE
if [ ! -f "$COMPLETION_FILE" ]; then
touch "$COMPLETION_FILE"
fi
}
@ -467,7 +468,7 @@ function remove_management_engine_interface {
}
function set_login_umask {
logindefs_umask=$(cat /etc/login.defs | grep UMASK | grep -v '#')
logindefs_umask=$(grep UMASK /etc/login.defs | grep -v '#')
if [[ "$logindefs_umask" != *'077' ]]; then
sed -i 's|UMASK\t.*|UMASK\t\t077|g' /etc/login.defs
fi
@ -489,7 +490,7 @@ function set_max_login_tries {
max_tries=$1
if ! grep -q ' deny=' /etc/pam.d/common-auth; then
sed -i "/pam_deny.so/a auth required\t\t\tpam_tally.so onerr=fail no_lock_time per_user deny=$max_tries" /etc/pam.d/common-auth
sed -i "/pam_deny.so/a auth required\\t\\t\\tpam_tally.so onerr=fail no_lock_time per_user deny=$max_tries" /etc/pam.d/common-auth
else
if ! grep -q " deny=$max_tries" /etc/pam.d/common-auth; then
sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-auth
@ -503,19 +504,19 @@ function set_max_login_tries {
function limit_user_logins {
# overall max logins
if ! grep -q '* hard maxsyslogins' /etc/security/limits.conf; then
if ! grep -q '\* hard maxsyslogins' /etc/security/limits.conf; then
echo '* hard maxsyslogins 10' >> /etc/security/limits.conf
else
if ! grep -q '* hard maxsyslogins 10' /etc/security/limits.conf; then
if ! grep -q '\* hard maxsyslogins 10' /etc/security/limits.conf; then
sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' /etc/security/limits.conf
fi
fi
# Max logins for each user
if ! grep -q '* hard maxlogins' /etc/security/limits.conf; then
if ! grep -q '\* hard maxlogins' /etc/security/limits.conf; then
echo '* hard maxlogins 2' >> /etc/security/limits.conf
else
if ! grep -q '* hard maxlogins 2' /etc/security/limits.conf; then
if ! grep -q '\* hard maxlogins 2' /etc/security/limits.conf; then
sed -i 's|hard maxlogins.*|hard maxlogins 2|g' /etc/security/limits.conf
fi
fi
@ -532,7 +533,7 @@ function set_sticky_bits {
world_writable=$(find / -xdev -type d -perm -002 \! -perm -1000)
for w in $world_writable; do
echo "Setting sticky bit on $w"
chmod +t $w
chmod +t "$w"
done
}
@ -655,10 +656,10 @@ function lockdown_permissions {
}
function disable_core_dumps {
if ! grep -q '* hard core' /etc/security/limits.conf; then
if ! grep -q '\* hard core' /etc/security/limits.conf; then
echo '* hard core 0' >> /etc/security/limits.conf
else
if ! grep -q '* hard core 0' /etc/security/limits.conf; then
if ! grep -q '\* hard core 0' /etc/security/limits.conf; then
sed -i 's|hard core.*|hard core 0|g' /etc/security/limits.conf
fi
fi
@ -1097,24 +1098,23 @@ function upgrade_apps {
create_completion_file
APPS_COMPLETED=()
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
# for all the app scripts
for filename in $FILES
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
item_in_array "${app_name}" "${APPS_COMPLETED[@]}"
if [[ $? != 0 ]]; then
if ! item_in_array "${app_name}" "${APPS_COMPLETED[@]}"; then
function_check app_is_installed
if [[ "$(app_is_installed $app_name)" == "1" ]]; then
if [[ "$(app_is_installed "$app_name")" == "1" ]]; then
echo ''
echo ''
echo $"Upgrading $app_name"
app_load_variables ${app_name}
app_load_variables "${app_name}"
APPS_COMPLETED+=("${app_name}")
function_check upgrade_${app_name}
upgrade_${app_name}
function_check "upgrade_${app_name}"
"upgrade_${app_name}"
fi
fi
done
@ -1145,7 +1145,7 @@ function setup_apps {
if [[ $is_interactive == "noninteractive" || $is_interactive == "headless" ]]; then
function_check install_apps
install_apps
if [ ! $APP_INSTALLED_SUCCESS ]; then
if [ ! "$APP_INSTALLED_SUCCESS" ]; then
echo $'One or more apps failed to install'
fi
fi
@ -1155,28 +1155,28 @@ function combine_all_scripts {
combined_filename=$1
# initial variables
cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars $combined_filename
cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars" "$combined_filename"
# utilities
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
# this removes the first line, which is #!/bin/bash
tail -n +2 "$f" >> $combined_filename
tail -n +2 "$f" >> "$combined_filename"
done
# base system
BASE_SYSTEM_FILES=/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-*
BASE_SYSTEM_FILES="/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-*"
for f in $BASE_SYSTEM_FILES
do
tail -n +2 "$f" >> $combined_filename
tail -n +2 "$f" >> "$combined_filename"
done
# apps
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES
do
tail -n +2 "$f" >> $combined_filename
tail -n +2 "$f" >> "$combined_filename"
done
}
@ -1185,8 +1185,8 @@ function check_ram_availability {
minimum_ram_bytes=$((minimum_ram_MB * 1024))
ram_available=$(grep MemTotal /proc/meminfo | awk '{print $2}')
if [ $ram_available -lt $minimum_ram_bytes ]; then
echo $"Need at least ${minimum_ram_gb}MB RAM to install this app"
if [ "$ram_available" -lt "$minimum_ram_bytes" ]; then
echo $"Need at least ${minimum_ram_MB}MB RAM to install this app"
exit 783524
fi
}

