diff --git a/src/freedombone-app-mediagoblin b/src/freedombone-app-mediagoblin index 47ac104c..fe6bf33d 100755 --- a/src/freedombone-app-mediagoblin +++ b/src/freedombone-app-mediagoblin @@ -71,7 +71,7 @@ function mediagoblin_fix_email { if ! grep -q 'import os' $mgfile; then sed -i '/import sys/a import os' $mgfile fi - sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile + sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \\| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile } function install_interactive_mediagoblin { @@ -92,7 +92,7 @@ function configure_interactive_mediagoblin { dialog --title $"Mediagoblin" \ --backtitle $"Freedombone Control Panel" \ --defaultno \ - --yesno $"\nAllow registration of new users?" 10 60 + --yesno $"\\nAllow registration of new users?" 10 60 sel=$? case $sel in 0) @@ -139,7 +139,7 @@ function reconfigure_mediagoblin { } function upgrade_mediagoblin { - CURR_MEDIAGOBLIN_COMMIT=$(cat $COMPLETION_FILE | grep "mediagoblin commit" | awk -F ':' '{print $2}') + CURR_MEDIAGOBLIN_COMMIT=$(grep "mediagoblin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}') if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin @@ -182,6 +182,7 @@ function restore_local_mediagoblin { else cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check restore_directory_from_usb set_user_permissions @@ -195,6 +196,7 @@ function restore_local_mediagoblin { else cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check set_user_permissions set_user_permissions @@ -214,24 +216,25 @@ function backup_remote_mediagoblin { MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs if [ -d /etc/mediagoblin ]; then echo $"Backing up mediagoblin" - backup_directory_to_friend $MEDIAGOBLIN_BASE_DIR mediagoblin + backup_directory_to_friend "$MEDIAGOBLIN_BASE_DIR" mediagoblin backup_directory_to_friend /var/lib/mediagoblin mediagoblindata fi } function restore_remote_mediagoblin { MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs - if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then + if [ -d "$SERVER_DIRECTORY/backup/mediagoblin" ]; then temp_restore_dir=/root/tempmediagoblin function_check get_completion_param MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain") function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir mediagoblin - if [ -d ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR ]; then - cp -r ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/* $MEDIAGOBLIN_BASE_DIR/ + if [ -d "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR" ]; then + cp -r "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/*" "$MEDIAGOBLIN_BASE_DIR/" else - cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/ + cp -r "${temp_restore_dir}/*" "$MEDIAGOBLIN_BASE_DIR/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 264824 fi @@ -241,12 +244,13 @@ function restore_remote_mediagoblin { else cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 268492 fi rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}2 - chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR + chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR" chown -hR mediagoblin:www-data /var/lib/mediagoblin chmod -R g+wx /var/lib/mediagoblin fi @@ -264,17 +268,17 @@ function remove_mediagoblin { function_check remove_onion_service remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT} - nginx_dissite $MEDIAGOBLIN_DOMAIN_NAME - remove_certs $MEDIAGOBLIN_DOMAIN_NAME + nginx_dissite "$MEDIAGOBLIN_DOMAIN_NAME" + remove_certs "$MEDIAGOBLIN_DOMAIN_NAME" if [ -d /var/lib/mediagoblin ]; then rm -rf /var/lib/mediagoblin fi - if [ -d $MEDIAGOBLIN_BASE_DIR ]; then - rm -rf $MEDIAGOBLIN_BASE_DIR + if [ -d "$MEDIAGOBLIN_BASE_DIR" ]; then + rm -rf "$MEDIAGOBLIN_BASE_DIR" fi remove_completion_param "install_mediagoblin" remove_completion_param "mediagoblin domain" - sed -i '/mediagoblin/d' $COMPLETION_FILE + sed -i '/mediagoblin/d' "$COMPLETION_FILE" remove_nodejs mediagoblin @@ -282,11 +286,11 @@ function remove_mediagoblin { userdel -r mediagoblin function_check remove_ddns_domain - remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME + remove_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME" } function install_mediagoblin { - if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then + if [ ! "$MEDIAGOBLIN_DOMAIN_NAME" ]; then return fi @@ -304,17 +308,17 @@ function install_mediagoblin { useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin usermod --append -G mediagoblin mediagoblin mkdir -p /var/lib/mediagoblin - mkdir -p $MEDIAGOBLIN_BASE_DIR - chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR + mkdir -p "$MEDIAGOBLIN_BASE_DIR" + chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR" chown -hR mediagoblin:www-data /var/lib/mediagoblin chmod -R g+wx /var/lib/mediagoblin if [ -d /repos/mediagoblin ]; then - mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin - cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin - cd $MEDIAGOBLIN_BASE_DIR/mediagoblin + mkdir -p "$MEDIAGOBLIN_BASE_DIR/mediagoblin" + cp -r -p /repos/mediagoblin/. "$MEDIAGOBLIN_BASE_DIR/mediagoblin" + cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 347593563 git pull - chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin + chown -R mediagoblin:mediagoblin "$MEDIAGOBLIN_BASE_DIR/mediagoblin" else su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin fi @@ -340,7 +344,7 @@ function install_mediagoblin { gstreamer1.0-plugins-ugly \ gstreamer1.0-libav \ python-gst-1.0 python3-gst-1.0 - cd $MEDIAGOBLIN_BASE_DIR/mediagoblin + cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 76345672472 su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin # Audio plugin @@ -349,14 +353,14 @@ function install_mediagoblin { su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin - if [ -f $IMAGE_PASSWORD_FILE ]; then - MEDIAGOBLIN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + MEDIAGOBLIN_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $MEDIAGOBLIN_ADMIN_PASSWORD ]; then - MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$MEDIAGOBLIN_ADMIN_PASSWORD" ]; then + MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - ${PROJECT_NAME}-pass -u $MY_USERNAME -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD" MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT}) set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}" @@ -365,157 +369,157 @@ function install_mediagoblin { if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + nginx_http_redirect "$MEDIAGOBLIN_DOMAIN_NAME" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo ' include /etc/nginx/mime.types;'; + echo ''; + echo ' autoindex off;'; + echo ' default_type application/octet-stream;'; + echo ' sendfile on;'; + echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME" function_check nginx_ssl - nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME + nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME + nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME" function_check nginx_limits - nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m + { echo ''; + echo ' client_header_timeout 10m;'; + echo ' client_body_timeout 10m;'; + echo ' send_timeout 10m;'; + echo ''; + echo ' fastcgi_read_timeout 600;'; + echo ' fastcgi_send_timeout 600;'; + echo ''; + echo ' gzip on;'; + echo ' gzip_min_length 1024;'; + echo ' gzip_buffers 4 32k;'; + echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;'; + echo ''; + echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;"; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; - echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location /mgoblin_static/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;"; + echo ' }'; + echo ''; + echo ' location /mgoblin_media/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;"; + echo ' }'; + echo ''; + echo ' location /theme_static/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;"; + echo ' }'; + echo ''; + echo ' location /plugin_static/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;"; + echo ' }'; + echo ''; + echo ' location / {'; + echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;"; + echo ' include /etc/nginx/fastcgi_params;'; + echo " fastcgi_param PATH_INFO \$fastcgi_script_name;"; + echo ' fastcgi_param SCRIPT_NAME "";'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME" else - echo -n '' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo -n '' > "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME" fi - echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + { echo 'server {'; + echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;"; + echo ' include /etc/nginx/mime.types;'; + echo ''; + echo ' autoindex off;'; + echo ' default_type application/octet-stream;'; + echo ' sendfile on;'; + echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME + nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME" function_check nginx_limits - nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m + { echo ''; + echo ' client_header_timeout 10m;'; + echo ' client_body_timeout 10m;'; + echo ' send_timeout 10m;'; + echo ''; + echo ' fastcgi_read_timeout 600;'; + echo ' fastcgi_send_timeout 600;'; + echo ''; + echo ' gzip on;'; + echo ' gzip_min_length 1024;'; + echo ' gzip_buffers 4 32k;'; + echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;'; + echo ''; + echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;"; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; - echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location /mgoblin_static/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;"; + echo ' }'; + echo ''; + echo ' location /mgoblin_media/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;"; + echo ' }'; + echo ''; + echo ' location /theme_static/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;"; + echo ' }'; + echo ''; + echo ' location /plugin_static/ {'; + echo " alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;"; + echo ' }'; + echo ''; + echo ' location / {'; + echo " fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;"; + echo ' include /etc/nginx/fastcgi_params;'; + echo " fastcgi_param PATH_INFO \$fastcgi_script_name;"; + echo ' fastcgi_param SCRIPT_NAME "";'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME" - echo '[Unit]' > /etc/systemd/system/mediagoblin.service - echo 'Description=Media service' >> /etc/systemd/system/mediagoblin.service - echo 'Requires=network.target' >> /etc/systemd/system/mediagoblin.service - echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service - echo '' >> /etc/systemd/system/mediagoblin.service - echo '[Service]' >> /etc/systemd/system/mediagoblin.service - echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service - echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service - echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service - echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/" >> /etc/systemd/system/mediagoblin.service - echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT" >> /etc/systemd/system/mediagoblin.service - echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true" >> /etc/systemd/system/mediagoblin.service - echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service - echo 'RestartSec=10' >> /etc/systemd/system/mediagoblin.service - echo '' >> /etc/systemd/system/mediagoblin.service - echo '[Install]' >> /etc/systemd/system/mediagoblin.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service + { echo '[Unit]'; + echo 'Description=Media service'; + echo 'Requires=network.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=mediagoblin'; + echo 'Group=mediagoblin'; + echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/"; + echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT"; + echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true"; + echo 'Restart=always'; + echo 'RestartSec=10'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mediagoblin.service chmod +x /etc/systemd/system/mediagoblin.service su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin - sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini - sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini + sed -i 's|email_debug_mode.*|email_debug_mode = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini" + sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini" - sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini + sed -i 's|allow_reporting.*|allow_reporting = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini" - if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then - echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini - echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini - echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini - echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini - echo 'audio_codecs = Vorbis, MPEG-4 AAC' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini - echo 'dimensions_match = false' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini + if ! grep -q '[[[skip_transcode]]]' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"; then + { echo '[[[skip_transcode]]]'; + echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex'; + echo 'container_formats = Matroska, Ogg, ISO MP4/M4A'; + echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video'; + echo 'audio_codecs = Vorbis, MPEG-4 AAC'; + echo 'dimensions_match = false'; } >> "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini" fi systemctl enable mediagoblin @@ -529,18 +533,18 @@ function install_mediagoblin { fi function_check create_site_certificate - create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME 'yes' + create_site_certificate "$MEDIAGOBLIN_DOMAIN_NAME" 'yes' function_check configure_php configure_php - nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME + nginx_ensite "$MEDIAGOBLIN_DOMAIN_NAME" systemctl restart php7.0-fpm systemctl restart nginx function_check add_ddns_domain - add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME + add_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME" chown -hR mediagoblin:www-data /var/lib/mediagoblin chmod -R g+wx /var/lib/mediagoblin diff --git a/src/freedombone-app-movim b/src/freedombone-app-movim index 50dcb543..ee01d9ca 100755 --- a/src/freedombone-app-movim +++ b/src/freedombone-app-movim @@ -58,19 +58,19 @@ function logging_off_movim { function remove_user_movim { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp movim + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp movim } function add_user_movim { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a movim -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a movim -p "$new_user_password" echo '0' } function install_interactive_movim { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -80,39 +80,38 @@ function install_interactive_movim { MOVIM_DETAILS_COMPLETE= while [ ! $MOVIM_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Movim Configuration" \ - --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \ + --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \ $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"Movim Configuration" \ - --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \ + --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \ $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac - MOVIM_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $MOVIM_DOMAIN_NAME ]; then + MOVIM_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$MOVIM_DOMAIN_NAME" ]; then TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $MOVIM_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$MOVIM_DOMAIN_NAME" ]]; then MOVIM_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - MOVIM_CODE=$(cat $data | sed -n 2p) + MOVIM_CODE=$(sed -n 2p < "$data") validate_freedns_code "$MOVIM_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then MOVIM_DOMAIN_NAME= fi fi @@ -121,6 +120,7 @@ function install_interactive_movim { if [ $MOVIM_DOMAIN_NAME ]; then MOVIM_DETAILS_COMPLETE="yes" fi + rm -f "$data" done # save the results in the config file @@ -136,23 +136,23 @@ function change_password_movim { read_config_param 'MOVIM_DOMAIN_NAME' - ${PROJECT_NAME}-pass -u "$curr_username" -a movim -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$curr_username" -a movim -p "$new_user_password" } function movim_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - MOVIM_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + MOVIM_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $MOVIM_ADMIN_PASSWORD ]; then - MOVIM_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then + MOVIM_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $MOVIM_ADMIN_PASSWORD ]; then + if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database movim "$MOVIM_ADMIN_PASSWORD" $MY_USERNAME + create_database movim "$MOVIM_ADMIN_PASSWORD" "$MY_USERNAME" } function reconfigure_movim { @@ -165,35 +165,35 @@ function upgrade_movim { return fi - if grep -q "movim domain" $COMPLETION_FILE; then + if grep -q "movim domain" "$COMPLETION_FILE"; then MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") fi # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$MOVIM_DOMAIN_NAME/htdocs "movim commit" "$MOVIM_COMMIT" $MOVIM_REPO + set_repo_commit "/var/www/$MOVIM_DOMAIN_NAME/htdocs" "movim commit" "$MOVIM_COMMIT" "$MOVIM_REPO" - cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs + cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 6734824522 php composer.phar install php mud.php db --set - chown -R www-data:www-data /var/www/${MOVIM_DOMAIN_NAME}/htdocs + chown -R www-data:www-data "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" } function backup_local_movim { MOVIM_DOMAIN_NAME='movim' - if grep -q "movim domain" $COMPLETION_FILE; then + if grep -q "movim domain" "$COMPLETION_FILE"; then MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") fi - source_directory=/var/www/${MOVIM_DOMAIN_NAME}/htdocs - if [ -d $source_directory ]; then + source_directory="/var/www/${MOVIM_DOMAIN_NAME}/htdocs" + if [ -d "$source_directory" ]; then dest_directory=movim function_check suspend_site - suspend_site ${MOVIM_DOMAIN_NAME} + suspend_site "${MOVIM_DOMAIN_NAME}" function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check backup_database_to_usb backup_database_to_usb movim @@ -204,28 +204,28 @@ function backup_local_movim { } function restore_local_movim { - if ! grep -q "movim domain" $COMPLETION_FILE; then + if ! grep -q "movim domain" "$COMPLETION_FILE"; then return fi MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") - if [ $MOVIM_DOMAIN_NAME ]; then + if [ "$MOVIM_DOMAIN_NAME" ]; then echo $"Restoring movim" temp_restore_dir=/root/tempmovim movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs # stop the daemons - cd $movim_dir + cd "$movim_dir" || exit 7856724252 su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data function_check movim_create_database movim_create_database - restore_database movim ${MOVIM_DOMAIN_NAME} + restore_database movim "${MOVIM_DOMAIN_NAME}" if [ -d $temp_restore_dir ]; then rm -rf $temp_restore_dir fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) - cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) + cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 2468724682 sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php MARIADB_PASSWORD= @@ -234,18 +234,18 @@ function restore_local_movim { } function backup_remote_movim { - if grep -q "movim domain" $COMPLETION_FILE; then + if grep -q "movim domain" "$COMPLETION_FILE"; then MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs - if [ -d $temp_backup_dir ]; then + if [ -d "$temp_backup_dir" ]; then function_check suspend_site - suspend_site ${MOVIM_DOMAIN_NAME} + suspend_site "${MOVIM_DOMAIN_NAME}" function_check backup_database_to_friend backup_database_to_friend movim function_check backup_directory_to_friend - backup_directory_to_friend $temp_backup_dir movim + backup_directory_to_friend "$temp_backup_dir" movim function_check restart_site restart_site @@ -256,25 +256,25 @@ function backup_remote_movim { } function restore_remote_movim { - if grep -q "movim domain" $COMPLETION_FILE; then + if grep -q "movim domain" "$COMPLETION_FILE"; then echo $"Restoring movim" MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain") # stop the daemons - cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs + cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 524792846827 su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data function_check movim_create_database movim_create_database function_check restore_database_from_friend - restore_database_from_friend movim ${MOVIM_DOMAIN_NAME} + restore_database_from_friend movim "${MOVIM_DOMAIN_NAME}" if [ -d /root/tempmovim ]; then rm -rf /root/tempmovim fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) - cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) + cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 4242462487 sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php MARIADB_PASSWORD= @@ -298,14 +298,14 @@ function remove_movim { read_config_param "MY_USERNAME" echo "Removing $MOVIM_DOMAIN_NAME" - nginx_dissite $MOVIM_DOMAIN_NAME - remove_certs $MOVIM_DOMAIN_NAME + nginx_dissite "$MOVIM_DOMAIN_NAME" + remove_certs "$MOVIM_DOMAIN_NAME" - if [ -d /var/www/$MOVIM_DOMAIN_NAME ]; then - rm -rf /var/www/$MOVIM_DOMAIN_NAME + if [ -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then + rm -rf "/var/www/$MOVIM_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" fi function_check drop_database drop_database movim @@ -316,15 +316,15 @@ function remove_movim { fi remove_app movim remove_completion_param install_movim - sed -i '/movim/d' $COMPLETION_FILE + sed -i '/movim/d' "$COMPLETION_FILE" remove_backup_database_local movim function_check remove_ddns_domain - remove_ddns_domain $MOVIM_DOMAIN_NAME + remove_ddns_domain "$MOVIM_DOMAIN_NAME" } function install_movim { - if [ ! $MOVIM_DOMAIN_NAME ]; then + if [ ! "$MOVIM_DOMAIN_NAME" ]; then echo $'No domain name was given for movim' exit 72572 fi @@ -333,7 +333,7 @@ function install_movim { return fi - movim_hourly_script movim $MOVIM_DOMAIN_NAME + movim_hourly_script movim "$MOVIM_DOMAIN_NAME" function_check install_mariadb install_mariadb @@ -347,221 +347,221 @@ function install_movim { apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl - if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then - mkdir /var/www/$MOVIM_DOMAIN_NAME + if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then + mkdir "/var/www/$MOVIM_DOMAIN_NAME" fi - if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/movim ]; then - mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs - cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs - cd /var/www/$MOVIM_DOMAIN_NAME/htdocs + mkdir "/var/www/$MOVIM_DOMAIN_NAME/htdocs" + cp -r -p /repos/movim/. "/var/www/$MOVIM_DOMAIN_NAME/htdocs" + cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 3768568325 git pull else function_check git_clone - git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs + git_clone "$MOVIM_REPO" "/var/www/$MOVIM_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone movim repo' exit 76285 fi fi - cd /var/www/$MOVIM_DOMAIN_NAME/htdocs + cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 7345247242 git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT set_completion_param "movim commit" "$MOVIM_COMMIT" # default login - if [ ! -f /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php ]; then + if [ ! -f "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" ]; then echo $'Unable to find Config.php' exit 72352 fi - sed -i "s|'admin'|'${MY_USERNAME}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php - sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php + sed -i "s|'admin'|'${MY_USERNAME}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" + sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" # Fix typo sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js - cd /var/www/$MOVIM_DOMAIN_NAME/htdocs + cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 784368245224 install_composer - cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config + cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 6428764224 cp db.example.inc.php db.inc.php sed -i "s|'username'.*|'username' => 'root',|g" db.inc.php sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php sed -i "s|'database'.*|'database' => 'movim'|g" db.inc.php php mud.php db --set - chmod u+rwx /var/www/$MOVIM_DOMAIN_NAME/htdocs - chown -R www-data:www-data /var/www/$MOVIM_DOMAIN_NAME/htdocs + chmod u+rwx "/var/www/$MOVIM_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$MOVIM_DOMAIN_NAME/htdocs" function_check movim_create_database movim_create_database function_check add_ddns_domain - add_ddns_domain $MOVIM_DOMAIN_NAME + add_ddns_domain "$MOVIM_DOMAIN_NAME" MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT}) - echo '[Unit]' > /etc/systemd/system/movim.service - echo 'Description=Movim daemon' >> /etc/systemd/system/movim.service - echo 'After=network.target nginx.target' >> /etc/systemd/system/movim.service - echo '' >> /etc/systemd/system/movim.service - echo '[Service]' >> /etc/systemd/system/movim.service - echo 'Type=simple' >> /etc/systemd/system/movim.service - echo 'User=www-data' >> /etc/systemd/system/movim.service - echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs" >> /etc/systemd/system/movim.service + { echo '[Unit]'; + echo 'Description=Movim daemon'; + echo 'After=network.target nginx.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=www-data'; + echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs"; } > /etc/systemd/system/movim.service if [[ $ONION_ONLY == 'no' ]]; then echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service else echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service fi - echo 'StandardOutput=syslog' >> /etc/systemd/system/movim.service - echo 'SyslogIdentifier=movim' >> /etc/systemd/system/movim.service - echo 'PIDFile=/run/movim.pid' >> /etc/systemd/system/movim.service - echo 'Restart=on-failure' >> /etc/systemd/system/movim.service - echo 'RestartSec=10' >> /etc/systemd/system/movim.service - echo '' >> /etc/systemd/system/movim.service - echo '[Install]' >> /etc/systemd/system/movim.