67
src/freedombone-utils-tracker
View File

@ -31,28 +31,29 @@
TRACKER_PORT=6969
function mesh_install_tracker {
# shellcheck disable=SC2154
chroot "$rootdir" apt-get -yq install bittornado nginx
TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
echo '[Unit]' > $TRACKER_DAEMON
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
echo 'After=syslog.target' >> $TRACKER_DAEMON
echo 'After=network.target' >> $TRACKER_DAEMON
echo '[Service]' >> $TRACKER_DAEMON
echo 'Type=simple' >> $TRACKER_DAEMON
echo 'User=tracker' >> $TRACKER_DAEMON
echo 'Group=tracker' >> $TRACKER_DAEMON
echo "WorkingDirectory=/var/lib/tracker" >> $TRACKER_DAEMON
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo 'TimeoutSec=300' >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo '[Install]' >> $TRACKER_DAEMON
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
{ echo '[Unit]'
echo 'Description=Torrent Tracker';
echo 'After=syslog.target';
echo 'After=network.target';
echo '[Service]';
echo 'Type=simple';
echo 'User=tracker';
echo 'Group=tracker';
echo "WorkingDirectory=/var/lib/tracker";
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
echo '';
echo 'TimeoutSec=300';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
chroot "$rootdir" useradd -d /var/lib/tracker/ -s /bin/false tracker
if [ ! -d $rootdir/var/lib/tracker ]; then
mkdir $rootdir/var/lib/tracker
if [ ! -d "$rootdir/var/lib/tracker" ]; then
mkdir "$rootdir/var/lib/tracker"
fi
chroot "$rootdir" chown -R tracker:tracker /var/lib/tracker
@ -60,7 +61,7 @@ function mesh_install_tracker {
}
function install_tracker {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
mesh_install_tracker
return
fi
@ -72,21 +73,21 @@ function install_tracker {
apt-get -yq install bittornado nginx
TRACKER_DAEMON=/etc/systemd/system/tracker.service
echo '[Unit]' > $TRACKER_DAEMON
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
echo 'After=syslog.target' >> $TRACKER_DAEMON
echo 'After=network.target' >> $TRACKER_DAEMON
echo '[Service]' >> $TRACKER_DAEMON
echo 'Type=simple' >> $TRACKER_DAEMON
echo 'User=tracker' >> $TRACKER_DAEMON
echo 'Group=tracker' >> $TRACKER_DAEMON
echo "WorkingDirectory=/var/lib/tracker" >> $TRACKER_DAEMON
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo 'TimeoutSec=300' >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo '[Install]' >> $TRACKER_DAEMON
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
{ echo '[Unit]';
echo 'Description=Torrent Tracker';
echo 'After=syslog.target';
echo 'After=network.target';
echo '[Service]';
echo 'Type=simple';
echo 'User=tracker';
echo 'Group=tracker';
echo "WorkingDirectory=/var/lib/tracker";
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
echo '';
echo 'TimeoutSec=300';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
useradd -d /var/lib/tracker/ -s /bin/false tracker
if [ ! -d /var/lib/tracker ]; then