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/movim.service + { echo 'StandardOutput=syslog'; + echo 'SyslogIdentifier=movim'; + echo 'PIDFile=/run/movim.pid'; + echo 'Restart=on-failure'; + echo 'RestartSec=10'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/movim.service systemctl enable movim systemctl daemon-reload movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $MOVIM_DOMAIN_NAME "index index.php" - echo 'server {' >> $movim_nginx_site - echo ' listen 443 ssl;' >> $movim_nginx_site - echo ' #listen [::]:443 ssl;' >> $movim_nginx_site - echo " server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site - echo '' >> $movim_nginx_site + nginx_http_redirect "$MOVIM_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $MOVIM_DOMAIN_NAME;"; + echo ''; } >> "$movim_nginx_site" function_check nginx_compress - nginx_compress $MOVIM_DOMAIN_NAME - echo '' >> $movim_nginx_site - echo ' # Security' >> $movim_nginx_site + nginx_compress "$MOVIM_DOMAIN_NAME" + echo '' >> "$movim_nginx_site" + echo ' # Security' >> "$movim_nginx_site" function_check nginx_ssl - nginx_ssl $MOVIM_DOMAIN_NAME + nginx_ssl "$MOVIM_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $MOVIM_DOMAIN_NAME + nginx_disable_sniffing "$MOVIM_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Logs' >> $movim_nginx_site - echo ' access_log /dev/null;' >> $movim_nginx_site - echo ' error_log /dev/null;' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Root' >> $movim_nginx_site - echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Index' >> $movim_nginx_site - echo ' index index.php;' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # PHP' >> $movim_nginx_site - echo ' location ~ \.php {' >> $movim_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $movim_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site - echo ' fastcgi_read_timeout 30;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Location' >> $movim_nginx_site - echo ' location / {' >> $movim_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' # Index'; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$movim_nginx_site" function_check nginx_limits - nginx_limits $MOVIM_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @movim;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' location /ws/ {' >> $movim_nginx_site - echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site - echo ' proxy_http_version 1.1;' >> $movim_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site - echo ' proxy_set_header Connection "Upgrade";' >> $movim_nginx_site - echo ' proxy_set_header Host $host;' >> $movim_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site - echo ' proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site - echo ' proxy_redirect off;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Fancy URLs' >> $movim_nginx_site - echo ' location @movim {' >> $movim_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $movim_nginx_site - echo ' location ~ /\.(ht|git) {' >> $movim_nginx_site - echo ' deny all;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo '}' >> $movim_nginx_site + nginx_limits "$MOVIM_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @movim;"; + echo ' }'; + echo ''; + echo ' location /ws/ {'; + echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;"; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection "Upgrade";'; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ' proxy_set_header X-Forwarded-Proto https;'; + echo ' proxy_redirect off;'; + echo ' }'; + echo ''; + echo ' # Fancy URLs'; + echo ' location @movim {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo '}'; } >> "$movim_nginx_site" else - echo -n '' > $movim_nginx_site + echo -n '' > "$movim_nginx_site" fi - echo 'server {' >> $movim_nginx_site - echo " listen 127.0.0.1:$MOVIM_ONION_PORT default_server;" >> $movim_nginx_site - echo " server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site - echo '' >> $movim_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$MOVIM_ONION_PORT default_server;"; + echo " server_name $MOVIM_DOMAIN_NAME;"; + echo ''; } >> "$movim_nginx_site" function_check nginx_compress - nginx_compress $MOVIM_DOMAIN_NAME - echo '' >> $movim_nginx_site + nginx_compress "$MOVIM_DOMAIN_NAME" + echo '' >> "$movim_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $MOVIM_DOMAIN_NAME - echo '' >> $movim_nginx_site - echo ' # Logs' >> $movim_nginx_site - echo ' access_log /dev/null;' >> $movim_nginx_site - echo ' error_log /dev/null;' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Root' >> $movim_nginx_site - echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Index' >> $movim_nginx_site - echo ' index index.php;' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # PHP' >> $movim_nginx_site - echo ' location ~ \.php {' >> $movim_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $movim_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site - echo ' fastcgi_read_timeout 30;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Location' >> $movim_nginx_site - echo ' location / {' >> $movim_nginx_site + nginx_disable_sniffing "$MOVIM_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$MOVIM_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' # Index'; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$movim_nginx_site" function_check nginx_limits - nginx_limits $MOVIM_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @movim;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' location /ws/ {' >> $movim_nginx_site - echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site - echo ' proxy_http_version 1.1;' >> $movim_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site - echo ' proxy_set_header Connection "Upgrade";' >> $movim_nginx_site - echo ' proxy_set_header Host $host;' >> $movim_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site - echo ' proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site - echo ' proxy_redirect off;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Fancy URLs' >> $movim_nginx_site - echo ' location @movim {' >> $movim_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $movim_nginx_site - echo ' location ~ /\.(ht|git) {' >> $movim_nginx_site - echo ' deny all;' >> $movim_nginx_site - echo ' }' >> $movim_nginx_site - echo '' >> $movim_nginx_site - echo '}' >> $movim_nginx_site + nginx_limits "$MOVIM_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @movim;"; + echo ' }'; + echo ''; + echo ' location /ws/ {'; + echo " proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;"; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection "Upgrade";'; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ' proxy_set_header X-Forwarded-Proto https;'; + echo ' proxy_redirect off;'; + echo ' }'; + echo ''; + echo ' # Fancy URLs'; + echo ' location @movim {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo '}'; } >> "$movim_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $MOVIM_DOMAIN_NAME 'yes' + create_site_certificate "$MOVIM_DOMAIN_NAME" 'yes' # Ensure that the database gets backed up locally, if remote # backups are not being used @@ -572,9 +572,9 @@ function install_movim { backup_database_local movim function_check nginx_ensite - nginx_ensite $MOVIM_DOMAIN_NAME + nginx_ensite "$MOVIM_DOMAIN_NAME" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a movim -p "$MOVIM_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a movim -p "$MOVIM_ADMIN_PASSWORD" set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME" diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble index c447a308..5cde23d2 100755 --- a/src/freedombone-app-mumble +++ b/src/freedombone-app-mumble @@ -86,7 +86,7 @@ function upgrade_mumble { usermod -a -G ssl-cert mumble-server fi - if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then + if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then if ! grep -q "mumble.pem" /etc/mumble-server.ini; then sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini @@ -117,17 +117,18 @@ function backup_local_mumble { } function restore_local_mumble { - if [ -d $USB_MOUNT/backup/mumble ]; then + if [ -d "$USB_MOUNT/backup/mumble" ]; then echo $"Restoring mumble settings" temp_restore_dir=/root/tempmumble function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir voip restore_directory_from_usb $temp_restore_dir mumble - if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ + if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then + cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/ else cp -f $temp_restore_dir/mumble-server.ini /etc/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -136,11 +137,12 @@ function restore_local_mumble { backup_unmount_drive exit 3679 fi - if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ + if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then + cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/ else cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -171,29 +173,27 @@ function backup_remote_mumble { } function restore_remote_mumble { - if [ -d $SERVER_DIRECTORY/backup/mumble ]; then + if [ -d "$SERVER_DIRECTORY/backup/mumble" ]; then echo $"Restoring Mumble settings" temp_restore_dir=/root/tempmumble function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir mumble - if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ + if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then + cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/ else cp -f $temp_restore_dir/mumble-server.ini /etc/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir exit 7823 fi - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - exit 7823 - fi - if [ $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ + if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then + cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/ else cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir exit 276 @@ -221,7 +221,7 @@ function remove_mumble { fi function_check remove_onion_service remove_onion_service mumble ${MUMBLE_PORT} - sed -i '/mumble/d' $COMPLETION_FILE + sed -i '/mumble/d' "$COMPLETION_FILE" } function configure_firewall_for_mumble { @@ -238,34 +238,34 @@ function configure_firewall_for_mumble { function install_mumble { apt-get -yq install mumble-server - if [ -f $IMAGE_PASSWORD_FILE ]; then - MUMBLE_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + MUMBLE_SERVER_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $MUMBLE_SERVER_PASSWORD ]; then - MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - if [ ${#MUMBLE_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then - MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$MUMBLE_SERVER_PASSWORD" ]; then + MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" + if [ ${#MUMBLE_SERVER_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then + MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi fi if [[ ${ONION_ONLY} == 'no' ]]; then - if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then - mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs + if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then + mkdir "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" fi - if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then - if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then - rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt + if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then + if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then + rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" fi - if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then - rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam + if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" ]; then + rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" fi echo $'Obtaining certificate for the main domain' function_check create_site_certificate - create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' - chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam + create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes' + chmod 755 "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" - if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then + if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then echo $'Incorrect certificate generated' exit 78352 fi @@ -276,9 +276,9 @@ function install_mumble { # Make an ssl cert for the server - if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then + if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then - ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH + "${PROJECT_NAME}-addcert" -h mumble --dhkey "$DH_KEYLENGTH" function_check check_certificates check_certificates mumble fi @@ -318,7 +318,7 @@ function install_mumble { echo 'allowping=False' >> /etc/mumble-server.ini fi sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini - if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then + if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini else @@ -335,7 +335,8 @@ function install_mumble { sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini - MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}) + #MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}) + add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT} # turn off logs by default sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini diff --git a/src/freedombone-app-nextcloud b/src/freedombone-app-nextcloud index f52283db..719b9555 100755 --- a/src/freedombone-app-nextcloud +++ b/src/freedombone-app-nextcloud @@ -60,14 +60,14 @@ function logging_off_nextcloud { function remove_user_nextcloud { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp nextcloud + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud } function add_user_nextcloud { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a nextcloud -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password" echo '0' } @@ -76,12 +76,12 @@ function change_password_nextcloud { export OC_PASS="$2" su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username" - ${PROJECT_NAME}-pass -u $curr_username -a nextcloud -p "$OC_PASS" + "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS" export OC_PASS="" } function install_interactive_nextcloud { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -91,42 +91,40 @@ function install_interactive_nextcloud { NEXTCLOUD_DETAILS_COMPLETE= while [ ! $NEXTCLOUD_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"NextCloud Configuration" \ - --form $"\nPlease enter your NextCloud details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \ + --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \ $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ $"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"NextCloud Configuration" \ - --form $"\nPlease enter your NextCloud details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \ + --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \ $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - NEXTCLOUD_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ ${#img_url} -gt 1 ]; then - NEXTCLOUD_BACKGROUND_IMAGE_URL=$img_url - fi - if [ $NEXTCLOUD_DOMAIN_NAME ]; then + NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $NEXTCLOUD_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then NEXTCLOUD_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - NEXTCLOUD_CODE=$(cat $data | sed -n 2p) + NEXTCLOUD_CODE=$(sed -n 2p < "$data") validate_freedns_code "$NEXTCLOUD_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then NEXTCLOUD_DOMAIN_NAME= fi fi @@ -135,11 +133,12 @@ function install_interactive_nextcloud { if [ $NEXTCLOUD_DOMAIN_NAME ]; then NEXTCLOUD_DETAILS_COMPLETE="yes" fi + rm -f "$data" done # remove any invalid characters if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then - new_title=$(echo "$NEXTCLOUD_TITLE" | sed "s|'||g") + new_title=${"$NEXTCLOUD_TITLE"//\'//} NEXTCLOUD_TITLE="$new_title" fi @@ -156,23 +155,23 @@ function change_password_nextcloud { read_config_param ${NEXTCLOUD_DOMAIN_NAME} - ${PROJECT_NAME}-pass -u "$curr_username" -a nextcloud -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password" } function nextcloud_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - NEXTCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then - NEXTCLOUD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then + NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then + if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" $MY_USERNAME + create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME" } function reconfigure_nextcloud { @@ -186,7 +185,7 @@ function configure_interactive_nextcloud { function upgrade_nextcloud_base { chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data - cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs + cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985 sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:scan --all @@ -200,13 +199,13 @@ function upgrade_nextcloud { return fi - if grep -q "nextcloud domain" $COMPLETION_FILE; then + if grep -q "nextcloud domain" "$COMPLETION_FILE"; then NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") fi # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO + set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO" upgrade_nextcloud_base sudo -u www-data ./occ upgrade @@ -215,22 +214,22 @@ function upgrade_nextcloud { function backup_local_nextcloud { NEXTCLOUD_DOMAIN_NAME='nextcloud' - if grep -q "nextcloud domain" $COMPLETION_FILE; then + if grep -q "nextcloud domain" "$COMPLETION_FILE"; then NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") fi source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data - if [ -d $source_directory ]; then + if [ -d "$source_directory" ]; then function_check suspend_site - suspend_site ${NEXTCLOUD_DOMAIN_NAME} + suspend_site "${NEXTCLOUD_DOMAIN_NAME}" dest_directory=nextcloudfiles function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config dest_directory=nextcloudconfig - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check backup_database_to_usb backup_database_to_usb nextcloud @@ -241,26 +240,26 @@ function backup_local_nextcloud { } function restore_local_nextcloud { - if ! grep -q "nextcloud domain" $COMPLETION_FILE; then + if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then return fi NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") - if [ $NEXTCLOUD_DOMAIN_NAME ]; then + if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then temp_restore_dir=/root/tempnextcloud function_check nextcloud_create_database nextcloud_create_database - restore_database nextcloud ${NEXTCLOUD_DOMAIN_NAME} + restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}" temp_restore_dir=/root/tempnextcloudfiles restore_directory_from_usb $temp_restore_dir nextcloudfiles - if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then - cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/ + if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then + cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/" else - cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/ + cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/" fi - + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive @@ -271,12 +270,13 @@ function restore_local_nextcloud { temp_restore_dir=/root/tempnextcloudconfig restore_directory_from_usb $temp_restore_dir nextcloudconfig - if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then - cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs + if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then + cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" else - cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/ + cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive @@ -284,9 +284,9 @@ function restore_local_nextcloud { fi rm -rf ${temp_restore_dir} - chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs - chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data - cd $nextcloud_dir + chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" + chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" + cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875 sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:scan --all @@ -294,21 +294,21 @@ function restore_local_nextcloud { } function backup_remote_nextcloud { - if grep -q "nextcloud domain" $COMPLETION_FILE; then + if grep -q "nextcloud domain" "$COMPLETION_FILE"; then NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data - if [ -d $temp_backup_dir ]; then + if [ -d "$temp_backup_dir" ]; then function_check suspend_site - suspend_site ${NEXTCLOUD_DOMAIN_NAME} + suspend_site "${NEXTCLOUD_DOMAIN_NAME}" function_check backup_database_to_friend backup_database_to_friend nextcloud function_check backup_directory_to_friend - backup_directory_to_friend $temp_backup_dir nextclouddata + backup_directory_to_friend "$temp_backup_dir" nextclouddata temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config - backup_directory_to_friend $temp_backup_dir nextcloudconfig + backup_directory_to_friend "$temp_backup_dir" nextcloudconfig function_check restart_site restart_site @@ -319,7 +319,7 @@ function backup_remote_nextcloud { } function restore_remote_nextcloud { - if grep -q "nextcloud domain" $COMPLETION_FILE; then + if grep -q "nextcloud domain" "$COMPLETION_FILE"; then echo $"Restoring nextcloud" NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain") @@ -327,7 +327,7 @@ function restore_remote_nextcloud { nextcloud_create_database function_check restore_database_from_friend - restore_database_from_friend nextcloud ${NEXTCLOUD_DOMAIN_NAME} + restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}" if [ -d /root/tempnextcloud ]; then rm -rf /root/tempnextcloud fi @@ -335,12 +335,12 @@ function restore_remote_nextcloud { temp_restore_dir=/root/tempnextcloudfiles restore_directory_from_friend $temp_restore_dir nextcloudfiles - if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then - cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/ + if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then + cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/" else - cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/ + cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/" fi - + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 768254 fi @@ -349,20 +349,21 @@ function restore_remote_nextcloud { temp_restore_dir=/root/tempnextcloudconfig restore_directory_from_friend $temp_restore_dir nextcloudconfig - if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then - cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs + if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then + cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" else - cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/ + cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 573427 fi rm -rf ${temp_restore_dir} - chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs - chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data - cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs + chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" + chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" + cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824 sudo -u www-data ./occ maintenance:repair sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:scan --all @@ -381,13 +382,13 @@ function remove_nextcloud { read_config_param "NEXTCLOUD_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $NEXTCLOUD_DOMAIN_NAME" - nginx_dissite $NEXTCLOUD_DOMAIN_NAME - remove_certs $NEXTCLOUD_DOMAIN_NAME - if [ -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then - rm -rf /var/www/$NEXTCLOUD_DOMAIN_NAME + nginx_dissite "$NEXTCLOUD_DOMAIN_NAME" + remove_certs "$NEXTCLOUD_DOMAIN_NAME" + if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then + rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" fi function_check drop_database drop_database nextcloud @@ -395,17 +396,17 @@ function remove_nextcloud { remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT} remove_app nextcloud remove_completion_param install_nextcloud - sed -i '/nextcloud/d' $COMPLETION_FILE + sed -i '/nextcloud/d' "$COMPLETION_FILE" remove_backup_database_local nextcloud function_check remove_ddns_domain - remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME + remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME" systemctl restart nginx systemctl restart php7.0-fpm } function install_nextcloud_main { - if [ ! $NEXTCLOUD_DOMAIN_NAME ]; then + if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then echo $'No domain name was given for nextcloud' exit 7359 fi @@ -434,34 +435,34 @@ function install_nextcloud_main { fi sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf - if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then - mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME + if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then + mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME" fi - if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/nextcloud ]; then - mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs - cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs - cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs + mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" + cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" + cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793 git pull else function_check git_clone - git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs + git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone nextcloud repo' exit 87525 fi fi - cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs + cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834 git submodule update --init git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT" - chmod g+w /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs - chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs + chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" function_check nextcloud_create_database nextcloud_create_database @@ -474,154 +475,154 @@ function install_nextcloud_main { fi function_check add_ddns_domain - add_ddns_domain $NEXTCLOUD_DOMAIN_NAME + add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME" nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $NEXTCLOUD_DOMAIN_NAME - echo 'server {' >> $nextcloud_nginx_site - echo ' listen 443 ssl;' >> $nextcloud_nginx_site - echo ' #listen [::]:443 ssl;' >> $nextcloud_nginx_site - echo " server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Security' >> $nextcloud_nginx_site + nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $NEXTCLOUD_DOMAIN_NAME;"; + echo ''; + echo ' # Security'; } >> "$nextcloud_nginx_site" function_check nginx_ssl - nginx_ssl $NEXTCLOUD_DOMAIN_NAME mobile + nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile function_check nginx_disable_sniffing - nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME + nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Logs' >> $nextcloud_nginx_site - echo ' access_log /dev/null;' >> $nextcloud_nginx_site - echo ' error_log /dev/null;' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Root' >> $nextcloud_nginx_site - echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Index' >> $nextcloud_nginx_site - echo ' index index.php;' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' # Index'; + echo ' index index.php;'; + echo ''; - # By default nextcloud advertises highly specific version information - # on status.php, which can obviously be used by adversaries. - # Blocking status.php prevents this information leak - echo ' location = /status.php {' >> $nextcloud_nginx_site - echo ' return 404;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site + # By default nextcloud advertises highly specific version information + # on status.php, which can obviously be used by adversaries. + # Blocking status.php prevents this information leak + echo ' location = /status.php {'; + echo ' return 404;'; + echo ' }'; + echo ''; - echo ' # PHP' >> $nextcloud_nginx_site - echo ' location ~ \.php {' >> $nextcloud_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site - echo ' fastcgi_read_timeout 30;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Location' >> $nextcloud_nginx_site - echo ' location / {' >> $nextcloud_nginx_site + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$nextcloud_nginx_site" function_check nginx_limits - nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Fancy URLs' >> $nextcloud_nginx_site - echo ' location @nextcloud {' >> $nextcloud_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site - echo ' location ~ /\.