165
src/freedombone-utils-turn
View File

@ -36,10 +36,10 @@ function generate_turn_key {
local turnkey="${1}"
local filepath="${2}"
echo "lt-cred-mech" > "${filepath}"
echo "use-auth-secret" >> "${filepath}"
echo "static-auth-secret=${turnkey}" >> "${filepath}"
echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
{ echo "lt-cred-mech";
echo "use-auth-secret";
echo "static-auth-secret=${turnkey}";
echo "realm=turn.${DEFAULT_DOMAIN_NAME}"; } > "${filepath}"
if [[ $ONION_ONLY == 'no' ]]; then
echo "cert=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}"
echo "pkey=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}"
@ -58,7 +58,7 @@ function remove_turn {
apt-get -y remove coturn
rm -rf /var/lib/turn
sed -i "/# TURN Server/,/# End of TURN Server/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
sed -i "/# TURN Server/,/# End of TURN Server/d" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
remove_onion_service turn ${TURN_ONION_PORT}
rm /etc/avahi/services/turn.service
systemctl restart nginx
@ -69,62 +69,62 @@ function install_turn {
# append the matrix server to the web site config
turn_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
if ! grep -q '# End of TURN Server' $turn_nginx_site; then
if [[ $ONION_ONLY == "no" ]]; then
echo '# TURN Server' >> $turn_nginx_site
echo 'server {' >> $turn_nginx_site
echo " listen ${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site
echo " listen [::]:${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site
echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $turn_nginx_site
echo '' >> $turn_nginx_site
echo ' # Security' >> $turn_nginx_site
if ! grep -q '# End of TURN Server' "$turn_nginx_site"; then
if [[ "$ONION_ONLY" == "no" ]]; then
{ echo '# TURN Server';
echo 'server {';
echo " listen ${TURN_HTTP_PORT} ssl;";
echo " listen [::]:${TURN_HTTP_PORT} ssl;";
echo " server_name ${DEFAULT_DOMAIN_NAME};";
echo '';
echo ' # Security'; } >> "$turn_nginx_site"
function_check nginx_ssl
nginx_ssl ${DEFAULT_DOMAIN_NAME}
nginx_ssl "${DEFAULT_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turn_nginx_site
echo '' >> $turn_nginx_site
echo ' # Logs' >> $turn_nginx_site
echo ' access_log /dev/null;' >> $turn_nginx_site
echo ' error_log /dev/null;' >> $turn_nginx_site
echo '' >> $turn_nginx_site
echo ' # Index' >> $turn_nginx_site
echo ' index index.html;' >> $turn_nginx_site
echo '' >> $turn_nginx_site
echo ' # Location' >> $turn_nginx_site
echo ' location / {' >> $turn_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Index';
echo ' index index.html;';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$turn_nginx_site"
function_check nginx_limits
nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site
echo ' }' >> $turn_nginx_site
echo '}' >> $turn_nginx_site
echo '' >> $turn_nginx_site
nginx_limits "${DEFAULT_DOMAIN_NAME}" '15m'
{ echo " proxy_pass http://localhost:${TURN_PORT};";
echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo ' }';
echo '}';
echo ''; } >> "$turn_nginx_site"
else
echo '# TURN Server' >> $turn_nginx_site
echo '# TURN Server' >> "$turn_nginx_site"
fi
echo 'server {' >> $turn_nginx_site
echo " listen 127.0.0.1:$TURN_ONION_PORT default_server;" >> $turn_nginx_site
echo " server_name $DEFAULT_DOMAIN_NAME;" >> $turn_nginx_site
echo '' >> $turn_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$TURN_ONION_PORT default_server;";
echo " server_name $DEFAULT_DOMAIN_NAME;";
echo ''; } >> "$turn_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
echo '' >> $turn_nginx_site
echo ' # Logs' >> $turn_nginx_site
echo ' access_log /dev/null;' >> $turn_nginx_site
echo ' error_log /dev/null;' >> $turn_nginx_site
echo '' >> $turn_nginx_site
echo ' # Location' >> $turn_nginx_site
echo ' location / {' >> $turn_nginx_site
nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$turn_nginx_site"
function_check nginx_limits
nginx_limits $DEFAULT_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site
echo ' }' >> $turn_nginx_site
echo '}' >> $turn_nginx_site
echo '# End of TURN Server' >> $turn_nginx_site
nginx_limits "$DEFAULT_DOMAIN_NAME" '15m'
{ echo " proxy_pass http://localhost:${TURN_PORT};";
echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo ' }';
echo '}';
echo '# End of TURN Server'; } >> "$turn_nginx_site"
fi
export DEBIAN_FRONTEND=noninteractive
@ -151,26 +151,26 @@ function install_turn {
fi
turnkey="$(create_password 30)"
generate_turn_key $turnkey /var/lib/turn/turnserver.conf
generate_turn_key "$turnkey" /var/lib/turn/turnserver.conf
chmod -R 700 /var/lib/turn/turnserver.conf
chown -R matrix:matrix /var/lib/turn
echo '[Unit]' > /etc/systemd/system/turn.service
echo 'Description=TURN server' >> /etc/systemd/system/turn.service
echo 'After=network.target nginx.target' >> /etc/systemd/system/turn.service
echo '' >> /etc/systemd/system/turn.service
echo '[Service]' >> /etc/systemd/system/turn.service
echo 'Type=simple' >> /etc/systemd/system/turn.service
echo 'User=matrix' >> /etc/systemd/system/turn.service
echo "WorkingDirectory=/var/lib/turn" >> /etc/systemd/system/turn.service
echo "ExecStart=/usr/bin/turnserver -c /var/lib/turn/turnserver.conf --pidfile /var/lib/matrix/homeserver.pid" >> /etc/systemd/system/turn.service
echo "Environment=REPORT_STATS=\"no\"" >> /etc/systemd/system/turn.service
echo 'Restart=always' >> /etc/systemd/system/turn.service
echo 'RestartSec=10' >> /etc/systemd/system/turn.service
echo '' >> /etc/systemd/system/turn.service
echo '[Install]' >> /etc/systemd/system/turn.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turn.service
{ echo '[Unit]';
echo 'Description=TURN server';
echo 'After=network.target nginx.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=matrix';
echo "WorkingDirectory=/var/lib/turn";
echo "ExecStart=/usr/bin/turnserver -c /var/lib/turn/turnserver.conf --pidfile /var/lib/matrix/homeserver.pid";
echo "Environment=REPORT_STATS=\"no\"";
echo 'Restart=always';
echo 'RestartSec=10';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/turn.service
systemctl enable turn
systemctl daemon-reload
systemctl start turn
@ -178,21 +178,22 @@ function install_turn {
firewall_add turn ${TURN_PORT}
firewall_add turn-http ${TURN_HTTP_PORT}
TURN_ONION_HOSTNAME=$(add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT})
#TURN_ONION_HOSTNAME=$(add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT})
add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT}
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/turn.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/turn.service
echo '<service-group>' >> /etc/avahi/services/turn.service
echo ' <name replace-wildcards="yes">%h TURN</name>' >> /etc/avahi/services/turn.service
echo ' <service>' >> /etc/avahi/services/turn.service
echo ' <type>_turn._tcp</type>' >> /etc/avahi/services/turn.service
echo " <port>$TURN_PORT</port>" >> /etc/avahi/services/turn.service
echo ' </service>' >> /etc/avahi/services/turn.service
echo ' <service>' >> /etc/avahi/services/turn.service
echo ' <type>_turn._udp</type>' >> /etc/avahi/services/turn.service
echo " <port>$TURN_PORT</port>" >> /etc/avahi/services/turn.service
echo ' </service>' >> /etc/avahi/services/turn.service
echo '</service-group>' >> /etc/avahi/services/turn.service
{ echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>';
echo ' <name replace-wildcards="yes">%h TURN</name>';
echo ' <service>';
echo ' <type>_turn._tcp</type>';
echo " <port>$TURN_PORT</port>";
echo ' </service>';
echo ' <service>';
echo ' <type>_turn._udp</type>';
echo " <port>$TURN_PORT</port>";
echo ' </service>';
echo '</service-group>'; } > /etc/avahi/services/turn.service
systemctl restart avahi-daemon
systemctl restart nginx