(ht|git) {' >> $nextcloud_nginx_site - echo ' deny all;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' location = /.well-known/carddav {' >> $nextcloud_nginx_site - echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo ' location = /.well-known/caldav {' >> $nextcloud_nginx_site - echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site - echo '}' >> $nextcloud_nginx_site + nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @nextcloud;"; + echo ' }'; + echo ''; + echo ' # Fancy URLs'; + echo ' location @nextcloud {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' location = /.well-known/carddav {'; + echo " return 301 \$scheme://\$host/remote.php/dav;"; + echo ' }'; + echo ' location = /.well-known/caldav {'; + echo " return 301 \$scheme://\$host/remote.php/dav;"; + echo ' }'; + echo ''; + echo ' location /.well-known/acme-challenge { }'; + echo '}'; } >> "$nextcloud_nginx_site" else - echo -n '' > $nextcloud_nginx_site + echo -n '' > "$nextcloud_nginx_site" fi - echo 'server {' >> $nextcloud_nginx_site - echo " listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;" >> $nextcloud_nginx_site - echo " server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;"; + echo " server_name $NEXTCLOUD_DOMAIN_NAME;"; + echo ''; } >> "$nextcloud_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME - echo '' >> $nextcloud_nginx_site - echo ' # Logs' >> $nextcloud_nginx_site - echo ' access_log /dev/null;' >> $nextcloud_nginx_site - echo ' error_log /dev/null;' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Root' >> $nextcloud_nginx_site - echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Index' >> $nextcloud_nginx_site - echo ' index index.php;' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site + nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' # Index'; + echo ' index index.php;'; + echo ''; - # By default nextcloud advertises highly specific version information - # on status.php, which can obviously be used by adversaries. - # Blocking status.php prevents this information leak - echo ' location = /status.php {' >> $nextcloud_nginx_site - echo ' return 404;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site + # By default nextcloud advertises highly specific version information + # on status.php, which can obviously be used by adversaries. + # Blocking status.php prevents this information leak + echo ' location = /status.php {'; + echo ' return 404;'; + echo ' }'; + echo ''; - echo ' # PHP' >> $nextcloud_nginx_site - echo ' location ~ \.php {' >> $nextcloud_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site - echo ' fastcgi_read_timeout 30;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Location' >> $nextcloud_nginx_site - echo ' location / {' >> $nextcloud_nginx_site + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$nextcloud_nginx_site" function_check nginx_limits - nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Fancy URLs' >> $nextcloud_nginx_site - echo ' location @nextcloud {' >> $nextcloud_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site - echo ' location ~ /\.(ht|git) {' >> $nextcloud_nginx_site - echo ' deny all;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' location = /.well-known/carddav {' >> $nextcloud_nginx_site - echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo ' location = /.well-known/caldav {' >> $nextcloud_nginx_site - echo ' return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site - echo ' }' >> $nextcloud_nginx_site - echo '' >> $nextcloud_nginx_site - echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site - echo '}' >> $nextcloud_nginx_site + nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @nextcloud;"; + echo ' }'; + echo ''; + echo ' # Fancy URLs'; + echo ' location @nextcloud {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' location = /.well-known/carddav {'; + echo " return 301 \$scheme://\$host/remote.php/dav;"; + echo ' }'; + echo ' location = /.well-known/caldav {'; + echo " return 301 \$scheme://\$host/remote.php/dav;"; + echo ' }'; + echo ''; + echo ' location /.well-known/acme-challenge { }'; + echo '}'; } >> "$nextcloud_nginx_site" - sed -i 's| DENY;| SAMEORIGIN;|g' $nextcloud_nginx_site + sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site" # NextCloud doesn't like content-security-policy at all - sed -i '/Content-Security-Policy/d' $nextcloud_nginx_site + sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $NEXTCLOUD_DOMAIN_NAME 'yes' + create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes' - if [[ $ONION_ONLY == "no" ]]; then - if [ ! -f /etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem ]; then + if [[ "$ONION_ONLY" == "no" ]]; then + if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then echo $'Certificate not generated for nextcloud' exit 725762 fi @@ -636,31 +637,18 @@ function install_nextcloud_main { backup_database_local nextcloud function_check nginx_ensite - nginx_ensite $NEXTCLOUD_DOMAIN_NAME - - # NOTE: For the typical case always enable SSL and only - # disable it if in onion only mode. This is due to complexities - # with the way URLs are generated by nextcloud - nextcloud_ssl='always' - if [[ $ONION_ONLY != 'no' ]]; then - nextcloud_ssl='never' - fi + nginx_ensite "$NEXTCLOUD_DOMAIN_NAME" NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT}) - NEXTCLOUD_SERVER=${NEXTCLOUD_DOMAIN_NAME} - if [[ $ONION_ONLY != 'no' ]]; then - NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME} - fi - systemctl restart php7.0-fpm systemctl restart nginx - ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no + "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no - ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD" - cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs + cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247 if [ -d config ]; then chown -R www-data:www-data config fi @@ -669,7 +657,7 @@ function install_nextcloud_main { fi chmod +x occ - ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}" + ./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}" if [ ! -d data ]; then echo $'Nextcloud data directory was not found. This probably means that the installation failed.' echo '' @@ -683,20 +671,19 @@ function install_nextcloud_main { sudo -u www-data ./occ status sudo -u www-data ./occ app:list sudo -u www-data ./occ app:enable encryption - sudo -u www-data ./occ encryption:enable - if [ ! "$?" = "0" ]; then + if ! sudo -u www-data ./occ encryption:enable; then echo $'Encryption not enabled' exit 73527 fi sudo -u www-data ./occ encryption:status sudo -u www-data ./occ config:system:set appstoreenabled --value=false - chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php - chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs + chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php" + chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" chmod 0644 .htaccess chmod 0750 data - chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data - sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME - sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME + chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" + sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME" + sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME" sudo -u www-data ./occ files:cleanup sudo -u www-data ./occ files:scan --all sudo -u www-data ./occ maintenance:repair @@ -705,8 +692,8 @@ function install_nextcloud_main { systemctl restart mariadb # move the data directory - mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/ - sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php + mv "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/" + sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php" set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME" @@ -714,7 +701,7 @@ function install_nextcloud_main { } function install_nextcloud { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi diff --git a/src/freedombone-app-peertube b/src/freedombone-app-peertube index f7ffc5af..632064f8 100755 --- a/src/freedombone-app-peertube +++ b/src/freedombone-app-peertube @@ -55,14 +55,14 @@ peertube_variables=(PEERTUBE_DOMAIN_NAME MY_EMAIL_ADDRESS) function peertube_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - PEERTUBE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then - PEERTUBE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then + PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then + if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then return fi @@ -82,7 +82,8 @@ function logging_off_peertube { } function remove_user_peertube { - remove_username="$1" + echo -n '' +# remove_username="$1" } function add_user_peertube { @@ -91,14 +92,14 @@ function add_user_peertube { return fi - new_username="$1" - new_user_password="$2" +# new_username="$1" +# new_user_password="$2" echo '0' } function install_interactive_peertube { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -113,15 +114,14 @@ function install_interactive_peertube { } function peertube_set_admin_email { - read_config_param $MY_EMAIL_ADDRESS - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + read_config_param "$MY_EMAIL_ADDRESS" + data=$(mktemp 2>/dev/null) dialog --title $"Set PeerTube administrator email address" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>$data + --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data" sel=$? case $sel in - 0) peertube_email=$(<$data) + 0) peertube_email=$(<"$data") if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then if [ ${#peertube_email} -gt 8 ]; then sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml @@ -132,13 +132,13 @@ function peertube_set_admin_email { fi ;; esac - rm $data + rm -f "$data" } function peertube_disable_signups { dialog --title $"Disable PeerTube signups" \ --backtitle $"Freedombone Control Panel" \ - --yesno $"\nDo you wish to disable further PeerTube signups?" 8 75 + --yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75 sel=$? case $sel in 0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;; @@ -152,35 +152,36 @@ function peertube_disable_signups { function configure_interactive_peertube { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"PeerTube" \ --radiolist $"Choose an operation:" 10 70 4 \ 1 $"Set administrator email address" off \ 2 $"Disable or enable signups" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in 1) break;; 255) break;; esac - case $(cat $data) in + case $(cat "$data") in 1) peertube_set_admin_email;; 2) peertube_disable_signups;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } function change_password_peertube { - PEERTUBE_USERNAME="$1" +# PEERTUBE_USERNAME="$1" PEERTUBE_PASSWORD="$2" if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then echo $'Peertube password is too short' return fi - #${PROJECT_NAME}-pass -u $PEERTUBE_USERNAME -a peertube -p "$PEERTUBE_PASSWORD" + #"${PROJECT_NAME}-pass" -u "$PEERTUBE_USERNAME" -a peertube -p "$PEERTUBE_PASSWORD" } function reconfigure_peertube { @@ -195,7 +196,7 @@ function upgrade_peertube { read_config_param PEERTUBE_DOMAIN_NAME systemctl stop peertube - cd $PEERTUBE_DIR + cd "$PEERTUBE_DIR" || exit 7824552627 function_check set_repo_commit set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO @@ -207,7 +208,7 @@ function upgrade_peertube { function backup_local_peertube { PEERTUBE_DOMAIN_NAME='peertube.local' - if grep -q "peertube domain" $COMPLETION_FILE; then + if grep -q "peertube domain" "$COMPLETION_FILE"; then PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") fi @@ -219,7 +220,7 @@ function backup_local_peertube { peertube_path=$PEERTUBE_DIR/videos if [ -d $peertube_path ]; then - suspend_site ${PEERTUBE_DOMAIN_NAME} + suspend_site "${PEERTUBE_DOMAIN_NAME}" systemctl stop peertube backup_directory_to_usb $peertube_path peertubevideos systemctl start peertube @@ -229,11 +230,11 @@ function backup_local_peertube { function restore_local_peertube { PEERTUBE_DOMAIN_NAME='peertube.local' - if grep -q "peertube domain" $COMPLETION_FILE; then + if grep -q "peertube domain" "$COMPLETION_FILE"; then PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") fi - if [ $PEERTUBE_DOMAIN_NAME ]; then - suspend_site ${PEERTUBE_DOMAIN_NAME} + if [ "$PEERTUBE_DOMAIN_NAME" ]; then + suspend_site "${PEERTUBE_DOMAIN_NAME}" systemctl stop peertube USE_POSTGRESQL=1 @@ -259,7 +260,7 @@ function restore_local_peertube { function backup_remote_peertube { PEERTUBE_DOMAIN_NAME='peertube.local' - if grep -q "peertube domain" $COMPLETION_FILE; then + if grep -q "peertube domain" "$COMPLETION_FILE"; then PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") fi @@ -272,7 +273,7 @@ function backup_remote_peertube { temp_backup_dir=$PEERTUBE_DIR/videos if [ -d $temp_backup_dir ]; then systemctl stop peertube - suspend_site ${PEERTUBE_DOMAIN_NAME} + suspend_site "${PEERTUBE_DOMAIN_NAME}" backup_directory_to_friend $temp_backup_dir peertubevideos restart_site systemctl start peertube @@ -284,13 +285,14 @@ function backup_remote_peertube { function restore_remote_peertube { PEERTUBE_DOMAIN_NAME='peertube.local' - if grep -q "peertube domain" $COMPLETION_FILE; then + if grep -q "peertube domain" "$COMPLETION_FILE"; then PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain") fi - suspend_site ${PEERTUBE_DOMAIN_NAME} + suspend_site "${PEERTUBE_DOMAIN_NAME}" systemctl stop peertube + # shellcheck disable=SC2034 USE_POSTGRESQL=1 function_check restore_database_from_friend restore_database_from_friend peertube @@ -326,20 +328,20 @@ function remove_peertube { remove_nodejs peertube read_config_param "PEERTUBE_DOMAIN_NAME" - nginx_dissite $PEERTUBE_DOMAIN_NAME - remove_certs ${PEERTUBE_DOMAIN_NAME} - if [ -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME ]; then - rm -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME + nginx_dissite "$PEERTUBE_DOMAIN_NAME" + remove_certs "${PEERTUBE_DOMAIN_NAME}" + if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then + rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" fi - if [ -d /var/www/$PEERTUBE_DOMAIN_NAME ]; then - rm -rf /var/www/$PEERTUBE_DOMAIN_NAME + if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then + rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME" fi remove_config_param PEERTUBE_DOMAIN_NAME remove_config_param PEERTUBE_CODE function_check remove_onion_service remove_onion_service peertube ${PEERTUBE_ONION_PORT} remove_completion_param "install_peertube" - sed -i '/peertube/d' $COMPLETION_FILE + sed -i '/peertube/d' "$COMPLETION_FILE" function_check drop_database_postgresql drop_database_postgresql peertube peertube @@ -352,188 +354,189 @@ function remove_peertube { fi function_check remove_ddns_domain - remove_ddns_domain $PEERTUBE_DOMAIN_NAME + remove_ddns_domain "$PEERTUBE_DOMAIN_NAME" } function peertube_setup_web { peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > $peertube_nginx_file - echo ' listen 80;' >> $peertube_nginx_file - echo ' listen [::]:80;' >> $peertube_nginx_file - echo " server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file - echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $peertube_nginx_file - echo '}' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo 'server {' >> $peertube_nginx_file - echo ' listen 443 ssl http2;' >> $peertube_nginx_file - echo ' #listen [::]:443 ssl http2;' >> $peertube_nginx_file - echo " server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file - echo '' >> $peertube_nginx_file + { echo 'server {'; + echo ' listen 80;'; + echo ' listen [::]:80;'; + echo " server_name $PEERTUBE_DOMAIN_NAME;"; + echo " rewrite ^ https://\$server_name\$request_uri? permanent;"; + echo '}'; + echo ''; + echo 'server {'; + echo ' listen 443 ssl http2;'; + echo ' #listen [::]:443 ssl http2;'; + echo " server_name $PEERTUBE_DOMAIN_NAME;"; + echo ''; } > "$peertube_nginx_file" function_check nginx_ssl - nginx_ssl $PEERTUBE_DOMAIN_NAME mobile + nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile function_check nginx_disable_sniffing - nginx_disable_sniffing $PEERTUBE_DOMAIN_NAME + nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' location / {' >> $peertube_nginx_file - echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file - echo ' proxy_set_header Host $host;' >> $peertube_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' # For the video upload' >> $peertube_nginx_file - echo ' client_max_body_size 2G;' >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' location /static/webseed {' >> $peertube_nginx_file - echo " if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file - echo " add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file - echo " add_header 'Content-Length' 0;" >> $peertube_nginx_file - echo ' return 204;' >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo " if (\$request_method = 'GET') {" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo " alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' # Websocket tracker' >> $peertube_nginx_file - echo ' location /tracker/socket {' >> $peertube_nginx_file - echo ' # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file - echo ' # Dont close the websocket before this time' >> $peertube_nginx_file - echo ' proxy_read_timeout 1200s;' >> $peertube_nginx_file - echo ' proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file - echo ' proxy_set_header Connection "upgrade";' >> $peertube_nginx_file - echo ' proxy_http_version 1.1;' >> $peertube_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file - echo ' proxy_set_header Host $host;' >> $peertube_nginx_file - echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '}' >> $peertube_nginx_file + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' location / {'; + echo " proxy_pass http://localhost:${PEERTUBE_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # For the video upload'; + echo ' client_max_body_size 2G;'; + echo ' }'; + echo ''; + echo ' location /static/webseed {'; + echo " if (\$request_method = 'OPTIONS') {"; + echo " add_header 'Access-Control-Allow-Origin' '*';"; + echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';"; + echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';"; + echo " add_header 'Access-Control-Max-Age' 1728000;"; + echo " add_header 'Content-Type' 'text/plain charset=UTF-8';"; + echo " add_header 'Content-Length' 0;"; + echo ' return 204;'; + echo ' }'; + echo ''; + echo " if (\$request_method = 'GET') {"; + echo " add_header 'Access-Control-Allow-Origin' '*';"; + echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';"; + echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';"; + echo ' }'; + echo ''; + echo " alias $PEERTUBE_DIR/videos;"; + echo ' }'; + echo ''; + echo ' # Websocket tracker'; + echo ' location /tracker/socket {'; + echo ' # Peers send a message to the tracker every 15 minutes'; + echo ' # Dont close the websocket before this time'; + echo ' proxy_read_timeout 1200s;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection "upgrade";'; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_pass http://localhost:${PEERTUBE_PORT};"; + echo ' }'; + echo '}'; } >> "$peertube_nginx_file" else - echo -n '' > $peertube_nginx_file + echo -n '' > "$peertube_nginx_file" fi - echo 'server {' >> $peertube_nginx_file - echo " listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;" >> $peertube_nginx_file - echo " server_name $PEERTUBE_ONION_HOSTNAME;" >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' location / {' >> $peertube_nginx_file - echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file - echo ' proxy_set_header Host $host;' >> $peertube_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' # For the video upload' >> $peertube_nginx_file - echo ' client_max_body_size 2G;' >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' location /static/webseed {' >> $peertube_nginx_file - echo " if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file - echo " add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file - echo " add_header 'Content-Length' 0;" >> $peertube_nginx_file - echo ' return 204;' >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo " if (\$request_method = 'GET') {" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo " alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' # Websocket tracker' >> $peertube_nginx_file - echo ' location /tracker/socket {' >> $peertube_nginx_file - echo ' # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file - echo ' # Dont close the websocket before this time' >> $peertube_nginx_file - echo ' proxy_read_timeout 1200s;' >> $peertube_nginx_file - echo ' proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file - echo ' proxy_set_header Connection "upgrade";' >> $peertube_nginx_file - echo ' proxy_http_version 1.1;' >> $peertube_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file - echo ' proxy_set_header Host $host;' >> $peertube_nginx_file - echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '}' >> $peertube_nginx_file + { echo 'server {'; + echo " listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;"; + echo " server_name $PEERTUBE_ONION_HOSTNAME;"; + echo ''; + echo ' location / {'; + echo " proxy_pass http://localhost:${PEERTUBE_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # For the video upload'; + echo ' client_max_body_size 2G;'; + echo ' }'; + echo ''; + echo ' location /static/webseed {'; + echo " if (\$request_method = 'OPTIONS') {"; + echo " add_header 'Access-Control-Allow-Origin' '*';"; + echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';"; + echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';"; + echo " add_header 'Access-Control-Max-Age' 1728000;"; + echo " add_header 'Content-Type' 'text/plain charset=UTF-8';"; + echo " add_header 'Content-Length' 0;"; + echo ' return 204;'; + echo ' }'; + echo ''; + echo " if (\$request_method = 'GET') {"; + echo " add_header 'Access-Control-Allow-Origin' '*';"; + echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';"; + echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';"; + echo ' }'; + echo ''; + echo " alias $PEERTUBE_DIR/videos;"; + echo ' }'; + echo ''; + echo ' # Websocket tracker'; + echo ' location /tracker/socket {'; + echo ' # Peers send a message to the tracker every 15 minutes'; + echo ' # Dont close the websocket before this time'; + echo ' proxy_read_timeout 1200s;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection "upgrade";'; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_pass http://localhost:${PEERTUBE_PORT};"; + echo ' }'; + echo '}'; } >> "$peertube_nginx_file" # CSP currently causes an error - sed -i '/Content-Security-Policy/d' $peertube_nginx_file + sed -i '/Content-Security-Policy/d' "$peertube_nginx_file" function_check create_site_certificate - create_site_certificate $PEERTUBE_DOMAIN_NAME 'yes' + create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes' function_check nginx_ensite - nginx_ensite $PEERTUBE_DOMAIN_NAME + nginx_ensite "$PEERTUBE_DOMAIN_NAME" } function mesh_peertube_setup_web { + # shellcheck disable=SC2154 peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube - echo 'server {' >> $peertube_nginx_file - echo " listen $MESH_PEERTUBE_PORT http2;" >> $peertube_nginx_file - echo ' listen [::]:$MESH_PEERTUBE_PORT http2;' >> $peertube_nginx_file - echo ' server_name $HOSTNAME;' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' location / {' >> $peertube_nginx_file - echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file - echo ' proxy_set_header Host $host;' >> $peertube_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' # For the video upload' >> $peertube_nginx_file - echo ' client_max_body_size 2G;' >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' location /static/webseed {' >> $peertube_nginx_file - echo " if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file - echo " add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file - echo " add_header 'Content-Length' 0;" >> $peertube_nginx_file - echo ' return 204;' >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo " if (\$request_method = 'GET') {" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file - echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo " alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '' >> $peertube_nginx_file - echo ' # Websocket tracker' >> $peertube_nginx_file - echo ' location /tracker/socket {' >> $peertube_nginx_file - echo ' # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file - echo ' # Dont close the websocket before this time' >> $peertube_nginx_file - echo ' proxy_read_timeout 1200s;' >> $peertube_nginx_file - echo ' proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file - echo ' proxy_set_header Connection "upgrade";' >> $peertube_nginx_file - echo ' proxy_http_version 1.1;' >> $peertube_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file - echo ' proxy_set_header Host $host;' >> $peertube_nginx_file - echo " proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file - echo ' }' >> $peertube_nginx_file - echo '}' >> $peertube_nginx_file + { echo 'server {'; + echo " listen $MESH_PEERTUBE_PORT http2;"; + echo " listen [::]:\$MESH_PEERTUBE_PORT http2;"; + echo " server_name \$HOSTNAME;"; + echo ''; + echo ' location / {'; + echo " proxy_pass http://localhost:${PEERTUBE_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # For the video upload'; + echo ' client_max_body_size 2G;'; + echo ' }'; + echo ''; + echo ' location /static/webseed {'; + echo " if (\$request_method = 'OPTIONS') {"; + echo " add_header 'Access-Control-Allow-Origin' '*';"; + echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';"; + echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';"; + echo " add_header 'Access-Control-Max-Age' 1728000;"; + echo " add_header 'Content-Type' 'text/plain charset=UTF-8';"; + echo " add_header 'Content-Length' 0;"; + echo ' return 204;'; + echo ' }'; + echo ''; + echo " if (\$request_method = 'GET') {"; + echo " add_header 'Access-Control-Allow-Origin' '*';"; + echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';"; + echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';"; + echo ' }'; + echo ''; + echo " alias $PEERTUBE_DIR/videos;"; + echo ' }'; + echo ''; + echo ' # Websocket tracker'; + echo ' location /tracker/socket {'; + echo ' # Peers send a message to the tracker every 15 minutes'; + echo ' # Dont close the websocket before this time'; + echo ' proxy_read_timeout 1200s;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo " proxy_set_header Connection \"upgrade\";"; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_pass http://localhost:${PEERTUBE_PORT};"; + echo ' }'; + echo '}'; } > "$peertube_nginx_file" } function peertube_create_config { @@ -541,84 +544,84 @@ function peertube_create_config { peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml - echo 'listen:' > $peertube_config_file - echo " port: $PEERTUBE_PORT" >> $peertube_config_file - echo '' >> $peertube_config_file - echo '# Correspond to your reverse proxy "listen" configuration' >> $peertube_config_file - echo 'webserver:' >> $peertube_config_file - if [ ! $peertube_prefix ]; then - if [[ $ONION_ONLY == 'no' ]]; then - echo ' https: true' >> $peertube_config_file - echo " hostname: '$PEERTUBE_DOMAIN_NAME'" >> $peertube_config_file - echo ' port: 443' >> $peertube_config_file + { echo 'listen:'; + echo " port: $PEERTUBE_PORT"; + echo ''; + echo '# Correspond to your reverse proxy "listen" configuration'; + echo 'webserver:'; } > "$peertube_config_file" + if [ ! "$peertube_prefix" ]; then + if [[ "$ONION_ONLY" == 'no' ]]; then + { echo ' https: true'; + echo " hostname: '$PEERTUBE_DOMAIN_NAME'"; + echo ' port: 443'; } >> "$peertube_config_file" else - echo ' https: false' >> $peertube_config_file - echo " hostname: '$PEERTUBE_ONION_HOSTNAME'" >> $peertube_config_file - echo ' port: 80' >> $peertube_config_file + { echo ' https: false'; + echo " hostname: '$PEERTUBE_ONION_HOSTNAME'"; + echo ' port: 80'; } >> "$peertube_config_file" fi else - echo ' https: false' >> $peertube_config_file - echo " hostname: ''" >> $peertube_config_file - echo " port: $MESH_PEERTUBE_PORT" >> $peertube_config_file + { echo ' https: false'; + echo " hostname: ''"; + echo " port: $MESH_PEERTUBE_PORT"; } >> "$peertube_config_file" fi - echo '' >> $peertube_config_file - echo '# Your database name will be "peertube"+database.suffix' >> $peertube_config_file - echo 'database:' >> $peertube_config_file - echo " hostname: 'localhost'" >> $peertube_config_file - echo ' port: 5432' >> $peertube_config_file - echo " suffix: ''" >> $peertube_config_file - echo " username: 'peertube'" >> $peertube_config_file - if [ ! $peertube_prefix ]; then - echo " password: '$PEERTUBE_ADMIN_PASSWORD'" >> $peertube_config_file + { echo ''; + echo '# Your database name will be "peertube"+database.suffix'; + echo 'database:'; + echo " hostname: 'localhost'"; + echo ' port: 5432'; + echo " suffix: ''"; + echo " username: 'peertube'"; } >> "$peertube_config_file" + if [ ! "$peertube_prefix" ]; then + echo " password: '$PEERTUBE_ADMIN_PASSWORD'" >> "$peertube_config_file" else - echo " password: ''" >> $peertube_config_file + echo " password: ''" >> "$peertube_config_file" fi - echo '' >> $peertube_config_file - echo '# From the project root directory' >> $peertube_config_file - echo 'storage:' >> $peertube_config_file - echo " certs: 'certs/'" >> $peertube_config_file - echo " videos: 'videos/'" >> $peertube_config_file - echo " logs: 'logs/'" >> $peertube_config_file - echo " previews: 'previews/'" >> $peertube_config_file - echo " thumbnails: 'thumbnails/'" >> $peertube_config_file - echo " torrents: 'torrents/'" >> $peertube_config_file - echo " cache: 'cache/'" >> $peertube_config_file - echo '' >> $peertube_config_file - echo 'cache:' >> $peertube_config_file - echo ' previews:' >> $peertube_config_file - echo ' size: 10 # Max number of previews you want to cache' >> $peertube_config_file - echo '' >> $peertube_config_file - echo 'admin:' >> $peertube_config_file - # This is deliberately a dummy email address - echo " email: 'testuser@testdomain.net'" >> $peertube_config_file - echo '' >> $peertube_config_file - echo 'signup:' >> $peertube_config_file - echo ' enabled: true' >> $peertube_config_file - echo ' limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited' >> $peertube_config_file - echo '' >> $peertube_config_file - echo 'user:' >> $peertube_config_file - echo ' # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).' >> $peertube_config_file - echo ' # -1 == unlimited' >> $peertube_config_file - echo ' video_quota: -1' >> $peertube_config_file - echo '' >> $peertube_config_file - echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag' >> $peertube_config_file - echo '# Uses a lot of CPU!' >> $peertube_config_file - echo 'transcoding:' >> $peertube_config_file - echo ' enabled: true' >> $peertube_config_file - echo ' threads: 2' >> $peertube_config_file - echo ' resolutions: # Only created if the original video has a higher resolution' >> $peertube_config_file - echo ' 240p: true' >> $peertube_config_file - echo ' 360p: false' >> $peertube_config_file - echo ' 480p: false' >> $peertube_config_file - echo ' 720p: false' >> $peertube_config_file - echo ' 1080p: false' >> $peertube_config_file + { echo ''; + echo '# From the project root directory'; + echo 'storage:'; + echo " certs: 'certs/'"; + echo " videos: 'videos/'"; + echo " logs: 'logs/'"; + echo " previews: 'previews/'"; + echo " thumbnails: 'thumbnails/'"; + echo " torrents: 'torrents/'"; + echo " cache: 'cache/'"; + echo ''; + echo 'cache:'; + echo ' previews:'; + echo ' size: 10 # Max number of previews you want to cache'; + echo ''; + echo 'admin:'; + # This is deliberately a dummy email address + echo " email: 'testuser@testdomain.net'"; + echo ''; + echo 'signup:'; + echo ' enabled: true'; + echo ' limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited'; + echo ''; + echo 'user:'; + echo ' # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).'; + echo ' # -1 == unlimited'; + echo ' video_quota: -1'; + echo ''; + echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag'; + echo '# Uses a lot of CPU!'; + echo 'transcoding:'; + echo ' enabled: true'; + echo ' threads: 2'; + echo ' resolutions: # Only created if the original video has a higher resolution'; + echo ' 240p: true'; + echo ' 360p: false'; + echo ' 480p: false'; + echo ' 720p: false'; + echo ' 1080p: false'; } >> "$peertube_config_file" } function mesh_install_peertube { - if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then + if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then return fi - if [[ $ARCHITECTURE != 'x86_64' && $ARCHITECTURE != 'amd64' ]]; then + if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then return fi @@ -627,22 +630,21 @@ function mesh_install_peertube { function_check install_postgresql install_postgresql - if [ -d $rootdir$PEERTUBE_DIR ]; then - rm -rf $rootdir$PEERTUBE_DIR + if [ -d "$rootdir$PEERTUBE_DIR" ]; then + rm -rf "$rootdir$PEERTUBE_DIR" fi - git clone $PEERTUBE_REPO $rootdir$PEERTUBE_DIR + git clone "$PEERTUBE_REPO" "$rootdir$PEERTUBE_DIR" chroot "$rootdir" groupadd peertube chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube - cd $rootdir$PEERTUBE_DIR + cd "$rootdir$PEERTUBE_DIR" || exit 246824524 git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT - get_npm_arch - cat < $rootdir/usr/bin/install_peertube + cat < "$rootdir/usr/bin/install_peertube" #!/bin/bash cd $PEERTUBE_DIR curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - @@ -683,34 +685,33 @@ if [ ! "\$?" = "0" ]; then exit 5293593 fi EOF - chmod +x $rootdir/usr/bin/install_peertube - chroot "$rootdir" /usr/bin/install_peertube - if [ ! "$?" = "0" ]; then + chmod +x "$rootdir/usr/bin/install_peertube" + if ! chroot "$rootdir" /usr/bin/install_peertube; then echo $'PeerTube install failed' exit 735638 fi - echo '[Unit]' > $rootdir/etc/systemd/system/peertube.service - echo 'Description=PeerTube Decentralized video streaming platform' >> $rootdir/etc/systemd/system/peertube.service - echo 'After=syslog.target' >> $rootdir/etc/systemd/system/peertube.service - echo 'After=network.target' >> $rootdir/etc/systemd/system/peertube.service - echo '' >> $rootdir/etc/systemd/system/peertube.service - echo '[Service]' >> $rootdir/etc/systemd/system/peertube.service - echo 'User=peertube' >> $rootdir/etc/systemd/system/peertube.service - echo 'Group=peertube' >> $rootdir/etc/systemd/system/peertube.service - echo "WorkingDirectory=$PEERTUBE_DIR" >> $rootdir/etc/systemd/system/peertube.service - echo "ExecStart=/usr/local/bin/npm start" >> $rootdir/etc/systemd/system/peertube.service - echo "ExecStop=/usr/local/bin/npm stop" >> $rootdir/etc/systemd/system/peertube.service - echo 'StandardOutput=syslog' >> $rootdir/etc/systemd/system/peertube.service - echo 'StandardError=syslog' >> $rootdir/etc/systemd/system/peertube.service - echo 'SyslogIdentifier=peertube' >> $rootdir/etc/systemd/system/peertube.service - echo 'Restart=always' >> $rootdir/etc/systemd/system/peertube.service - echo "Environment=NODE_ENV=production" >> $rootdir/etc/systemd/system/peertube.service - echo '' >> $rootdir/etc/systemd/system/peertube.service - echo '[Install]' >> $rootdir/etc/systemd/system/peertube.service - echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/peertube.service + { echo '[Unit]'; + echo 'Description=PeerTube Decentralized video streaming platform'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=peertube'; + echo 'Group=peertube'; + echo "WorkingDirectory=$PEERTUBE_DIR"; + echo "ExecStart=/usr/local/bin/npm start"; + echo "ExecStop=/usr/local/bin/npm stop"; + echo 'StandardOutput=syslog'; + echo 'StandardError=syslog'; + echo 'SyslogIdentifier=peertube'; + echo 'Restart=always'; + echo "Environment=NODE_ENV=production"; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/peertube.service" - peertube_create_config $rootdir + peertube_create_config "$rootdir" chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR @@ -730,7 +731,7 @@ function install_peertube { ONION_ONLY='no' fi - if [ ! $PEERTUBE_DOMAIN_NAME ]; then + if [ ! "$PEERTUBE_DOMAIN_NAME" ]; then echo $'The peertube domain name was not specified' exit 783523 fi @@ -740,8 +741,8 @@ function install_peertube { function_check install_postgresql install_postgresql - if [ ! -d /var/www/$PEERTUBE_DOMAIN_NAME/htdocs ]; then - mkdir -p /var/www/$PEERTUBE_DOMAIN_NAME/htdocs + if [ ! -d "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" ]; then + mkdir -p "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" fi if [ -d $PEERTUBE_DIR ]; then @@ -759,60 +760,56 @@ function install_peertube { if [ -d /repos/peertube ]; then mkdir -p $PEERTUBE_DIR cp -r -p /repos/peertube/. $PEERTUBE_DIR - cd $PEERTUBE_DIR + cd "$PEERTUBE_DIR" || exit 642874682 git pull else function_check git_clone git_clone $PEERTUBE_REPO $PEERTUBE_DIR fi - cd $PEERTUBE_DIR + cd "$PEERTUBE_DIR" || exit 27492742 git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT set_completion_param "peertube commit" "$PEERTUBE_COMMIT" - npm install -g yarn - if [ ! "$?" = "0" ]; then + if ! npm install -g yarn; then echo $'Failed to install yarn' exit 79353234 fi yarn add -D webpack --network-concurrency 1 - yarn install - if [ ! "$?" = "0" ]; then + if ! yarn install; then echo $'Failed to run yarn install' exit 63754235 fi - npm install - if [ ! "$?" = "0" ]; then + if ! npm install; then echo $'Failed to install peertube' exit 7835243 fi - npm run build - if [ ! "$?" = "0" ]; then + if ! npm run build; then echo $'Failed to build peertube' exit 5293593 fi PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT}) - echo '[Unit]' > /etc/systemd/system/peertube.service - echo 'Description=PeerTube Decentralized video streaming platform' >> /etc/systemd/system/peertube.service - echo 'After=syslog.target' >> /etc/systemd/system/peertube.service - echo 'After=network.target' >> /etc/systemd/system/peertube.service - echo '' >> /etc/systemd/system/peertube.service - echo '[Service]' >> /etc/systemd/system/peertube.service - echo 'User=peertube' >> /etc/systemd/system/peertube.service - echo 'Group=peertube' >> /etc/systemd/system/peertube.service - echo "WorkingDirectory=$PEERTUBE_DIR" >> /etc/systemd/system/peertube.service - echo "ExecStart=/usr/local/bin/npm start" >> /etc/systemd/system/peertube.service - echo "ExecStop=/usr/local/bin/npm stop" >> /etc/systemd/system/peertube.service - echo 'StandardOutput=syslog' >> /etc/systemd/system/peertube.service - echo 'StandardError=syslog' >> /etc/systemd/system/peertube.service - echo 'SyslogIdentifier=peertube' >> /etc/systemd/system/peertube.service - echo 'Restart=always' >> /etc/systemd/system/peertube.service - echo "Environment=NODE_ENV=production" >> /etc/systemd/system/peertube.service - echo '' >> /etc/systemd/system/peertube.service - echo '[Install]' >> /etc/systemd/system/peertube.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/peertube.service + { echo '[Unit]'; + echo 'Description=PeerTube Decentralized video streaming platform'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=peertube'; + echo 'Group=peertube'; + echo "WorkingDirectory=$PEERTUBE_DIR"; + echo "ExecStart=/usr/local/bin/npm start"; + echo "ExecStop=/usr/local/bin/npm stop"; + echo 'StandardOutput=syslog'; + echo 'StandardError=syslog'; + echo 'SyslogIdentifier=peertube'; + echo 'Restart=always'; + echo "Environment=NODE_ENV=production"; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/peertube.service peertube_create_config @@ -820,10 +817,10 @@ function install_peertube { peertube_setup_web - ${PROJECT_NAME}-pass -u $MY_USERNAME -a peertube -p "$PEERTUBE_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a peertube -p "$PEERTUBE_ADMIN_PASSWORD" function_check add_ddns_domain - add_ddns_domain $PEERTUBE_DOMAIN_NAME + add_ddns_domain "$PEERTUBE_DOMAIN_NAME" systemctl enable peertube systemctl daemon-reload diff --git a/src/freedombone-app-pelican b/src/freedombone-app-pelican index bcc66de1..6019b1cf 100755 --- a/src/freedombone-app-pelican +++ b/src/freedombone-app-pelican @@ -50,12 +50,12 @@ pelican_variables=(MY_USERNAME PELICAN_BLOG_CODE) function pelican_remove_bad_blog_links { - find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \; - find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \; - find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \; - find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \; - find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \; - find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \; + find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \; + find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \; + find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \; + find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \; + find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \; + find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \; } function logging_on_pelican { @@ -73,104 +73,104 @@ function install_pelican_website { fi function_check nginx_http_redirect nginx_http_redirect $PELICAN_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;"; + echo " server_name ${PELICAN_DOMAIN_NAME};"; + echo ' access_log /dev/null;'; + echo " error_log /dev/null;"; + echo ' index index.html;'; + echo ' charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME" function_check nginx_ssl - nginx_ssl $PELICAN_DOMAIN_NAME + nginx_ssl "$PELICAN_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $PELICAN_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME + nginx_disable_sniffing "$PELICAN_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security "max-age=0;";'; + echo ''; + echo ' location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME" function_check nginx_limits - nginx_limits $PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME + nginx_limits "$PELICAN_DOMAIN_NAME" + { echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' location ~ /(data|conf|bin|inc)/ {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; + echo ''; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME" function_check create_site_certificate - create_site_certificate $PELICAN_DOMAIN_NAME 'yes' + create_site_certificate "$PELICAN_DOMAIN_NAME" 'yes' } function install_pelican_website_onion { - echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME + { echo 'server {'; + echo " listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;"; + echo " root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;"; + echo " server_name ${PELICAN_DOMAIN_NAME};"; + echo ' access_log /dev/null;'; + echo " error_log /dev/null;"; + echo ' index index.html;'; + echo ' charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $PELICAN_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME + nginx_disable_sniffing "$PELICAN_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security "max-age=0;";'; + echo ''; + echo ' location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME" function_check nginx_limits - nginx_limits $PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME + nginx_limits "$PELICAN_DOMAIN_NAME" + { echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' location ~ /(data|conf|bin|inc)/ {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME" } function pelican_editor_config { if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then - echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq org-support-shift-select t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq standard-indent 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq-default tab-width 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq c-basic-offset 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(mouse-wheel-mode t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq make-backup-files t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq version-control t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo "(setq default-major-mode 'text-mode)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo "(dolist (hook '(text-mode-hook))" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq-default fill-column 72)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo '(setq auto-fill-mode 0)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican - echo "(setq-default auto-fill-function 'do-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican + { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)"; + echo '(setq org-support-shift-select t)'; + echo '(setq standard-indent 4)'; + echo '(setq-default tab-width 4)'; + echo '(setq c-basic-offset 4)'; + echo '(mouse-wheel-mode t)'; + echo '(setq make-backup-files t)'; + echo '(setq version-control t)'; + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))'; + echo "(setq default-major-mode 'text-mode)"; + echo "(dolist (hook '(text-mode-hook))"; + echo ' (add-hook hook (lambda () (flyspell-mode 1))))'; + echo '(setq-default fill-column 72)'; + echo '(setq auto-fill-mode 0)'; + echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)"; + echo "(setq-default auto-fill-function 'do-auto-fill)"; } > "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" fi } @@ -179,7 +179,7 @@ function pelican_regenerate_blog { echo '' echo $'Regenerating blog...' - cd $PELICAN_BLOG_INSTALL_DIR + cd "$PELICAN_BLOG_INSTALL_DIR" || exit 463856348 make html cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/ chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs @@ -189,19 +189,19 @@ function pelican_new_blog { DATESTR=$(date "+%Y-%m-%d %H:%M:%S") if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then - echo $'Title: Blog Post Title' > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $"Date: ${DATESTR}" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $"Author: $(toxid --showuser)" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $'Category: default' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $'Tags: blog, tag' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $'Add your text here' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo -n $'To include an image copy it into the /etc/blog/content/images directory, ' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $'then link to it with:' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo $'![My image]({filename}images/myimage.jpg)' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry - echo '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry + { echo $'Title: Blog Post Title'; + echo $"Date: ${DATESTR}"; + echo $"Author: $(toxid --showuser)"; + echo $'Category: default'; + echo $'Tags: blog, tag'; + echo ''; + echo $'Add your text here'; + echo ''; + echo -n $'To include an image copy it into the /etc/blog/content/images directory, '; + echo $'then link to it with:'; + echo ''; + echo $'![My image]({filename}images/myimage.jpg)'; + echo ''; } > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry fi if [ -f /usr/bin/emacs ]; then @@ -222,7 +222,7 @@ function pelican_new_blog { # move to the content directory CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX) - mv $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md + mv "$PELICAN_BLOG_INSTALL_DIR/.new-blog-entry" "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md" # increment the index CURRENT_INDEX=$((CURRENT_INDEX + 1)) @@ -238,14 +238,14 @@ function pelican_edit_blog { CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX) PREVIOUS_INDEX=$((CURRENT_INDEX - 1)) LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md - if [ ! -f $LAST_BLOG_ENTRY ]; then + if [ ! -f "$LAST_BLOG_ENTRY" ]; then return fi if [ -f /usr/bin/emacs ]; then - emacs -q --load $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican $LAST_BLOG_ENTRY + emacs -q --load "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" "$LAST_BLOG_ENTRY" else - editor $LAST_BLOG_ENTRY + editor "$LAST_BLOG_ENTRY" fi pelican_regenerate_blog @@ -258,18 +258,18 @@ function pelican_delete_blog { CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX) PREVIOUS_INDEX=$((CURRENT_INDEX - 1)) LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md - if [ ! -f $LAST_BLOG_ENTRY ]; then + if [ ! -f "$LAST_BLOG_ENTRY" ]; then return fi dialog --title $"Delete the previous blog entry" \ --backtitle $"Freedombone Mesh" \ --defaultno \ - --yesno $"\nAre you sure that you wish to delete the previous blog entry?" 8 60 + --yesno $"\\nAre you sure that you wish to delete the previous blog entry?" 8 60 sel=$? case $sel in - 0) rm $LAST_BLOG_ENTRY - if [ $CURRENT_INDEX -gt 0 ]; then + 0) rm "$LAST_BLOG_ENTRY" + if [ "$CURRENT_INDEX" -gt 0 ]; then CURRENT_INDEX=$PREVIOUS_INDEX echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX else @@ -297,8 +297,8 @@ function pelican_change_theme { for a in "${THEMES[@]}" do is_selected='off' - if [ $curr_theme_index ]; then - if [ $n -eq $curr_theme_index ]; then + if [ "$curr_theme_index" ]; then + if [ $n -eq "$curr_theme_index" ]; then is_selected='on' fi else @@ -308,28 +308,30 @@ function pelican_change_theme { fi themelist="$themelist $n $a $is_selected" - n=$[n+1] - theme_index=$[theme_index+1] + n=$((n+1)) + theme_index=$((theme_index+1)) done - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Mesh" \ --title $"Select Blog Theme" \ --radiolist $'Choose:' \ - 80 40 20 $themelist 2> $data + 80 40 20 "$themelist" 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - CHOSEN_THEME_INDEX=$(cat $data) + CHOSEN_THEME_INDEX=$(cat "$data") + rm -f "$data" echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1)) CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]} - cd $PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME + cd "$PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME" || exit 2648268284 pelican_remove_bad_blog_links if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then @@ -341,8 +343,7 @@ function pelican_change_theme { } function configure_interactive_pelican { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Configuration" \ --title $"Pelican Blogging" \ --radiolist $"Choose an operation:" 18 50 11 \ @@ -350,23 +351,25 @@ function configure_interactive_pelican { 2 $"Edit the previous blog entry" off \ 3 $"Delete the previous blog entry" off \ 4 $"Change theme" off \ - 5 $"Exit" off 2> $data + 5 $"Exit" off 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - case $(cat $data) in + case $(cat "$data") in 1) pelican_new_blog;; 2) pelican_edit_blog;; 3) pelican_delete_blog;; 4) pelican_change_theme;; - 5) break;; esac + rm -f "$data" } function install_interactive_pelican { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -376,42 +379,43 @@ function install_interactive_pelican { PELICAN_DETAILS_COMPLETE= while [ ! $PELICAN_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Pelican Blog Configuration" \ - --form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"Pelican Blog Configuration" \ - --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $PELICAN_DOMAIN_NAME ]; then + PELICAN_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$PELICAN_DOMAIN_NAME" ]; then if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then PELICAN_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$PELICAN_DOMAIN_NAME" ]]; then PELICAN_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - PELICAN_BLOG_CODE=$(cat $data | sed -n 2p) + PELICAN_BLOG_CODE=$(sed -n 2p < "$data") validate_freedns_code "$PELICAN_BLOG_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then PELICAN_DOMAIN_NAME= fi fi @@ -420,6 +424,7 @@ function install_interactive_pelican { if [ $PELICAN_DOMAIN_NAME ]; then PELICAN_DETAILS_COMPLETE="yes" fi + rm -f "$data" done # save the results in the config file @@ -454,7 +459,7 @@ function backup_local_pelican { function restore_local_pelican { if [ -d /etc/blog ]; then - if [ -d $USB_MOUNT_DLNA/backup/pelican ]; then + if [ -d "$USB_MOUNT_DLNA/backup/pelican" ]; then temp_restore_dir=/root/temppelican function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir pelican @@ -463,6 +468,7 @@ function restore_local_pelican { else cp -r $temp_restore_dir/* /etc/blog/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -475,7 +481,7 @@ function restore_local_pelican { fi fi if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then - if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then + if [ -d "$USB_MOUNT_DLNA/backup/pelican-site" ]; then temp_restore_dir=/root/temppelican-site function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir pelican-site @@ -484,6 +490,7 @@ function restore_local_pelican { else cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -508,7 +515,7 @@ function backup_remote_pelican { function restore_remote_pelican { if [ -d /etc/blog ]; then - if [ -d $SERVER_DIRECTORY/backup/pelican ]; then + if [ -d "$SERVER_DIRECTORY/backup/pelican" ]; then temp_restore_dir=/root/temppelican function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir pelican @@ -517,6 +524,7 @@ function restore_remote_pelican { else cp -r $temp_restore_dir/* /etc/blog/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 782352 fi @@ -524,7 +532,7 @@ function restore_remote_pelican { fi fi if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then - if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then + if [ -d "$SERVER_DIRECTORY/backup/pelican-site" ]; then temp_restore_dir=/root/temppelican-site function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir pelican-site @@ -533,6 +541,7 @@ function restore_remote_pelican { else cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 76382562 fi @@ -561,112 +570,112 @@ function remove_pelican { } function create_pelican_conf { - STATIC_BLOG_FILE=$1 + STATIC_BLOG_FILE="$1" - echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE - echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE - echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo "AUTHOR=u\"$MY_USERNAME\"" >> $STATIC_BLOG_FILE - echo "SITENAME=u'$DEFAULT_BLOG_TITLE'" >> $STATIC_BLOG_FILE - echo "SITEURL=''" >> $STATIC_BLOG_FILE - echo "PATH='content'" >> $STATIC_BLOG_FILE - echo 'TIMEZONE=u"Europe/London"' >> $STATIC_BLOG_FILE - echo "DEFAULT_LANG=u'en'" >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'FEED_ALL_ATOM=None' >> $STATIC_BLOG_FILE - echo 'CATEGORY_FEED_ATOM=None' >> $STATIC_BLOG_FILE - echo 'TRANSLATION_FEED_ATOM=None' >> $STATIC_BLOG_FILE - echo 'AUTHOR_FEED_ATOM=None' >> $STATIC_BLOG_FILE - echo 'AUTHOR_FEED_RSS=None' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'DEFAULT_PAGINATION=False' >> $STATIC_BLOG_FILE - echo 'RELATIVE_URLS=True' >> $STATIC_BLOG_FILE - echo "THEME='themes/nice-blog'" >> $STATIC_BLOG_FILE + { echo '#!