54
src/freedombone-utils-upgrade
View File

@ -32,14 +32,14 @@
UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
function create_upgrade_script {
upgrade_command_file=$(which ${PROJECT_NAME}-upgrade)
if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then
cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
upgrade_command_file=$(which "${PROJECT_NAME}-upgrade")
if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
cp "$upgrade_command_file" "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME"
else
HASH1=$(sha256sum $upgrade_command_file | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /etc/cron.weekly/$UPGRADE_SCRIPT_NAME | awk -F ' ' '{print $1}')
HASH1=$(sha256sum "$upgrade_command_file" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
cp "$upgrade_command_file" "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME"
fi
fi
@ -53,7 +53,7 @@ function create_upgrade_script {
}
function upgrade_installation_from_previous_versions {
if [ ! -f $COMPLETION_FILE ]; then
if [ ! -f "$COMPLETION_FILE" ]; then
return
fi
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
@ -61,27 +61,27 @@ function upgrade_installation_from_previous_versions {
fi
# upgrade from previous versions
sed -i 's|configure_email|install_email|g' $COMPLETION_FILE
sed -i 's|install_dlna_server|install_dlna|g' $COMPLETION_FILE
sed -i 's|install_gnu_social_theme|install_gnusocial_theme|g' $COMPLETION_FILE
sed -i 's|install_gnu_social|install_gnusocial|g' $COMPLETION_FILE
sed -i 's|install_irc_server|install_irc|g' $COMPLETION_FILE
sed -i 's|voip_turn|turn|g' $COMPLETION_FILE
sed -i 's|install_voip|install_mumble|g' $COMPLETION_FILE
sed -i 's|install_rss_reader|install_rss|g' $COMPLETION_FILE
sed -i 's|install_tox_node|install_tox|g' $COMPLETION_FILE
sed -i 's|intrusion_detection|install_tripwire|g' $COMPLETION_FILE
sed -i 's|configure_email|install_email|g' "$COMPLETION_FILE"
sed -i 's|install_dlna_server|install_dlna|g' "$COMPLETION_FILE"
sed -i 's|install_gnu_social_theme|install_gnusocial_theme|g' "$COMPLETION_FILE"
sed -i 's|install_gnu_social|install_gnusocial|g' "$COMPLETION_FILE"
sed -i 's|install_irc_server|install_irc|g' "$COMPLETION_FILE"
sed -i 's|voip_turn|turn|g' "$COMPLETION_FILE"
sed -i 's|install_voip|install_mumble|g' "$COMPLETION_FILE"
sed -i 's|install_rss_reader|install_rss|g' "$COMPLETION_FILE"
sed -i 's|install_tox_node|install_tox|g' "$COMPLETION_FILE"
sed -i 's|intrusion_detection|install_tripwire|g' "$COMPLETION_FILE"
sed -i 's|GNU Social|gnusocial|g' $COMPLETION_FILE
sed -i 's|XMPP|xmpp|g' $COMPLETION_FILE
sed -i 's|voip|mumble|g' $COMPLETION_FILE
sed -i 's|VoIP|mumble|g' $COMPLETION_FILE
sed -i 's|Blog|htmly|g' $COMPLETION_FILE
sed -i 's|Hubzilla|hubzilla|g' $COMPLETION_FILE
sed -i 's|Gogs|gogs|g' $COMPLETION_FILE
sed -i 's|Wiki|dokuwiki|g' $COMPLETION_FILE
sed -i 's|RSS|rss|g' $COMPLETION_FILE
sed -i 's|Zeronet|zeronet|g' $COMPLETION_FILE
sed -i 's|GNU Social|gnusocial|g' "$COMPLETION_FILE"
sed -i 's|XMPP|xmpp|g' "$COMPLETION_FILE"
sed -i 's|voip|mumble|g' "$COMPLETION_FILE"
sed -i 's|VoIP|mumble|g' "$COMPLETION_FILE"
sed -i 's|Blog|htmly|g' "$COMPLETION_FILE"
sed -i 's|Hubzilla|hubzilla|g' "$COMPLETION_FILE"
sed -i 's|Gogs|gogs|g' "$COMPLETION_FILE"
sed -i 's|Wiki|dokuwiki|g' "$COMPLETION_FILE"
sed -i 's|RSS|rss|g' "$COMPLETION_FILE"
sed -i 's|Zeronet|zeronet|g' "$COMPLETION_FILE"
if [ -f /usr/local/bin/zeronetavahi ]; then
rm /usr/local/bin/zeronetavahi