/usr/bin/env python'; + echo '# -*- coding: utf-8 -*- #'; + echo 'from __future__ import unicode_literals'; + echo ''; + echo "AUTHOR=u\"$MY_USERNAME\""; + echo "SITENAME=u'$DEFAULT_BLOG_TITLE'"; + echo "SITEURL=''"; + echo "PATH='content'"; + echo 'TIMEZONE=u"Europe/London"'; + echo "DEFAULT_LANG=u'en'"; + echo ''; + echo 'FEED_ALL_ATOM=None'; + echo 'CATEGORY_FEED_ATOM=None'; + echo 'TRANSLATION_FEED_ATOM=None'; + echo 'AUTHOR_FEED_ATOM=None'; + echo 'AUTHOR_FEED_RSS=None'; + echo ''; + echo 'DEFAULT_PAGINATION=False'; + echo 'RELATIVE_URLS=True'; + echo "THEME='themes/nice-blog'"; } > "$STATIC_BLOG_FILE" } function create_pelican_makefile { - STATIC_BLOG_FILE=$1 + STATIC_BLOG_FILE="$1" - echo 'PY?=python' > $STATIC_BLOG_FILE - echo 'PELICAN?=pelican' >> $STATIC_BLOG_FILE - echo 'PELICANOPTS=' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'BASEDIR=$(CURDIR)' >> $STATIC_BLOG_FILE - echo 'INPUTDIR=$(BASEDIR)/content' >> $STATIC_BLOG_FILE - echo "OUTPUTDIR=$PELICAN_BLOG_PATH" >> $STATIC_BLOG_FILE - echo 'CONFFILE=$(BASEDIR)/pelicanconf.py' >> $STATIC_BLOG_FILE - echo 'PUBLISHCONF=$(BASEDIR)/publishconf.py' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'DEBUG ?= 0' >> $STATIC_BLOG_FILE - echo 'ifeq ($(DEBUG), 1)' >> $STATIC_BLOG_FILE - echo -e '\tPELICANOPTS += -D' >> $STATIC_BLOG_FILE - echo 'endif' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'RELATIVE ?= 0' >> $STATIC_BLOG_FILE - echo 'ifeq ($(RELATIVE), 1)' >> $STATIC_BLOG_FILE - echo -e '\tPELICANOPTS += --relative-urls' >> $STATIC_BLOG_FILE - echo 'endif' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'html:' >> $STATIC_BLOG_FILE - echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'clean:' >> $STATIC_BLOG_FILE - echo -e '\t[ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR)' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'regenerate:' >> $STATIC_BLOG_FILE - echo -e '\t$(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'serve:' >> $STATIC_BLOG_FILE - echo 'ifdef PORT' >> $STATIC_BLOG_FILE - echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT)' >> $STATIC_BLOG_FILE - echo 'else' >> $STATIC_BLOG_FILE - echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server' >> $STATIC_BLOG_FILE - echo 'endif' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'serve-global:' >> $STATIC_BLOG_FILE - echo 'ifdef SERVER' >> $STATIC_BLOG_FILE - echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER)' >> $STATIC_BLOG_FILE - echo 'else' >> $STATIC_BLOG_FILE - echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0' >> $STATIC_BLOG_FILE - echo 'endif' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'devserver:' >> $STATIC_BLOG_FILE - echo 'ifdef PORT' >> $STATIC_BLOG_FILE - echo -e '\t$(BASEDIR)/develop_server.sh restart $(PORT)' >> $STATIC_BLOG_FILE - echo 'else' >> $STATIC_BLOG_FILE - echo -e '\t$(BASEDIR)/develop_server.sh restart' >> $STATIC_BLOG_FILE - echo 'endif' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'stopserver:' >> $STATIC_BLOG_FILE - echo -e '\t$(BASEDIR)/develop_server.sh stop' >> $STATIC_BLOG_FILE - echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'publish:' >> $STATIC_BLOG_FILE - echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS)' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo '.PHONY: html clean regenerate serve serve-global devserver publish' >> $STATIC_BLOG_FILE + { echo 'PY?=python'; + echo 'PELICAN?=pelican'; + echo 'PELICANOPTS='; + echo ''; + echo "BASEDIR=\$(CURDIR)"; + echo "INPUTDIR=\$(BASEDIR)/content"; + echo "OUTPUTDIR=$PELICAN_BLOG_PATH"; + echo "CONFFILE=\$(BASEDIR)/pelicanconf.py"; + echo "PUBLISHCONF=\$(BASEDIR)/publishconf.py"; + echo ''; + echo 'DEBUG ?= 0'; + echo "ifeq (\$(DEBUG), 1)"; + echo -e '\tPELICANOPTS += -D'; + echo 'endif'; + echo ''; + echo 'RELATIVE ?= 0'; + echo "ifeq (\$(RELATIVE), 1)"; + echo -e '\tPELICANOPTS += --relative-urls'; + echo 'endif'; + echo ''; + echo 'html:'; + echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)"; + echo ''; + echo 'clean:'; + echo -e "\\t[ ! -d \$(OUTPUTDIR) ] || rm -rf \$(OUTPUTDIR)"; + echo ''; + echo 'regenerate:'; + echo -e "\\t\$(PELICAN) -r \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)"; + echo ''; + echo 'serve:'; + echo 'ifdef PORT'; + echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server \$(PORT)"; + echo 'else'; + echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server"; + echo 'endif'; + echo ''; + echo 'serve-global:'; + echo 'ifdef SERVER'; + echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 \$(SERVER)"; + echo 'else'; + echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 0.0.0.0"; + echo 'endif'; + echo ''; + echo 'devserver:'; + echo 'ifdef PORT'; + echo -e "\\t\$(BASEDIR)/develop_server.sh restart \$(PORT)"; + echo 'else'; + echo -e "\\t\$(BASEDIR)/develop_server.sh restart"; + echo 'endif'; + echo ''; + echo 'stopserver:'; + echo -e "\\t\$(BASEDIR)/develop_server.sh stop"; + echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."'; + echo ''; + echo 'publish:'; + echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(PUBLISHCONF) \$(PELICANOPTS)"; + echo ''; + echo '.PHONY: html clean regenerate serve serve-global devserver publish'; } > "$STATIC_BLOG_FILE" } function create_pelican_publish_conf { STATIC_BLOG_FILE=$1 - echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE - echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE - echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'import os' >> $STATIC_BLOG_FILE - echo 'import sys' >> $STATIC_BLOG_FILE - echo 'sys.path.append(os.curdir)' >> $STATIC_BLOG_FILE - echo 'from pelicanconf import *' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo "SITEURL = ''" >> $STATIC_BLOG_FILE - echo 'RELATIVE_URLS = True' >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'" >> $STATIC_BLOG_FILE - echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'" >> $STATIC_BLOG_FILE - echo '' >> $STATIC_BLOG_FILE - echo 'DELETE_OUTPUT_DIRECTORY = True' >> $STATIC_BLOG_FILE + { echo '#!/usr/bin/env python'; + echo '# -*- coding: utf-8 -*- #'; + echo 'from __future__ import unicode_literals'; + echo ''; + echo 'import os'; + echo 'import sys'; + echo 'sys.path.append(os.curdir)'; + echo 'from pelicanconf import *'; + echo ''; + echo "SITEURL = ''"; + echo 'RELATIVE_URLS = True'; + echo ''; + echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'"; + echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'"; + echo ''; + echo 'DELETE_OUTPUT_DIRECTORY = True'; } > "$STATIC_BLOG_FILE" } function pelican_themes { @@ -747,10 +756,11 @@ function pelican_themes { } function mesh_install_pelican { - if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then + if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then return fi + # shellcheck disable=SC2154 chroot "$rootdir" apt-get -yq install python-pip chroot "$rootdir" pip install ipython chroot "$rootdir" pip install Markdown @@ -760,34 +770,34 @@ function mesh_install_pelican { PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog - if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR ]; then - mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR + if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR" ]; then + mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR" fi - if [ ! -d $rootdir$PELICAN_BLOG_PATH ]; then - mkdir -p $rootdir$PELICAN_BLOG_PATH + if [ ! -d "$rootdir$PELICAN_BLOG_PATH" ]; then + mkdir -p "$rootdir$PELICAN_BLOG_PATH" fi - if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images ]; then - mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images + if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" ]; then + mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" fi - create_pelican_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py - create_pelican_makefile $rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile - create_pelican_publish_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py + create_pelican_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py" + create_pelican_makefile "$rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile" + create_pelican_publish_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py" - mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/themes - cd $rootdir$PELICAN_BLOG_INSTALL_DIR/themes + mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" + cd "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" || exit 74624524 pelican_themes #git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins - chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR - chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public + chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR" + chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Public" } function install_pelican { - if [ $INSTALLING_MESH ]; then + if [ "$INSTALLING_MESH" ]; then mesh_install_pelican return fi @@ -800,29 +810,29 @@ function install_pelican { PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs - if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then - mkdir -p $PELICAN_BLOG_INSTALL_DIR + if [ ! -d "$PELICAN_BLOG_INSTALL_DIR" ]; then + mkdir -p "$PELICAN_BLOG_INSTALL_DIR" fi if [ ! -d $PELICAN_BLOG_PATH ]; then mkdir -p $PELICAN_BLOG_PATH fi - if [ ! -d $PELICAN_BLOG_INSTALL_DIR/content ]; then - mkdir -p $PELICAN_BLOG_INSTALL_DIR/content + if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/content" ]; then + mkdir -p "$PELICAN_BLOG_INSTALL_DIR/content" fi - create_pelican_conf $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py - create_pelican_makefile $PELICAN_BLOG_INSTALL_DIR/Makefile - create_pelican_publish_conf $PELICAN_BLOG_INSTALL_DIR/publishconf.py + create_pelican_conf "$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py" + create_pelican_makefile "$PELICAN_BLOG_INSTALL_DIR/Makefile" + create_pelican_publish_conf "$PELICAN_BLOG_INSTALL_DIR/publishconf.py" - mkdir -p $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes - cd $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes + mkdir -p "$PELICAN_THEMES_REPO" "$PELICAN_BLOG_INSTALL_DIR/themes" + cd "$PELICAN_BLOG_INSTALL_DIR/themes" || exit 45357282883 pelican_themes #git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins - chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR + chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR" chown -R www-data:www-data $PELICAN_BLOG_PATH pelican_editor_config @@ -834,7 +844,7 @@ function install_pelican { install_pelican_website_onion pelican_regenerate_blog - if [ ! -d $PELICAN_BLOG_INSTALL_DIR/output ]; then + if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/output" ]; then echo $'Failed to generate pelican blog' exit 521892 fi diff --git a/src/freedombone-app-pihole b/src/freedombone-app-pihole index 121909dc..e2bc6f58 100755 --- a/src/freedombone-app-pihole +++ b/src/freedombone-app-pihole @@ -66,17 +66,17 @@ function pihole_copy_files { if [ ! -d /etc/.pihole ]; then mkdir /etc/.pihole fi - cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default - cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default + cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default + cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then - cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST + cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST fi - cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename + cp "$INSTALL_DIR/pihole/advanced/Scripts/*" /opt/$piholeBasename if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then rm /etc/dnsmasq.d/01-pihole.conf fi - cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole - cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename + cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole + cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename chmod +x /opt/pihole/*.sh } @@ -95,7 +95,7 @@ function pihole_update { return fi - if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then + if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then PIHOLE_IFACE=eth0 else read_config_param WIFI_INTERFACE @@ -114,13 +114,13 @@ function pihole_update { echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars} echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars} - echo 'domain-needed' > /etc/dnsmasq.conf - echo 'bogus-priv' >> /etc/dnsmasq.conf - echo 'no-resolv' >> /etc/dnsmasq.conf - echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf - echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf - echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf - echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf + { echo 'domain-needed'; + echo 'bogus-priv'; + echo 'no-resolv'; + echo "server=${PIHOLE_DNS1}"; + echo "server=${PIHOLE_DNS2}"; + echo "interface=${PIHOLE_IFACE}"; + echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf pihole -g systemctl restart dnsmasq @@ -132,8 +132,7 @@ function pihole_update { } function pihole_change_upstream_dns { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Ad Blocker Upstream DNS" \ --radiolist $"Pick a domain name service (DNS):" 28 50 19 \ 1 $"Digital Courage" on \ @@ -154,13 +153,15 @@ function pihole_change_upstream_dns { 16 $"DNS.Watch" off \ 17 $"uncensoreddns.org" off \ 18 $"Lorraine Data Network" off \ - 19 $"Google" off 2> $data + 19 $"Google" off 2> "$data" sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - case $(cat $data) in + case $(cat "$data") in 1) PIHOLE_DNS1='85.214.73.63' PIHOLE_DNS2='213.73.91.35' ;; @@ -218,10 +219,12 @@ function pihole_change_upstream_dns { 19) PIHOLE_DNS1='8.8.8.8' PIHOLE_DNS2='4.4.4.4' dialog --title $"WARNING" \ - --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60 + --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60 ;; - 255) exit 1;; + 255) rm -f "$data" + exit 1;; esac + rm -f "$data" write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1" write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2" } @@ -252,8 +255,7 @@ function pihole_resume { function configure_interactive_pihole { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Ad Blocker" \ --radiolist $"Choose an operation:" 16 70 7 \ @@ -263,13 +265,15 @@ function configure_interactive_pihole { 4 $"Change upstream DNS servers" off \ 5 $"Pause blocker" off \ 6 $"Resume blocker" off \ - 7 $"Exit" on 2> $data + 7 $"Exit" on 2> "$data" sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - case $(cat $data) in + case $(cat "$data") in 1) editor $PIHOLE_CUSTOM_ADLIST update_pihole_interactive ;; @@ -286,8 +290,10 @@ function configure_interactive_pihole { ;; 6) pihole_resume ;; - 7) break;; + 7) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -306,7 +312,7 @@ function upgrade_pihole { fi function_check set_repo_commit - set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO + set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO pihole_copy_files pihole_update @@ -367,8 +373,8 @@ function remove_pihole { rm /etc/cron.d/pihole fi - if [ -d $INSTALL_DIR/pihole ]; then - rm -rf $INSTALL_DIR/pihole + if [ -d "$INSTALL_DIR/pihole" ]; then + rm -rf "$INSTALL_DIR/pihole" fi firewall_remove 53 @@ -391,27 +397,27 @@ function install_pihole { systemctl enable dnsmasq - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir -p "$INSTALL_DIR" fi - if [ ! -d $INSTALL_DIR/pihole ]; then - cd $INSTALL_DIR + if [ ! -d "$INSTALL_DIR/pihole" ]; then + cd "$INSTALL_DIR" || exit 78245624527 if [ -d /repos/pihole ]; then mkdir pihole cp -r -p /repos/pihole/. pihole - cd pihole + cd pihole || exit 24572424684 git pull else git_clone $PIHOLE_REPO pihole fi - if [ ! -d $INSTALL_DIR/pihole ]; then + if [ ! -d "$INSTALL_DIR/pihole" ]; then exit 523925 fi - cd $INSTALL_DIR/pihole - git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT + cd "$INSTALL_DIR/pihole" || exit 2682468242 + git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT" set_completion_param "pihole commit" "$PIHOLE_COMMIT" fi @@ -420,21 +426,21 @@ function install_pihole { fi # blank file which takes the place of ads - echo '' > /var/www/pihole/htdocs/index.html - echo '' >> /var/www/pihole/htdocs/index.html - echo '' >> /var/www/pihole/htdocs/index.html - echo '' >> /var/www/pihole/htdocs/index.html + { echo ''; + echo ''; + echo ''; + echo ''; } > /var/www/pihole/htdocs/index.html - if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then + if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then exit 26738 fi - cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh + cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh chmod 755 /usr/local/bin/gravity.sh - if [ ! -f $INSTALL_DIR/pihole/pihole ]; then + if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then exit 52935 fi - cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole + cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole chmod 755 /usr/local/bin/pihole if [ ! -d $piholeDir ]; then diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma index 778af9d6..8cf2135c 100755 --- a/src/freedombone-app-pleroma +++ b/src/freedombone-app-pleroma @@ -73,56 +73,56 @@ pleroma_variables=(ONION_ONLY MY_USERNAME) function create_pleroma_blocklist { - echo '#!/bin/bash' > $blocking_script_file - echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file - echo ' exit 0' >> $blocking_script_file - echo 'fi' >> $blocking_script_file - echo 'if [ -f /tmp/pleroma-blocking.lock ]; then' >> $blocking_script_file - echo ' cd /tmp' >> $blocking_script_file - echo ' find ./pleroma*.lock -type f -mmin +5 -exec rm {} \;' >> $blocking_script_file - echo ' if [ -f /tmp/pleroma-blocking.lock ]; then' >> $blocking_script_file - echo ' exit 0' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo 'fi' >> $blocking_script_file - echo 'touch /tmp/pleroma-blocking.lock' >> $blocking_script_file - echo 'objects_query="DELETE FROM objects WHERE"' >> $blocking_script_file - echo 'objects_updated=' >> $blocking_script_file - echo 'users_query="DELETE FROM users WHERE"' >> $blocking_script_file - echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"' >> $blocking_script_file - echo 'websub_server_subscriptions_updated=' >> $blocking_script_file - echo 'while read blocked; do' >> $blocking_script_file - echo ' if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file - echo ' if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file - echo ' if [ $objects_updated ]; then' >> $blocking_script_file - echo ' objects_query="${objects_query} or"' >> $blocking_script_file - echo ' users_query="${users_query} or"' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo " objects_query=\"\${objects_query} data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file - echo " users_query=\"\${users_query} nickname ilike '%\${blocked}%'\"" >> $blocking_script_file - echo ' objects_updated=1' >> $blocking_script_file - echo ' if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file - echo ' if ! grep -q "127.0.0.1 $blocked" /etc/hosts; then' >> $blocking_script_file - echo ' echo "127.0.0.1 $blocked" >> /etc/hosts' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo ' if [ $websub_server_subscriptions_updated ]; then' >> $blocking_script_file - echo ' websub_server_subscriptions_query="${websub_server_subscriptions_query} or"' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo " websub_server_subscriptions_query=\"\${websub_server_subscriptions_query} callback like '%\${blocked}%'\"" >> $blocking_script_file - echo ' websub_server_subscriptions_updated=1' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo ' fi' >> $blocking_script_file - echo 'done > $blocking_script_file - echo '' >> $blocking_script_file - echo 'cd /etc/postgresql' >> $blocking_script_file - echo 'if [ $objects_updated ]; then' >> $blocking_script_file - echo ' sudo -u postgres psql -d pleroma -c "$objects_query"' >> $blocking_script_file - echo ' sudo -u postgres psql -d pleroma -c "$users_query"' >> $blocking_script_file - echo 'fi' >> $blocking_script_file - echo 'if [ $websub_server_subscriptions_updated ]; then' >> $blocking_script_file - echo ' sudo -u postgres psql -d pleroma -c "$websub_server_subscriptions_query"' >> $blocking_script_file - echo 'fi' >> $blocking_script_file - echo 'rm /tmp/pleroma-blocking.lock' >> $blocking_script_file + { echo '#!/bin/bash'; + echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then"; + echo ' exit 0'; + echo 'fi'; + echo 'if [ -f /tmp/pleroma-blocking.lock ]; then'; + echo ' cd /tmp'; + echo ' find ./pleroma*.lock -type f -mmin +5 -exec rm {} \;'; + echo ' if [ -f /tmp/pleroma-blocking.lock ]; then'; + echo ' exit 0'; + echo ' fi'; + echo 'fi'; + echo 'touch /tmp/pleroma-blocking.lock'; + echo 'objects_query="DELETE FROM objects WHERE"'; + echo 'objects_updated='; + echo 'users_query="DELETE FROM users WHERE"'; + echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"'; + echo 'websub_server_subscriptions_updated='; + echo 'while read blocked; do'; + echo " if [[ \"\$blocked\" == *\".\"* || \"\$blocked\" == *\"@\"* ]]; then"; + echo " if [ \${#blocked} -gt 4 ]; then"; + echo " if [ \$objects_updated ]; then"; + echo " objects_query=\"\${objects_query} or\""; + echo " users_query=\"\${users_query} or\""; + echo ' fi'; + echo " objects_query=\"\${objects_query} data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\""; + echo " users_query=\"\${users_query} nickname ilike '%\${blocked}%'\""; + echo ' objects_updated=1'; + echo " if [[ \"\$blocked\" != *\"@\"* ]]; then"; + echo " if ! grep -q \"127.0.0.1 \$blocked\" /etc/hosts; then"; + echo " echo \"127.0.0.1 \$blocked\" >> /etc/hosts"; + echo ' fi'; + echo " if [ \$websub_server_subscriptions_updated ]; then"; + echo " websub_server_subscriptions_query=\"\${websub_server_subscriptions_query} or\""; + echo ' fi'; + echo " websub_server_subscriptions_query=\"\${websub_server_subscriptions_query} callback like '%\${blocked}%'\""; + echo ' websub_server_subscriptions_updated=1'; + echo ' fi'; + echo ' fi'; + echo ' fi'; + echo 'done $blocking_script_file chmod +x $blocking_script_file @@ -135,11 +135,11 @@ function expire_pleroma_posts { domain_name=$1 expire_months=$3 - if [ ! $expire_months ]; then + if [ ! "$expire_months" ]; then expire_months=3 fi - expire_days=$((expire_months * 30)) + #expire_days=$((expire_months * 30)) # files are what take up most of the backup time, so don't keep them for very long expire_days_files=7 @@ -150,86 +150,86 @@ function expire_pleroma_posts { return fi - echo '#!/bin/bash' > $pleroma_expire_posts_script - echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script - echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script - echo ' exit 1' >> $pleroma_expire_posts_script - echo 'fi' >> $pleroma_expire_posts_script - echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script - echo ' exit 2' >> $pleroma_expire_posts_script - echo 'fi' >> $pleroma_expire_posts_script - echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script - echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script - echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script - echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script + { echo '#!/bin/bash'; + echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\""; + echo "if [ \${#plmonths} -eq 0 ]; then"; + echo ' exit 1'; + echo 'fi'; + echo "if [[ \"\$plmonths\" == \"0\" ]]; then"; + echo ' exit 2'; + echo 'fi'; + echo "oldate=\$(date +%Y-%m-%d --date=\"\$plmonths months ago\")"; + echo 'cd /etc/postgresql'; + echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\""; + echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\""; } > $pleroma_expire_posts_script chmod +x $pleroma_expire_posts_script pleroma_expire_script=/etc/cron.daily/pleroma-expire - expire_days_files_threshold=$(($expire_days_files - 1)) - echo '#!/bin/bash' > $pleroma_expire_script - echo 'cd /etc/postgresql' >> $pleroma_expire_script - echo 'if [ -d /etc/pleroma/tempfiles ]; then' >> $pleroma_expire_script - echo ' rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script - echo 'fi' >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# make directory to temporarily store local avatars' >> $pleroma_expire_script - echo 'mkdir /etc/pleroma/tempfiles' >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# get the local avatar files' >> $pleroma_expire_script - echo "avatars=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'url' from users where avatar->>'url' like '%${domain_name}%'\")" >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# copy the avatar files to a temporary directory' >> $pleroma_expire_script - echo 'arr=( $avatars )' >> $pleroma_expire_script - echo 'for i in "${arr[@]}"; do' >> $pleroma_expire_script - echo ' if [[ "$i" == *'/media/'* ]]; then' >> $pleroma_expire_script - echo " imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');" >> $pleroma_expire_script - echo ' if [ -f $imagefile ]; then' >> $pleroma_expire_script - echo " imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')" >> $pleroma_expire_script - echo ' nowdate=$(date +%s)' >> $pleroma_expire_script - echo ' sinceepoch=$(date +%s -r $imagefile)' >> $pleroma_expire_script - echo ' daysold=$((($nowdate - $sinceepoch) / 86400))' >> $pleroma_expire_script - echo " if [ \$daysold -ge ${expire_days_files_threshold} ]; then" >> $pleroma_expire_script - echo ' if [ ! -d $imagedir ]; then' >> $pleroma_expire_script - echo ' mkdir $imagedir' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo ' cp -rp $imagefile $imagedir' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo 'done' >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# get the local banner files' >> $pleroma_expire_script - echo "banners=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'banner' from users where avatar->>'url' like '%${domain_name}%'\")" >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# copy the banner files to a temporary directory' >> $pleroma_expire_script - echo 'arr=( $banners )' >> $pleroma_expire_script - echo 'for i in "${arr[@]}"; do' >> $pleroma_expire_script - echo ' if [[ "$i" == *'/media/'* ]]; then' >> $pleroma_expire_script - echo " imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');" >> $pleroma_expire_script - echo ' if [ -f $imagefile ]; then' >> $pleroma_expire_script - echo " imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')" >> $pleroma_expire_script - echo ' nowdate=$(date +%s)' >> $pleroma_expire_script - echo ' sinceepoch=$(date +%s -r $imagefile)' >> $pleroma_expire_script - echo ' daysold=$((($nowdate - $sinceepoch) / 86400))' >> $pleroma_expire_script - echo " if [ \$daysold -ge ${expire_days_files_threshold} ]; then" >> $pleroma_expire_script - echo ' if [ ! -d $imagedir ]; then' >> $pleroma_expire_script - echo ' mkdir $imagedir' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo ' cp -rp $imagefile $imagedir' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo ' fi' >> $pleroma_expire_script - echo 'done' >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# delete old files' >> $pleroma_expire_script - echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '# move avatar files back to uploads' >> $pleroma_expire_script - echo 'chown -R pleroma:pleroma /etc/pleroma/tempfiles' >> $pleroma_expire_script - echo 'mv /etc/pleroma/tempfiles/* /etc/pleroma/uploads' >> $pleroma_expire_script - echo 'rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script - echo '' >> $pleroma_expire_script - echo '/usr/bin/pleroma-expire-posts 2> /dev/null' >> $pleroma_expire_script + expire_days_files_threshold=$((expire_days_files - 1)) + { echo '#!/bin/bash'; + echo 'cd /etc/postgresql'; + echo 'if [ -d /etc/pleroma/tempfiles ]; then'; + echo ' rm -rf /etc/pleroma/tempfiles'; + echo 'fi'; + echo ''; + echo '# make directory to temporarily store local avatars'; + echo 'mkdir /etc/pleroma/tempfiles'; + echo ''; + echo '# get the local avatar files'; + echo "avatars=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'url' from users where avatar->>'url' like '%${domain_name}%'\")"; + echo ''; + echo '# copy the avatar files to a temporary directory'; + echo "arr=( \$avatars )"; + echo "for i in \"\${arr[@]}\"; do"; + echo " if [[ \"\$i\" == *'/media/'* ]]; then"; + echo " imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');"; + echo " if [ -f \$imagefile ]; then"; + echo " imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')"; + echo " nowdate=\$(date +%s)"; + echo " sinceepoch=\$(date +%s -r \$imagefile)"; + echo " daysold=\$(((\$nowdate - \$sinceepoch) / 86400))"; + echo " if [ \$daysold -ge ${expire_days_files_threshold} ]; then"; + echo " if [ ! -d \$imagedir ]; then"; + echo " mkdir \$imagedir"; + echo ' fi'; + echo " cp -rp \$imagefile \$imagedir"; + echo ' fi'; + echo ' fi'; + echo ' fi'; + echo 'done'; + echo ''; + echo '# get the local banner files'; + echo "banners=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'banner' from users where avatar->>'url' like '%${domain_name}%'\")"; + echo ''; + echo '# copy the banner files to a temporary directory'; + echo "arr=( \$banners )"; + echo "for i in \"\${arr[@]}\"; do"; + echo " if [[ \"\$i\" == *'/media/'* ]]; then"; + echo " imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');"; + echo " if [ -f \$imagefile ]; then"; + echo " imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')"; + echo " nowdate=\$(date +%s)"; + echo " sinceepoch=\$(date +%s -r \$imagefile)"; + echo " daysold=\$(((\$nowdate - \$sinceepoch) / 86400))"; + echo " if [ \$daysold -ge ${expire_days_files_threshold} ]; then"; + echo " if [ ! -d \$imagedir ]; then"; + echo " mkdir \$imagedir"; + echo ' fi'; + echo " cp -rp \$imagefile \$imagedir"; + echo ' fi'; + echo ' fi'; + echo ' fi'; + echo 'done'; + echo ''; + echo '# delete old files'; + echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +"; + echo ''; + echo '# move avatar files back to uploads'; + echo 'chown -R pleroma:pleroma /etc/pleroma/tempfiles'; + echo 'mv /etc/pleroma/tempfiles/* /etc/pleroma/uploads'; + echo 'rm -rf /etc/pleroma/tempfiles'; + echo ''; + echo '/usr/bin/pleroma-expire-posts 2> /dev/null'; } > $pleroma_expire_script chmod +x $pleroma_expire_script # remove any old cron job @@ -268,7 +268,7 @@ function logging_off_pleroma { function remove_user_pleroma { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp pleroma + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp pleroma } function add_user_pleroma { @@ -281,7 +281,7 @@ function add_user_pleroma { } function install_interactive_pleroma { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -291,17 +291,16 @@ function install_interactive_pleroma { PLEROMA_DETAILS_COMPLETE= while [ ! $PLEROMA_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Pleroma Configuration" \ - --form $"\nPlease enter your Pleroma details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ + --form $"\\nPlease enter your Pleroma details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ - $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ + $"Title:" 2 1 "$(grep "$PLEROMA_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ + $"Background image URL:" 3 1 "$(grep "$PLEROMA_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ $"Code:" 4 1 "$(grep 'PLEROMA_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"Pleroma Configuration" \ @@ -309,36 +308,38 @@ function install_interactive_pleroma { $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - PLEROMA_DOMAIN_NAME=$(cat $data | sed -n 1p) - title=$(cat $data | sed -n 2p) + PLEROMA_DOMAIN_NAME=$(sed -n 1p < "$data") + title=$(sed -n 2p < "$data") if [ ${#title} -gt 1 ]; then - PLEROMA_TITLE=$welcome_msg + PLEROMA_TITLE="$title" fi - img_url=$(cat $data | sed -n 3p) + img_url=$(sed -n 3p < "$data") if [ ${#img_url} -gt 1 ]; then PLEROMA_BACKGROUND_IMAGE_URL=$img_url fi - if [ $PLEROMA_DOMAIN_NAME ]; then + if [ "$PLEROMA_DOMAIN_NAME" ]; then if [[ $PLEROMA_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then PLEROMA_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$PLEROMA_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $PLEROMA_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$PLEROMA_DOMAIN_NAME" ]]; then PLEROMA_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - PLEROMA_CODE=$(cat $data | sed -n 4p) + PLEROMA_CODE=$(sed -n 4p < "$data") validate_freedns_code "$PLEROMA_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then PLEROMA_DOMAIN_NAME= fi fi @@ -347,11 +348,12 @@ function install_interactive_pleroma { if [ $PLEROMA_DOMAIN_NAME ]; then PLEROMA_DETAILS_COMPLETE="yes" fi + rm -f "$data" done # remove any invalid characters if [ ${#PLEROMA_TITLE} -gt 0 ]; then - new_title=$(echo "$PLEROMA_TITLE" | sed "s|'||g") + new_title=${"$PLEROMA_TITLE"//\'//} PLEROMA_TITLE="$new_title" fi @@ -365,7 +367,7 @@ function install_interactive_pleroma { } function change_password_pleroma { - curr_username="$1" +# curr_username="$1" new_user_password="$2" #${PROJECT_NAME}-pass -u "$curr_username" -a pleroma -p "$new_user_password" @@ -377,14 +379,14 @@ function pleroma_create_database_failed { } function pleroma_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - PLEROMA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + PLEROMA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $PLEROMA_ADMIN_PASSWORD ]; then - PLEROMA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$PLEROMA_ADMIN_PASSWORD" ]; then + PLEROMA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $PLEROMA_ADMIN_PASSWORD ]; then + if [ ! "$PLEROMA_ADMIN_PASSWORD" ]; then return fi @@ -441,10 +443,9 @@ function pleroma_create_database { fi sed -i 's|import_config|# import_config|g' $pleroma_secret - cd $PLEROMA_DIR + cd "$PLEROMA_DIR" || exit 678245245724 chown -R pleroma:pleroma $PLEROMA_DIR/* - sudo -u pleroma mix local.rebar --force - if [ ! "$?" = "0" ]; then + if ! sudo -u pleroma mix local.rebar --force; then pleroma_create_database_failed echo $'mix local.rebar failed' exit 73528562 @@ -452,14 +453,12 @@ function pleroma_create_database { sudo -u pleroma mix local.hex --force sudo -u pleroma mix deps.compile mimerl systemctl restart postgresql - sudo -u pleroma mix ecto.create --force - if [ ! "$?" = "0" ]; then + if ! sudo -u pleroma mix ecto.create --force; then pleroma_create_database_failed echo $'mix ecto.create failed' exit 83653582 fi - sudo -u pleroma mix ecto.migrate --force - if [ ! "$?" = "0" ]; then + if ! sudo -u pleroma mix ecto.migrate --force; then pleroma_create_database_failed echo $'mix ecto.migrate failed' exit 73752573 @@ -477,15 +476,14 @@ function reconfigure_pleroma { function pleroma_set_background_image { PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Pleroma" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a background image URL' 10 60 2>$data + --inputbox $'Set a background image URL' 10 60 2>"$data" sel=$? case $sel in 0) - temp_background=$(<$data) + temp_background=$(<"$data") if [ ${#temp_background} -gt 0 ]; then PLEROMA_BACKGROUND_IMAGE_URL="$temp_background" write_config_param "PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_BACKGROUND_IMAGE_URL" @@ -498,19 +496,18 @@ function pleroma_set_background_image { fi ;; esac - rm $data + rm -f "$data" } function pleroma_set_title { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Pleroma" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a title' 10 60 2>$data + --inputbox $'Set a title' 10 60 2>"$data" sel=$? case $sel in 0) - new_title=$(<$data) + new_title=$(<"$data") if [ ${#new_title} -gt 0 ]; then PLEROMA_TITLE="$new_title" PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") @@ -524,7 +521,7 @@ function pleroma_set_title { fi ;; esac - rm $data + rm -f "$data" } function pleroma_set_expire_months { @@ -532,30 +529,31 @@ function pleroma_set_expire_months { read_config_param "PLEROMA_DOMAIN_NAME" read_config_param "PLEROMA_EXPIRE_MONTHS" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Pleroma" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$PLEROMA_EXPIRE_MONTHS" 2>$data + --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$PLEROMA_EXPIRE_MONTHS" 2>"$data" sel=$? case $sel in 0) - new_expiry_months=$(<$data) + new_expiry_months=$(<"$data") if [ ${#new_expiry_months} -gt 0 ]; then # should contain no spaces if [[ "$new_expiry_months" == *" "* ]]; then + rm -f "$data" return fi # should be a number re='^[0-9]+$' if ! [[ $new_expiry_months =~ $re ]] ; then + rm -f "$data" return fi # set the new value PLEROMA_EXPIRE_MONTHS=$new_expiry_months write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS" - expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS + expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS" create_pleroma_blocklist dialog --title $"Set Pleroma post expiry period" \ @@ -563,13 +561,13 @@ function pleroma_set_expire_months { fi ;; esac - rm $data + rm -f "$data" } function pleroma_disable_registrations { dialog --title $"Disable new Pleroma user registrations" \ --backtitle $"Freedombone Control Panel" \ - --yesno $"\nDo you wish to disable new registrations?" 10 60 + --yesno $"\\nDo you wish to disable new registrations?" 10 60 sel=$? case $sel in 0) sed -i 's|registrations_open:.*|registrations_open: false,|g' $PLEROMA_DIR/config/config.exs @@ -586,22 +584,23 @@ function pleroma_disable_registrations { function pleroma_add_emoji { emoji_resolution='128x128' - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Add Custom Emoji" \ - --form "\n" 8 75 2 \ + --form "\\n" 8 75 2 \ $"Shortcode:" 1 1 "" 1 18 16 15 \ $"ImageURL:" 2 1 "" 2 18 512 10000 \ - 2> $data + 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - shortcode=$(cat $data | sed -n 1p) - image_url=$(cat $data | sed -n 2p) - rm $data + shortcode=$(sed -n 1p < "$data") + image_url=$(sed -n 2p < "$data") + rm -f "$data" if [ ${#shortcode} -lt 2 ]; then return fi @@ -635,28 +634,28 @@ function pleroma_add_emoji { fi image_filename=$PLEROMA_DIR/priv/static/emoji/${shortcode}.${image_extension} - wget "$image_url" -O $image_filename - if [ ! -f $image_filename ]; then + wget "$image_url" -O "$image_filename" + if [ ! -f "$image_filename" ]; then dialog --title $"Add Custom Emoji" \ --msgbox $"Unable to download the image" 6 60 return fi if [[ "$image_url" == *'.jpg' || "$image_url" == *'.jpeg' || "$image_url" == *'.gif' ]]; then - convert $image_filename -resize $emoji_resolution $PLEROMA_DIR/priv/static/emoji/${shortcode}.png - if [ ! -f $PLEROMA_DIR/priv/static/emoji/${shortcode}.png ]; then + convert "$image_filename" -resize "$emoji_resolution" "$PLEROMA_DIR/priv/static/emoji/${shortcode}.png" + if [ ! -f "$PLEROMA_DIR/priv/static/emoji/${shortcode}.png" ]; then dialog --title $"Add Custom Emoji" \ --msgbox $"Unable to convert empji image to png format" 6 60 return fi # remove the original - rm $image_filename + rm "$image_filename" image_extension='png' image_filename=$PLEROMA_DIR/priv/static/emoji/${shortcode}.${image_extension} else - convert $image_filename -resize $emoji_resolution $image_filename + convert "$image_filename" -resize "$emoji_resolution" "$image_filename" fi if ! grep -q "${shortcode}," $PLEROMA_DIR/config/emoji.txt; then @@ -681,8 +680,7 @@ function configure_interactive_pleroma { read_config_param PLEROMA_EXPIRE_MONTHS while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Pleroma" \ --radiolist $"Choose an operation:" 15 70 6 \ @@ -691,21 +689,24 @@ function configure_interactive_pleroma { 3 $"Disable new account registrations" off \ 4 $"Add a custom emoji" off \ 5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)" off \ - 6 $"Exit" on 2> $data + 6 $"Exit" on 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - case $(cat $data) in + case $(cat "$data") in 1) pleroma_set_background_image;; 2) pleroma_set_title;; 3) pleroma_disable_registrations;; 4) pleroma_add_emoji;; 5) pleroma_set_expire_months;; - 6) break;; + 6) rm -f "$data" + break;; esac - rm $data + rm -f "$data" done } @@ -717,7 +718,7 @@ function upgrade_pleroma { rm $pleroma_expire_posts_script fi if [ ! -f $pleroma_expire_posts_script ]; then - expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS + expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS" fi if [ ! -f $blocking_script_file ]; then create_pleroma_blocklist @@ -756,7 +757,7 @@ function upgrade_pleroma { sudo -u pleroma mix deps.get pleroma_recompile - expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS + expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS" create_pleroma_blocklist systemctl restart pleroma @@ -764,14 +765,14 @@ function upgrade_pleroma { function backup_local_pleroma { PLEROMA_DOMAIN_NAME='pleroma' - if grep -q "pleroma domain" $COMPLETION_FILE; then + if grep -q "pleroma domain" "$COMPLETION_FILE"; then PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") fi systemctl stop pleroma function_check suspend_site - suspend_site ${PLEROMA_DOMAIN_NAME} + suspend_site "${PLEROMA_DOMAIN_NAME}" source_directory=$PLEROMA_DIR dest_directory=pleroma @@ -788,11 +789,11 @@ function backup_local_pleroma { } function restore_local_pleroma { - if ! grep -q "pleroma domain" $COMPLETION_FILE; then + if ! grep -q "pleroma domain" "$COMPLETION_FILE"; then return fi PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") - if [ $PLEROMA_DOMAIN_NAME ]; then + if [ "$PLEROMA_DOMAIN_NAME" ]; then echo $"Restoring pleroma" temp_restore_dir=/root/temppleroma pleroma_dir=$PLEROMA_DIR @@ -823,14 +824,14 @@ function restore_local_pleroma { function backup_remote_pleroma { PLEROMA_DOMAIN_NAME='pleroma' - if grep -q "pleroma domain" $COMPLETION_FILE; then + if grep -q "pleroma domain" "$COMPLETION_FILE"; then PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") fi systemctl stop pleroma function_check suspend_site - suspend_site ${PLEROMA_DOMAIN_NAME} + suspend_site "${PLEROMA_DOMAIN_NAME}" source_directory=$PLEROMA_DIR dest_directory=pleroma @@ -847,11 +848,11 @@ function backup_remote_pleroma { } function restore_remote_pleroma { - if ! grep -q "pleroma domain" $COMPLETION_FILE; then + if ! grep -q "pleroma domain" "$COMPLETION_FILE"; then return fi PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") - if [ $PLEROMA_DOMAIN_NAME ]; then + if [ "$PLEROMA_DOMAIN_NAME" ]; then echo $"Restoring pleroma" temp_restore_dir=/root/temppleroma pleroma_dir=$PLEROMA_DIR @@ -862,6 +863,7 @@ function restore_remote_pleroma { function_check pleroma_create_database pleroma_create_database + # shellcheck disable=SC2034 USE_POSTGRESQL=1 function_check restore_database_from_friend restore_database_from_friend pleroma @@ -899,14 +901,14 @@ function remove_pleroma { read_config_param "PLEROMA_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $PLEROMA_DOMAIN_NAME" - nginx_dissite $PLEROMA_DOMAIN_NAME - remove_certs $PLEROMA_DOMAIN_NAME + nginx_dissite "$PLEROMA_DOMAIN_NAME" + remove_certs "$PLEROMA_DOMAIN_NAME" - if [ -d /var/www/$PLEROMA_DOMAIN_NAME ]; then - rm -rf /var/www/$PLEROMA_DOMAIN_NAME + if [ -d "/var/www/$PLEROMA_DOMAIN_NAME" ]; then + rm -rf "/var/www/$PLEROMA_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME" fi if [ -d $PLEROMA_DIR ]; then rm -rf $PLEROMA_DIR @@ -917,25 +919,25 @@ function remove_pleroma { remove_onion_service pleroma ${PLEROMA_ONION_PORT} remove_app pleroma remove_completion_param install_pleroma - sed -i '/pleroma domain/d' $COMPLETION_FILE - sed -i '/pleroma commit/d' $COMPLETION_FILE + sed -i '/pleroma domain/d' "$COMPLETION_FILE" + sed -i '/pleroma commit/d' "$COMPLETION_FILE" sed -i "/$blocking_script_file/d" /etc/crontab function_check remove_ddns_domain - remove_ddns_domain $PLEROMA_DOMAIN_NAME + remove_ddns_domain "$PLEROMA_DOMAIN_NAME" } function install_elixir { apt-get -yq install wget build-essential - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir -p "$INSTALL_DIR" fi - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 768345274 erlang_package=erlang-solutions_1.0_all.deb wget https://packages.erlang-solutions.com/$erlang_package - if [ ! -f $INSTALL_DIR/$erlang_package ]; then + if [ ! -f "$INSTALL_DIR/$erlang_package" ]; then exit 72853 fi dpkg -i $erlang_package @@ -963,8 +965,8 @@ function install_pleroma { install_nodejs pleroma-backend install_postgresql - if [ ! -d /var/www/${PLEROMA_DOMAIN_NAME}/htdocs ]; then - mkdir -p /var/www/${PLEROMA_DOMAIN_NAME}/htdocs + if [ ! -d "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs" ]; then + mkdir -p "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs" fi if [ -d $PLEROMA_DIR ]; then rm -rf $PLEROMA_DIR @@ -978,7 +980,7 @@ function install_pleroma { if [ -d /repos/pleroma ]; then mkdir -p $PLEROMA_DIR cp -r -p /repos/pleroma/. $PLEROMA_DIR - cd $PLEROMA_DIR + cd "$PLEROMA_DIR" || exit 834537453 git pull else function_check git_clone @@ -996,7 +998,7 @@ function install_pleroma { # checkout the commit - cd $PLEROMA_DIR + cd "$PLEROMA_DIR" || exit 62452428 git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT set_completion_param "pleroma commit" "$PLEROMA_COMMIT" chown -R pleroma:pleroma $PLEROMA_DIR @@ -1004,108 +1006,105 @@ function install_pleroma { # web config function_check add_ddns_domain - add_ddns_domain $PLEROMA_DOMAIN_NAME + add_ddns_domain "$PLEROMA_DOMAIN_NAME" PLEROMA_ONION_HOSTNAME=$(add_onion_service pleroma 80 ${PLEROMA_ONION_PORT}) pleroma_nginx_site=/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $PLEROMA_DOMAIN_NAME "index index.html" - echo '' >> $pleroma_nginx_site - echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo 'server {' >> $pleroma_nginx_site - echo ' listen 443 ssl;' >> $pleroma_nginx_site - echo ' #listen [::]:443 ssl;' >> $pleroma_nginx_site - echo " server_name $PLEROMA_DOMAIN_NAME;" >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site + nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html" + { echo ''; + echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;'; + echo ''; + echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $PLEROMA_DOMAIN_NAME;"; + echo ''; } >> "$pleroma_nginx_site" function_check nginx_compress - nginx_compress $PLEROMA_DOMAIN_NAME - echo '' >> $pleroma_nginx_site - echo ' # Security' >> $pleroma_nginx_site + nginx_compress "$PLEROMA_DOMAIN_NAME" + echo '' >> "$pleroma_nginx_site" + echo ' # Security' >> "$pleroma_nginx_site" function_check nginx_ssl - nginx_ssl $PLEROMA_DOMAIN_NAME + nginx_ssl "$PLEROMA_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $PLEROMA_DOMAIN_NAME + nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo ' # Logs' >> $pleroma_nginx_site - echo ' access_log /dev/null;' >> $pleroma_nginx_site - echo ' error_log /dev/null;' >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo " root $PLEROMA_DIR;" >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo ' index index.html;' >> $pleroma_nginx_site - echo ' location / {' >> $pleroma_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root $PLEROMA_DIR;"; + echo ''; + echo ' index index.html;'; + echo ' location / {'; } >> "$pleroma_nginx_site" function_check nginx_limits - nginx_limits $PLEROMA_DOMAIN_NAME '15m' - echo ' proxy_http_version 1.1;' >> $pleroma_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $pleroma_nginx_site - echo ' proxy_set_header Connection "upgrade";' >> $pleroma_nginx_site - echo " proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site - echo ' }' >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo ' location /proxy {' >> $pleroma_nginx_site - nginx_limits $PLEROMA_DOMAIN_NAME '15m' - echo ' proxy_cache pleroma_media_cache;' >> $pleroma_nginx_site - echo ' proxy_cache_lock on;' >> $pleroma_nginx_site - echo " proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site - echo ' }' >> $pleroma_nginx_site - echo ' # include snippets/well-known.conf;' >> $pleroma_nginx_site - echo '}' >> $pleroma_nginx_site + nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' + { echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection "upgrade";'; + echo " proxy_pass http://localhost:$PLEROMA_PORT;"; + echo ' }'; + echo ''; + echo ' location /proxy {'; } >> "$pleroma_nginx_site" + nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' + { echo ' proxy_cache pleroma_media_cache;'; + echo ' proxy_cache_lock on;'; + echo " proxy_pass http://localhost:$PLEROMA_PORT;"; + echo ' }'; + echo ' # include snippets/well-known.conf;'; + echo '}'; } >> "$pleroma_nginx_site" else - echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > $pleroma_nginx_site - echo '' >> $pleroma_nginx_site + echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > "$pleroma_nginx_site" + echo '' >> "$pleroma_nginx_site" fi - echo 'server {' >> $pleroma_nginx_site - echo " listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;" >> $pleroma_nginx_site - echo " server_name $PLEROMA_ONION_HOSTNAME;" >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;"; + echo " server_name $PLEROMA_ONION_HOSTNAME;"; + echo ''; } >> "$pleroma_nginx_site" function_check nginx_compress - nginx_compress $PLEROMA_DOMAIN_NAME - echo '' >> $pleroma_nginx_site + nginx_compress "$PLEROMA_DOMAIN_NAME" + echo '' >> "$pleroma_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $PLEROMA_DOMAIN_NAME - echo '' >> $pleroma_nginx_site - echo ' # Logs' >> $pleroma_nginx_site - echo ' access_log /dev/null;' >> $pleroma_nginx_site - echo ' error_log /dev/null;' >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo " root $PLEROMA_DIR;" >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo ' index index.html;' >> $pleroma_nginx_site - echo ' location / {' >> $pleroma_nginx_site + nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root $PLEROMA_DIR;"; + echo ''; + echo ' index index.html;'; + echo ' location / {'; } >> "$pleroma_nginx_site" function_check nginx_limits - nginx_limits $PLEROMA_DOMAIN_NAME '15m' - echo ' proxy_http_version 1.1;' >> $pleroma_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $pleroma_nginx_site - echo ' proxy_set_header Connection "upgrade";' >> $pleroma_nginx_site - echo " proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site - echo ' }' >> $pleroma_nginx_site - echo '' >> $pleroma_nginx_site - echo ' location /proxy {' >> $pleroma_nginx_site - nginx_limits $PLEROMA_DOMAIN_NAME '15m' - echo ' proxy_cache pleroma_media_cache;' >> $pleroma_nginx_site - echo ' proxy_cache_lock on;' >> $pleroma_nginx_site - echo " proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site - echo ' }' >> $pleroma_nginx_site - echo ' # include snippets/well-known.conf;' >> $pleroma_nginx_site - echo '}' >> $pleroma_nginx_site - + nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' + { echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection "upgrade";'; + echo " proxy_pass http://localhost:$PLEROMA_PORT;"; + echo ' }'; + echo ''; + echo ' location /proxy {'; } >> "$pleroma_nginx_site" + nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' + { echo ' proxy_cache pleroma_media_cache;'; + echo ' proxy_cache_lock on;'; + echo " proxy_pass http://localhost:$PLEROMA_PORT;"; + echo ' }'; + echo ' # include snippets/well-known.conf;'; + echo '}'; } >> "$pleroma_nginx_site" # back end - cd $PLEROMA_DIR - chown -R pleroma:pleroma * - sudo -u pleroma mix local.hex --force - if [ ! "$?" = "0" ]; then + cd "$PLEROMA_DIR" || exit 246824684 + chown -R pleroma:pleroma "$PLEROMA_DIR/*" + if ! sudo -u pleroma mix local.hex --force; then echo $'mix local.hex failed' exit 1745673 fi - sudo -u pleroma mix deps.get --force - if [ ! "$?" = "0" ]; then + if ! sudo -u pleroma mix deps.get --force; then echo $'mix deps.get failed' exit 7325733 fi @@ -1113,29 +1112,28 @@ function install_pleroma { function_check pleroma_create_database pleroma_create_database - ${PROJECT_NAME}-pass -u $MY_USERNAME -a pleroma -p "$PLEROMA_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a pleroma -p "$PLEROMA_ADMIN_PASSWORD" # NOTE: we don't need to install the frontend separately, # since the backend contains a precompiled version of it install_gnusocial_default_background "pleroma" "$PLEROMA_DOMAIN_NAME" - if [ ! -f $PLEROMA_DIR/priv/static/static/config.json ]; then + if [ ! -f "$PLEROMA_DIR/priv/static/static/config.json" ]; then echo $"$PLEROMA_DIR/priv/static/static/config.json file missing" exit 323689 fi - sed -i 's|"theme":.