34
src/freedombone-utils-watchdog
View File

@ -37,9 +37,9 @@ function install_watchdog_script {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
{ echo '#!/bin/bash';
echo 'LOGFILE=/var/log/keepon.log';
echo "CURRENT_DATE=\$(date)"; } > "/usr/bin/$WATCHDOG_SCRIPT_NAME"
# application specific stuff is added later
chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
@ -50,28 +50,28 @@ function install_watchdog_script {
}
function daemon_is_running {
daemon_name=$1
systemctl is-active ${daemon_name} >/dev/null 2>&1 && echo Running
daemon_name="$1"
systemctl is-active "${daemon_name}" >/dev/null 2>&1 && echo Running
}
function add_watchdog_daemon {
daemon_name=$1
daemon_name="$1"
echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo "# keep ${daemon_name} daemon running" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo "RUNNING=\$(systemctl is-active ${daemon_name} >/dev/null 2>&1 && echo Running)" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo " systemctl start ${daemon_name}" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo " echo \"${daemon_name} daemon restarted\" >> \$LOGFILE" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo "# End of ${daemon_name}" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
{ echo '';
echo "# keep ${daemon_name} daemon running";
echo "RUNNING=\$(systemctl is-active ${daemon_name} >/dev/null 2>&1 && echo Running)";
echo "if [ ! \$RUNNING ]; then";
echo " systemctl start ${daemon_name}";
echo " echo -n \$CURRENT_DATE >> \$LOGFILE";
echo " echo \"${daemon_name} daemon restarted\" >> \$LOGFILE";
echo 'fi';
echo "# End of ${daemon_name}"; } >> "/usr/bin/$WATCHDOG_SCRIPT_NAME"
}
function remove_watchdog_daemon {
daemon_name=$1
daemon_name="$1"
sed -i "/# keep ${daemon_name} daemon running/,/# End of ${daemon_name}/d" /usr/bin/$WATCHDOG_SCRIPT_NAME
sed -i "/# keep ${daemon_name} daemon running/,/# End of ${daemon_name}/d" "/usr/bin/$WATCHDOG_SCRIPT_NAME"
}
# NOTE: deliberately no exit 0

802
src/freedombone-utils-web
View File

File diff suppressed because it is too large Load Diff

4
src/freedombone-utils-zram
View File

@ -34,11 +34,11 @@ function enable_zram {
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
${PROJECT_NAME}-zram off
"${PROJECT_NAME}-zram" off
return
fi
${PROJECT_NAME}-zram on
"${PROJECT_NAME}-zram" on
mark_completed "${FUNCNAME[0]}"
}