*|"theme": "base16-summerfruit-dark.css",|g' $PLEROMA_DIR/priv/static/static/config.json + sed -i 's|"theme":.*|"theme": "base16-summerfruit-dark.css",|g' "$PLEROMA_DIR/priv/static/static/config.json" - if [ $PLEROMA_BACKGROUND_IMAGE_URL ]; then + if [ "$PLEROMA_BACKGROUND_IMAGE_URL" ]; then pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE" fi - # Get certificate function_check create_site_certificate - create_site_certificate $PLEROMA_DOMAIN_NAME 'yes' + create_site_certificate "$PLEROMA_DOMAIN_NAME" 'yes' function_check nginx_ensite - nginx_ensite $PLEROMA_DOMAIN_NAME + nginx_ensite "$PLEROMA_DOMAIN_NAME" systemctl restart postgresql systemctl restart nginx @@ -1159,22 +1157,22 @@ function install_pleroma { create_pleroma_blocklist # daemon - echo '[Unit]' > /etc/systemd/system/pleroma.service - echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service - echo 'After=network.target postgresql.service' >> /etc/systemd/system/pleroma.service - echo '' >> /etc/systemd/system/pleroma.service - echo '[Service]' >> /etc/systemd/system/pleroma.service - echo 'User=pleroma' >> /etc/systemd/system/pleroma.service - echo "WorkingDirectory=$PLEROMA_DIR" >> /etc/systemd/system/pleroma.service - echo "Environment=\"HOME=$PLEROMA_DIR\"" >> /etc/systemd/system/pleroma.service - echo 'ExecStart=/usr/local/bin/mix phx.server' >> /etc/systemd/system/pleroma.service - echo 'ExecReload=/bin/kill $MAINPID' >> /etc/systemd/system/pleroma.service - echo 'KillMode=process' >> /etc/systemd/system/pleroma.service - echo 'Restart=on-failure' >> /etc/systemd/system/pleroma.service - echo '' >> /etc/systemd/system/pleroma.service - echo '[Install]' >> /etc/systemd/system/pleroma.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/pleroma.service - echo 'Alias=pleroma.service' >> /etc/systemd/system/pleroma.service + { echo '[Unit]'; + echo 'Description=Pleroma social network'; + echo 'After=network.target postgresql.service'; + echo ''; + echo '[Service]'; + echo 'User=pleroma'; + echo "WorkingDirectory=$PLEROMA_DIR"; + echo "Environment=\"HOME=$PLEROMA_DIR\""; + echo 'ExecStart=/usr/local/bin/mix phx.server'; + echo "ExecReload=/bin/kill \$MAINPID"; + echo 'KillMode=process'; + echo 'Restart=on-failure'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; + echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service systemctl daemon-reload systemctl enable pleroma systemctl start pleroma diff --git a/src/freedombone-app-postactiv b/src/freedombone-app-postactiv index 86663842..a0addb23 100755 --- a/src/freedombone-app-postactiv +++ b/src/freedombone-app-postactiv @@ -66,12 +66,12 @@ function logging_off_postactiv { function postactiv_customise_logo { domain_name=$1 - if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then + if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then if [ -f ~/freedombone/img/postactiv.png ]; then - cp ~/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png + cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png" else - if [ -f /home/$MY_USERNAME/freedombone/img/postactiv.png ]; then - cp /home/$MY_USERNAME/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png + if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then + cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png" fi fi fi @@ -80,13 +80,13 @@ function postactiv_customise_logo { function remove_user_postactiv { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp postactiv + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp postactiv function_check get_completion_param POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") - if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then - cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs - php scripts/deleteprofile.php -n $remove_username -y + if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then + cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254 + php scripts/deleteprofile.php -n "$remove_username" -y fi } @@ -94,13 +94,13 @@ function add_user_postactiv { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a postactiv -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a postactiv -p "$new_user_password" POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") - if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs ]; then - cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs - php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME" - ${PROJECT_NAME}-addemail -u $new_username -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no + if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs" ]; then + cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 346846834 + php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME" + "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no echo '0' else echo '1' @@ -108,7 +108,7 @@ function add_user_postactiv { } function install_interactive_postactiv { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -118,54 +118,54 @@ function install_interactive_postactiv { POSTACTIV_DETAILS_COMPLETE= while [ ! $POSTACTIV_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) + data=$(mktemp 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"PostActiv Configuration" \ - --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ + --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ - $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ + $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ + $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ $"Code:" 4 1 "$(grep 'POSTACTIV_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"PostActiv Configuration" \ - --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ + --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \ $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ - $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ - 2> $data + $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \ + $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \ + 2> "$data" fi sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac - POSTACTIV_DOMAIN_NAME=$(cat $data | sed -n 1p) - title=$(cat $data | sed -n 2p) + POSTACTIV_DOMAIN_NAME=$(sed -n 1p < "$data") + title=$(sed -n 2p < "$data") if [ ${#title} -gt 1 ]; then - POSTACTIV_TITLE=$welcome_msg + POSTACTIV_TITLE=$title fi - img_url=$(cat $data | sed -n 3p) + img_url=$(sed -n 3p < "$data") if [ ${#img_url} -gt 1 ]; then POSTACTIV_BACKGROUND_IMAGE_URL=$img_url fi - if [ $POSTACTIV_DOMAIN_NAME ]; then - if [[ $POSTACTIV_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then + if [ "$POSTACTIV_DOMAIN_NAME" ]; then + if [[ "$POSTACTIV_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then POSTACTIV_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$POSTACTIV_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $POSTACTIV_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$POSTACTIV_DOMAIN_NAME" ]]; then POSTACTIV_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - POSTACTIV_CODE=$(cat $data | sed -n 4p) + POSTACTIV_CODE=$(sed -n 4p < "$data") validate_freedns_code "$POSTACTIV_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then POSTACTIV_DOMAIN_NAME= fi fi @@ -178,7 +178,7 @@ function install_interactive_postactiv { # remove any invalid characters if [ ${#POSTACTIV_TITLE} -gt 0 ]; then - new_title=$(echo "$POSTACTIV_TITLE" | sed "s|'||g") + new_title=${"$POSTACTIV_TITLE"//\'//} POSTACTIV_TITLE="$new_title" fi @@ -197,26 +197,26 @@ function change_password_postactiv { read_config_param 'POSTACTIV_DOMAIN_NAME' - cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts + cd "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts" || exit 246824682 php setpassword.php "$curr_username" "$new_user_password" - ${PROJECT_NAME}-pass -u "$curr_username" -a postactiv -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$curr_username" -a postactiv -p "$new_user_password" } function postactiv_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - POSTACTIV_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + POSTACTIV_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then - POSTACTIV_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then + POSTACTIV_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then + if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" $MY_USERNAME + create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" "$MY_USERNAME" } function postactiv_running_script { @@ -235,64 +235,63 @@ function reconfigure_postactiv { function postactiv_set_background_image { POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"PostActiv" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a background image URL' 10 60 2>$data + --inputbox $'Set a background image URL' 10 60 2>"$data" sel=$? case $sel in 0) - temp_background=$(<$data) + temp_background=$(<"$data") if [ ${#temp_background} -gt 0 ]; then POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background" write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL" - if [[ $(pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then + if [[ $(pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then dialog --title $"Set PostActiv background" \ --msgbox $"The background image has been set" 6 60 fi fi ;; esac + rm -f "$data" } function postactiv_set_title { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"PostActiv" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a title' 10 60 2>$data + --inputbox $'Set a title' 10 60 2>"$data" sel=$? case $sel in 0) - new_title=$(<$data) + new_title=$(<"$data") if [ ${#new_title} -gt 0 ]; then POSTACTIV_TITLE="$new_title" POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") write_config_param "POSTACTIV_TITLE" "$POSTACTIV_TITLE" - cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static + cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static" || exit 782452452 sed -i "s|\"name\":.*|\"name\": \"${POSTACTIV_TITLE}\",|g" config.json dialog --title $"Set PostActiv title" \ --msgbox $"The title has been set" 6 60 fi ;; esac + rm -f "$data" } function postactiv_set_expire_months { POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") read_config_param "POSTACTIV_EXPIRE_MONTHS" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"PostActiv" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>$data + --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>"$data" sel=$? case $sel in 0) - new_expiry_months=$(<$data) + new_expiry_months=$(<"$data") if [ ${#new_expiry_months} -gt 0 ]; then # should contain no spaces if [[ "$new_expiry_months" == *" "* ]]; then @@ -312,14 +311,14 @@ function postactiv_set_expire_months { fi ;; esac + rm -f "$data" } function configure_interactive_postactiv { read_config_param "POSTACTIV_EXPIRE_MONTHS" while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"PostActiv" \ --radiolist $"Choose an operation:" 16 70 7 \ @@ -329,21 +328,25 @@ function configure_interactive_postactiv { 4 $"Select Qvitter user interface" off \ 5 $"Select Pleroma user interface" off \ 6 $"Select Classic user interface" off \ - 7 $"Exit" on 2> $data + 7 $"Exit" on 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - case $(cat $data) in + case $(cat "$data") in 1) postactiv_set_background_image;; 2) postactiv_set_title;; 3) postactiv_set_expire_months;; 4) gnusocial_use_qvitter postactiv;; 5) gnusocial_use_pleroma postactiv;; 6) gnusocial_use_classic postactiv;; - 7) break;; + 7) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -353,22 +356,22 @@ function upgrade_postactiv { return fi - if grep -q "postactiv domain" $COMPLETION_FILE; then + if grep -q "postactiv domain" "$COMPLETION_FILE"; then POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") fi # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO + set_repo_commit "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO # Ensure that installation script is removed - if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then - rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php + if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then + rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" fi - if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then - if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php ]; then - mv /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php + if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then + if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" ]; then + mv "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php" fi fi @@ -379,16 +382,16 @@ function upgrade_postactiv { gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME" upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" - postactiv_customise_logo + postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME" install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME" - chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs + chown -R www-data:www-data "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs" systemctl restart mariadb } function backup_local_postactiv { POSTACTIV_DOMAIN_NAME='postactiv' - if grep -q "postactiv domain" $COMPLETION_FILE; then + if grep -q "postactiv domain" "$COMPLETION_FILE"; then POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") fi @@ -396,24 +399,24 @@ function backup_local_postactiv { /etc/cron.daily/postactiv-expire source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup - if [ ! -d $source_directory ]; then - mkdir $source_directory + if [ ! -d "$source_directory" ]; then + mkdir "$source_directory" fi - cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory - if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then - cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory + cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory" + if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then + cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory" fi function_check suspend_site - suspend_site ${POSTACTIV_DOMAIN_NAME} + suspend_site "${POSTACTIV_DOMAIN_NAME}" function_check backup_directory_to_usb dest_directory=postactivconfig - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file dest_directory=postactivfile - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check backup_database_to_usb backup_database_to_usb postactiv @@ -423,16 +426,16 @@ function backup_local_postactiv { } function restore_local_postactiv { - if ! grep -q "postactiv domain" $COMPLETION_FILE; then + if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then return fi POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") - if [ $POSTACTIV_DOMAIN_NAME ]; then + if [ "$POSTACTIV_DOMAIN_NAME" ]; then echo $"Restoring postactiv" temp_restore_dir=/root/temppostactiv postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs # stop the daemons - cd $postactiv_dir + cd "$postactiv_dir" || exit 468246242 scripts/stopdaemons.sh function_check postactiv_create_database @@ -446,36 +449,36 @@ function restore_local_postactiv { function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir postactivconfig if [ -d $temp_restore_dir ]; then - if [ -d $temp_restore_dir$postactiv_dir ]; then - cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/ - cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/ + if [ -d "$temp_restore_dir$postactiv_dir" ]; then + cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/" + cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/" else - cp $temp_restore_dir/backup/config.php $postactiv_dir/ - if [ ! -d $postactiv_dir/static ]; then - mkdir $postactiv_dir/static + cp "$temp_restore_dir/backup/config.php" "$postactiv_dir/" + if [ ! -d "$postactiv_dir/static" ]; then + mkdir "$postactiv_dir/static" fi - cp -rp $temp_restore_dir/static/* $postactiv_dir/static/ + cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/" fi - chown www-data:www-data $postactiv_dir/config.php - chown -R www-data:www-data $postactiv_dir/static + chown www-data:www-data "$postactiv_dir/config.php" + chown -R www-data:www-data "$postactiv_dir/static" rm -rf $temp_restore_dir fi restore_directory_from_usb $temp_restore_dir postactivfile if [ -d $temp_restore_dir ]; then - if [ -d $temp_restore_dir$postactiv_dir/file ]; then - cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/ + if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then + cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/" else - if [ ! -d $postactiv_dir/file ]; then - mkdir $postactiv_dir/file + if [ ! -d "$postactiv_dir/file" ]; then + mkdir "$postactiv_dir/file" fi - cp -rp $temp_restore_dir/* $postactiv_dir/file/ + cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/" fi - chown -R www-data:www-data $postactiv_dir/file + chown -R www-data:www-data "$postactiv_dir/file" rm -rf $temp_restore_dir fi - gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME} + gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}" echo $"Restore of postactiv complete" fi @@ -483,7 +486,7 @@ function restore_local_postactiv { function backup_remote_postactiv { POSTACTIV_DOMAIN_NAME='postactiv' - if grep -q "postactiv domain" $COMPLETION_FILE; then + if grep -q "postactiv domain" "$COMPLETION_FILE"; then POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") fi @@ -491,24 +494,24 @@ function backup_remote_postactiv { /etc/cron.daily/postactiv-expire source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup - if [ ! -d $source_directory ]; then - mkdir $source_directory + if [ ! -d "$source_directory" ]; then + mkdir "$source_directory" fi - cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory - if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then - cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory + cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory" + if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then + cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory" fi function_check suspend_site - suspend_site ${POSTACTIV_DOMAIN_NAME} + suspend_site "${POSTACTIV_DOMAIN_NAME}" function_check backup_directory_to_friend dest_directory=postactivconfig - backup_directory_to_friend $source_directory $dest_directory + backup_directory_to_friend "$source_directory" "$dest_directory" source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file dest_directory=postactivfile - backup_directory_to_friend $source_directory $dest_directory + backup_directory_to_friend "$source_directory" "$dest_directory" function_check backup_database_to_friend backup_database_to_friend postactiv @@ -518,16 +521,16 @@ function backup_remote_postactiv { } function restore_remote_postactiv { - if ! grep -q "postactiv domain" $COMPLETION_FILE; then + if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then return fi POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain") - if [ $POSTACTIV_DOMAIN_NAME ]; then + if [ "$POSTACTIV_DOMAIN_NAME" ]; then echo $"Restoring postactiv" temp_restore_dir=/root/temppostactiv postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs # stop the daemons - cd $postactiv_dir + cd "$postactiv_dir" || exit 24682464 scripts/stopdaemons.sh function_check postactiv_create_database @@ -542,36 +545,36 @@ function restore_remote_postactiv { function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir postactivconfig if [ -d $temp_restore_dir ]; then - if [ -d $temp_restore_dir$postactiv_dir ]; then - cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/ - cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/ + if [ -d "$temp_restore_dir$postactiv_dir" ]; then + cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/" + cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/" else - cp $temp_restore_dir/config.php $postactiv_dir/ - if [ ! -d $postactiv_dir/static ]; then - mkdir $postactiv_dir/static + cp "$temp_restore_dir/config.php" "$postactiv_dir/" + if [ ! -d "$postactiv_dir/static" ]; then + mkdir "$postactiv_dir/static" fi - cp -rp $temp_restore_dir/static/* $postactiv_dir/static/ + cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/" fi - chown www-data:www-data $postactiv_dir/config.php - chown -R www-data:www-data $postactiv_dir/static + chown www-data:www-data "$postactiv_dir/config.php" + chown -R www-data:www-data "$postactiv_dir/static" rm -rf $temp_restore_dir fi restore_directory_from_friend $temp_restore_dir postactivfile if [ -d $temp_restore_dir ]; then - if [ -d $temp_restore_dir$postactiv_dir/file ]; then - cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/ + if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then + cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/" else - if [ ! -d $postactiv_dir/file ]; then - mkdir $postactiv_dir/file + if [ ! -d "$postactiv_dir/file" ]; then + mkdir "$postactiv_dir/file" fi - cp -rp $temp_restore_dir/* $postactiv_dir/file/ + cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/" fi - chown -R www-data:www-data $postactiv_dir/file + chown -R www-data:www-data "$postactiv_dir/file" rm -rf $temp_restore_dir fi - gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME} + gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}" echo $"Restore of postactiv complete" fi @@ -587,23 +590,23 @@ function remove_postactiv { read_config_param "POSTACTIV_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $POSTACTIV_DOMAIN_NAME" - nginx_dissite $POSTACTIV_DOMAIN_NAME - remove_certs $POSTACTIV_DOMAIN_NAME + nginx_dissite "$POSTACTIV_DOMAIN_NAME" + remove_certs "$POSTACTIV_DOMAIN_NAME" if [ -f /etc/cron.hourly/postactiv-daemons ]; then rm /etc/cron.hourly/postactiv-daemons fi - if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then - cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs + if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then + cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 2467245248 scripts/stopdaemons.sh fi - kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid + kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1) + kill -9 "$kill_pid" - if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then - rm -rf /var/www/$POSTACTIV_DOMAIN_NAME + if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then + rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME" fi function_check drop_database drop_database postactiv @@ -614,17 +617,17 @@ function remove_postactiv { fi remove_app postactiv remove_completion_param install_postactiv - sed -i '/postactiv/d' $COMPLETION_FILE + sed -i '/postactiv/d' "$COMPLETION_FILE" remove_backup_database_local postactiv sed -i '/postactiv-firewall/d' /etc/crontab function_check remove_ddns_domain - remove_ddns_domain $POSTACTIV_DOMAIN_NAME + remove_ddns_domain "$POSTACTIV_DOMAIN_NAME" } function install_postactiv_main { - if [ ! $POSTACTIV_DOMAIN_NAME ]; then + if [ ! "$POSTACTIV_DOMAIN_NAME" ]; then echo $'No domain name was given for postactiv' exit 7359 fi @@ -648,38 +651,38 @@ function install_postactiv_main { apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl - if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then - mkdir /var/www/$POSTACTIV_DOMAIN_NAME + if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then + mkdir "/var/www/$POSTACTIV_DOMAIN_NAME" fi - if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/postactiv ]; then - mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs - cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs - cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs + mkdir "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" + cp -r -p /repos/postactiv/. "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" + cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682 git pull else function_check git_clone - git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs + git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone postactiv repo' exit 87525 fi fi - cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs + cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46287462828 git checkout $POSTACTIV_COMMIT -b $POSTACTIV_COMMIT set_completion_param "postactiv commit" "$POSTACTIV_COMMIT" - chmod g+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs - chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar - chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file - chown -R www-data:www-data /var/www/$POSTACTIV_DOMAIN_NAME/htdocs - chmod +x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php - chmod 755 /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php - chmod -x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php + chmod g+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" + chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar" + chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file" + chown -R www-data:www-data "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" + chmod +x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php" + chmod 755 "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php" + chmod -x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php" function_check postactiv_create_database postactiv_create_database @@ -695,118 +698,118 @@ function install_postactiv_main { fi function_check add_ddns_domain - add_ddns_domain $POSTACTIV_DOMAIN_NAME + add_ddns_domain "$POSTACTIV_DOMAIN_NAME" POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT}) postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $POSTACTIV_DOMAIN_NAME "index index.php" - echo 'server {' >> $postactiv_nginx_site - echo ' listen 443 ssl;' >> $postactiv_nginx_site - echo ' #listen [::]:443 ssl;' >> $postactiv_nginx_site - echo " server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site + nginx_http_redirect "$POSTACTIV_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $POSTACTIV_DOMAIN_NAME;"; + echo ''; } >> "$postactiv_nginx_site" function_check nginx_compress - nginx_compress $POSTACTIV_DOMAIN_NAME - echo '' >> $postactiv_nginx_site - echo ' # Security' >> $postactiv_nginx_site + nginx_compress "$POSTACTIV_DOMAIN_NAME" + echo '' >> "$postactiv_nginx_site" + echo ' # Security' >> "$postactiv_nginx_site" function_check nginx_ssl - nginx_ssl $POSTACTIV_DOMAIN_NAME + nginx_ssl "$POSTACTIV_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME + nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Logs' >> $postactiv_nginx_site - echo ' access_log /dev/null;' >> $postactiv_nginx_site - echo ' error_log /dev/null;' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Root' >> $postactiv_nginx_site - echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Index' >> $postactiv_nginx_site - echo ' index index.php;' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # PHP' >> $postactiv_nginx_site - echo ' location ~ \.php {' >> $postactiv_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site - echo ' fastcgi_read_timeout 30;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Location' >> $postactiv_nginx_site - echo ' location / {' >> $postactiv_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' # Index'; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$postactiv_nginx_site" function_check nginx_limits - nginx_limits $POSTACTIV_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Fancy URLs' >> $postactiv_nginx_site - echo ' location @postactiv {' >> $postactiv_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site - echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site - echo ' deny all;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '}' >> $postactiv_nginx_site + nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @postactiv;"; + echo ' }'; + echo ''; + echo ' # Fancy URLs'; + echo ' location @postactiv {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "$postactiv_nginx_site" else - echo -n '' > $postactiv_nginx_site + echo -n '' > "$postactiv_nginx_site" fi - echo 'server {' >> $postactiv_nginx_site - echo " listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site - echo " server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;"; + echo " server_name $POSTACTIV_ONION_HOSTNAME;"; + echo ''; } >> "$postactiv_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME - echo '' >> $postactiv_nginx_site + nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME" + echo '' >> "$postactiv_nginx_site" function_check nginx_compress - nginx_compress $POSTACTIV_DOMAIN_NAME - echo '' >> $postactiv_nginx_site - echo ' # Logs' >> $postactiv_nginx_site - echo ' access_log /dev/null;' >> $postactiv_nginx_site - echo ' error_log /dev/null;' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Root' >> $postactiv_nginx_site - echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Index' >> $postactiv_nginx_site - echo ' index index.php;' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # PHP' >> $postactiv_nginx_site - echo ' location ~ \.php {' >> $postactiv_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site - echo ' fastcgi_read_timeout 30;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Location' >> $postactiv_nginx_site - echo ' location / {' >> $postactiv_nginx_site + nginx_compress "$POSTACTIV_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' # Index'; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$postactiv_nginx_site" function_check nginx_limits - nginx_limits $POSTACTIV_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Fancy URLs' >> $postactiv_nginx_site - echo ' location @postactiv {' >> $postactiv_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '' >> $postactiv_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site - echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site - echo ' deny all;' >> $postactiv_nginx_site - echo ' }' >> $postactiv_nginx_site - echo '}' >> $postactiv_nginx_site + nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @postactiv;"; + echo ' }'; + echo ''; + echo ' # Fancy URLs'; + echo ' location @postactiv {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "$postactiv_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $POSTACTIV_DOMAIN_NAME 'yes' + create_site_certificate "$POSTACTIV_DOMAIN_NAME" 'yes' # Ensure that the database gets backed up locally, if remote # backups are not being used @@ -817,7 +820,7 @@ function install_postactiv_main { backup_database_local postactiv function_check nginx_ensite - nginx_ensite $POSTACTIV_DOMAIN_NAME + nginx_ensite "$POSTACTIV_DOMAIN_NAME" # NOTE: For the typical case always enable SSL and only # disable it if in onion only mode. This is due to complexities @@ -834,8 +837,8 @@ function install_postactiv_main { # Create the configuration postactiv_installer=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts/install_cli.php - if [ ! -f $postactiv_installer ]; then - rm -rf /var/www/$POSTACTIV_DOMAIN_NAME + if [ ! -f "$postactiv_installer" ]; then + rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME" echo $'No postactiv commandline installer found' exit 53026 fi @@ -856,45 +859,45 @@ function install_postactiv_main { #fi # check postactiv has a config file - postactiv_config_file=/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php - if [ ! -f $postactiv_config_file ]; then + postactiv_config_file="/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php" + if [ ! -f "$postactiv_config_file" ]; then drop_database postactiv - rm -rf /var/www/$POSTACTIV_DOMAIN_NAME + rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME" echo $'Postactiv config.php not found' exit 87586 fi # Some useful settings - if ! grep -q "Recommended postactiv settings" $postactiv_config_file; then - echo "" >> $postactiv_config_file - echo "// Recommended postactiv settings" >> $postactiv_config_file - echo "\$config['thumbnail']['maxsize'] = 3000;" >> $postactiv_config_file - echo "\$config['profile']['delete'] = true;" >> $postactiv_config_file - echo "\$config['profile']['changenick'] = true;" >> $postactiv_config_file - echo "\$config['public']['localonly'] = false;" >> $postactiv_config_file - echo "addPlugin('StoreRemoteMedia');" >> $postactiv_config_file - echo "\$config['queue']['enabled'] = true;" >> $postactiv_config_file - echo "\$config['queue']['daemon'] = true;" >> $postactiv_config_file - echo "\$config['ostatus']['hub_retries'] = 3;" >> $postactiv_config_file + if ! grep -q "Recommended postactiv settings" "$postactiv_config_file"; then + { echo ""; + echo "// Recommended postactiv settings"; + echo "\$config['thumbnail']['maxsize'] = 3000;"; + echo "\$config['profile']['delete'] = true;"; + echo "\$config['profile']['changenick'] = true;"; + echo "\$config['public']['localonly'] = false;"; + echo "addPlugin('StoreRemoteMedia');"; + echo "\$config['queue']['enabled'] = true;"; + echo "\$config['queue']['daemon'] = true;"; + echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$postactiv_config_file" fi - echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $postactiv_config_file + echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$postactiv_config_file" # This improves performance - sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $postactiv_config_file + sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$postactiv_config_file" # remove the install script - if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then - rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php + if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then + rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" fi systemctl restart mariadb systemctl restart php7.0-fpm systemctl restart nginx - ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no + "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no - ${PROJECT_NAME}-pass -u $MY_USERNAME -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD" gnusocial_block_user_script gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME" @@ -905,7 +908,7 @@ function install_postactiv_main { } function install_postactiv { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -925,8 +928,8 @@ function install_postactiv { install_nodejs pleroma-gnusocial install_pleroma_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME" - postactiv_customise_logo - sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json + postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME" + sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json" fi expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS" @@ -940,8 +943,8 @@ function install_postactiv { # And doesn't forget logins gnusocial_use_qvitter postactiv - if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then - pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" + if [ "$POSTACTIV_BACKGROUND_IMAGE_URL" ]; then + pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" fi APP_INSTALLED=1 diff --git a/src/freedombone-app-privatebin b/src/freedombone-app-privatebin index 48d122aa..0667cd84 100755 --- a/src/freedombone-app-privatebin +++ b/src/freedombone-app-privatebin @@ -56,7 +56,7 @@ function secure_privatebin { find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550 chown -R ${rootuser}:${htgroup} "${pbpath}/" - chown -R www-data:www-data ${pbdata} + chown -R www-data:www-data "${pbdata}" } function logging_on_privatebin { @@ -68,63 +68,65 @@ function logging_off_privatebin { } function remove_user_privatebin { - remove_username="$1" + echo -n '' +# remove_username="$1" } function add_user_privatebin { - new_username="$1" - new_user_password="$2" +# new_username="$1" +# new_user_password="$2" echo '0' } function install_interactive_privatebin { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then PRIVATEBIN_DOMAIN_NAME='privatebin.local' else PRIVATEBIN_DETAILS_COMPLETE= while [ ! $PRIVATEBIN_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"PrivateBin Configuration" \ - --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"PrivateBin Configuration" \ - --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $PRIVATEBIN_DOMAIN_NAME ]; then - if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then + PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then + if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then PRIVATEBIN_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then PRIVATEBIN_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - PRIVATEBIN_CODE=$(cat $data | sed -n 2p) + PRIVATEBIN_CODE=$(sed -n 2p < "$data") validate_freedns_code "$PRIVATEBIN_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then PRIVATEBIN_DOMAIN_NAME= fi fi @@ -133,6 +135,7 @@ function install_interactive_privatebin { if [ $PRIVATEBIN_DOMAIN_NAME ]; then PRIVATEBIN_DETAILS_COMPLETE="yes" fi + rm -f "$data" done write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE" @@ -142,8 +145,9 @@ function install_interactive_privatebin { } function change_password_privatebin { - curr_username="$1" - new_user_password="$2" +# curr_username="$1" +# new_user_password="$2" + echo -n '' } function reconfigure_privatebin { @@ -156,13 +160,13 @@ function upgrade_privatebin { return fi - if grep -q "privatebin domain" $COMPLETION_FILE; then + if grep -q "privatebin domain" "$COMPLETION_FILE"; then PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") fi # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO + set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO" secure_privatebin } @@ -170,40 +174,40 @@ function upgrade_privatebin { function backup_local_privatebin { PRIVATEBIN_DOMAIN_NAME='privatebin' - if grep -q "privatebin domain" $COMPLETION_FILE; then + if grep -q "privatebin domain" "$COMPLETION_FILE"; then PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") fi - source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data + source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data" function_check suspend_site - suspend_site ${PRIVATEBIN_DOMAIN_NAME} + suspend_site "${PRIVATEBIN_DOMAIN_NAME}" function_check backup_directory_to_usb dest_directory=privatebin - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check restart_site restart_site } function restore_local_privatebin { - if ! grep -q "privatebin domain" $COMPLETION_FILE; then + if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then return fi PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") - if [ $PRIVATEBIN_DOMAIN_NAME ]; then + if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then echo $"Restoring privatebin" temp_restore_dir=/root/tempprivatebin - privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data + privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data" function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir privatebin if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$privatebin_dir ]; then - cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/ + if [ -d "$temp_restore_dir$privatebin_dir" ]; then + cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/" else - cp -rp $temp_restore_dir/* $privatebin_dir/ + cp -rp "$temp_restore_dir/*" "$privatebin_dir/" fi secure_privatebin rm -rf $temp_restore_dir @@ -215,39 +219,39 @@ function restore_local_privatebin { function backup_remote_privatebin { PRIVATEBIN_DOMAIN_NAME='privatebin' - if grep -q "privatebin domain" $COMPLETION_FILE; then + if grep -q "privatebin domain" "$COMPLETION_FILE"; then PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") fi - source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data + source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data" function_check suspend_site - suspend_site ${PRIVATEBIN_DOMAIN_NAME} + suspend_site "${PRIVATEBIN_DOMAIN_NAME}" function_check backup_directory_to_friend dest_directory=privatebin - backup_directory_to_friend $source_directory $dest_directory + backup_directory_to_friend "$source_directory" "$dest_directory" function_check restart_site restart_site } function restore_remote_privatebin { - if ! grep -q "privatebin domain" $COMPLETION_FILE; then + if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then return fi PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") - if [ $PRIVATEBIN_DOMAIN_NAME ]; then + if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then temp_restore_dir=/root/tempprivatebin privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir privatebin if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$privatebin_dir ]; then - cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/ + if [ -d "$temp_restore_dir$privatebin_dir" ]; then + cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/" else - cp -rp $temp_restore_dir/* $privatebin_dir/ + cp -rp "$temp_restore_dir/*" "$privatebin_dir/" fi secure_privatebin rm -rf $temp_restore_dir @@ -262,14 +266,14 @@ function remove_privatebin { read_config_param "PRIVATEBIN_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $PRIVATEBIN_DOMAIN_NAME" - nginx_dissite $PRIVATEBIN_DOMAIN_NAME - remove_certs $PRIVATEBIN_DOMAIN_NAME + nginx_dissite "$PRIVATEBIN_DOMAIN_NAME" + remove_certs "$PRIVATEBIN_DOMAIN_NAME" - if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then - rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME + if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then + rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" fi function_check remove_onion_service remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT} @@ -278,18 +282,18 @@ function remove_privatebin { fi remove_app privatebin remove_completion_param install_privatebin - sed -i '/privatebin/d' $COMPLETION_FILE + sed -i '/privatebin/d' "$COMPLETION_FILE" function_check remove_ddns_domain - remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME + remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME" } function install_privatebin { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then + if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then echo $'No domain name was given for privatebin' exit 7359 fi @@ -298,153 +302,153 @@ function install_privatebin { apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install php-libsodium libsodium18 php-mcrypt - if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then - mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME + if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then + mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME" fi - if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/privatebin ]; then - mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs - cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs - cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs + mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" + cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" + cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824 git pull else function_check git_clone - git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs + git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone privatebin repo' exit 63763873 fi fi - cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs - git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT + cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462 + git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT" set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT" - chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs - chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs + chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" function_check add_ddns_domain - add_ddns_domain $PRIVATEBIN_DOMAIN_NAME + add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME" PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT}) privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php" - echo 'server {' >> $privatebin_nginx_site - echo ' listen 443 ssl;' >> $privatebin_nginx_site - echo ' #listen [::]:443 ssl;' >> $privatebin_nginx_site - echo " server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site + nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $PRIVATEBIN_DOMAIN_NAME;"; + echo ''; } >> "$privatebin_nginx_site" function_check nginx_compress - nginx_compress $PRIVATEBIN_DOMAIN_NAME - echo '' >> $privatebin_nginx_site - echo ' # Security' >> $privatebin_nginx_site + nginx_compress "$PRIVATEBIN_DOMAIN_NAME" + echo '' >> "$privatebin_nginx_site" + echo ' # Security' >> "$privatebin_nginx_site" function_check nginx_ssl - nginx_ssl $PRIVATEBIN_DOMAIN_NAME + nginx_ssl "$PRIVATEBIN_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME + nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' # Logs' >> $privatebin_nginx_site - echo ' access_log /dev/null;' >> $privatebin_nginx_site - echo ' error_log /dev/null;' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' index index.php;' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' location ~ \.php {' >> $privatebin_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site - echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site - echo ' }' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' # Location' >> $privatebin_nginx_site - echo ' location / {' >> $privatebin_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$privatebin_nginx_site" function_check nginx_limits - nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site - echo ' }' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site - echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site - echo ' deny all;' >> $privatebin_nginx_site - echo ' }' >> $privatebin_nginx_site - echo '}' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site + nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m' + { echo ' try_files $uri $uri/ @privatebin;'; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo '}'; + echo ''; } >> "$privatebin_nginx_site" else - echo -n '' > $privatebin_nginx_site + echo -n '' > "$privatebin_nginx_site" fi - echo 'server {' >> $privatebin_nginx_site - echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site - echo " server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;"; + echo " server_name $PRIVATEBIN_ONION_HOSTNAME;"; + echo ''; } >> "$privatebin_nginx_site" function_check nginx_compress - nginx_compress $PRIVATEBIN_DOMAIN_NAME - echo '' >> $privatebin_nginx_site + nginx_compress "$PRIVATEBIN_DOMAIN_NAME" + echo '' >> "$privatebin_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME - echo '' >> $privatebin_nginx_site - echo ' # Logs' >> $privatebin_nginx_site - echo ' access_log /dev/null;' >> $privatebin_nginx_site - echo ' error_log /dev/null;' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' index index.php;' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' location ~ \.php {' >> $privatebin_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site - echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site - echo ' }' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' # Location' >> $privatebin_nginx_site - echo ' location / {' >> $privatebin_nginx_site + nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$privatebin_nginx_site" function_check nginx_limits - nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site - echo ' }' >> $privatebin_nginx_site - echo '' >> $privatebin_nginx_site - echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site - echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site - echo ' deny all;' >> $privatebin_nginx_site - echo ' }' >> $privatebin_nginx_site - echo '}' >> $privatebin_nginx_site + nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m' + { echo ' try_files $uri $uri/ @privatebin;'; + echo ' }'; + echo ''; + echo ' # Restrict access that is unnecessary anyway'; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "$privatebin_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes' + create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes' function_check nginx_ensite - nginx_ensite $PRIVATEBIN_DOMAIN_NAME + nginx_ensite "$PRIVATEBIN_DOMAIN_NAME" - cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php + cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" # Change some defaults - sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|languagedefault =.*|languagedefault = "en"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|limit = 10|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|limit = 300|limit = 0|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|batchsize =.*|batchsize = 100|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php - sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php + sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" + sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" - mkdir -p /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data + mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data" secure_privatebin diff --git a/src/freedombone-app-profanity b/src/freedombone-app-profanity index d602aa50..604d388f 100755 --- a/src/freedombone-app-profanity +++ b/src/freedombone-app-profanity @@ -57,12 +57,13 @@ function logging_off_profanity { } function remove_user_profanity { - remove_username="$1" + echo -n '' +# remove_username="$1" } function add_user_profanity { - new_username="$1" - new_user_password="$2" +# new_username="$1" +# new_user_password="$2" echo '0' } @@ -82,19 +83,19 @@ function change_password_profanity { read_config_param DEFAULT_DOMAIN_NAME - ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password" # TODO: this is currently interactive. Really there needs to be a # non-interactive password change option for prosodyctl clear echo '' echo $'Currently Prosody requires password changes to be done interactively' - prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME} + prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}" XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts - if [ -f $XMPP_CLIENT_ACCOUNTS ]; then - sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS + if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then + sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS" fi } @@ -110,11 +111,11 @@ function upgrade_profanity { rm -rf /tmp/* - CURR_LIBMESODE_COMMIT=$(cat $COMPLETION_FILE | grep "libmesode commit" | awk -F ':' '{print $2}') + CURR_LIBMESODE_COMMIT=$(grep "libmesode commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}') if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then function_check set_repo_commit - set_repo_commit $INSTALL_DIR/libmesode "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO - cd $INSTALL_DIR/libmesode + set_repo_commit "$INSTALL_DIR/libmesode" "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO + cd "$INSTALL_DIR/libmesode" || exit 42682682 ./bootstrap.sh ./configure make @@ -124,42 +125,42 @@ function upgrade_profanity { rm -rf /tmp/* - CURR_PROFANITY_COMMIT=$(cat $COMPLETION_FILE | grep "profanity commit" | awk -F ':' '{print $2}') + CURR_PROFANITY_COMMIT=$(grep "profanity commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}') if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then function_check set_repo_commit - set_repo_commit $INSTALL_DIR/profanity "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO - cd $INSTALL_DIR/profanity + set_repo_commit "$INSTALL_DIR/profanity" "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO + cd "$INSTALL_DIR/profanity" || exit 248242684 ./bootstrap.sh ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver make make install fi - CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(cat $COMPLETION_FILE | grep "profanity omemo plugin commit" | awk -F ':' '{print $2}') + CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(grep "profanity omemo plugin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}') if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then # upgrade omemo plugins for all users - set_repo_commit $INSTALL_DIR/profanity-omemo-plugin "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO - cd $INSTALL_DIR/profanity-omemo-plugin - sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh + set_repo_commit "$INSTALL_DIR/profanity-omemo-plugin" "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO + cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 2468246284 + sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh" pip uninstall -y profanity-omemo-plugin ./install.sh for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ ! -d /home/$USERNAME/.local/share/profanity/plugins ]; then - mkdir -p /home/$USERNAME/.local/share/profanity/plugins + if [ ! -d "/home/$USERNAME/.local/share/profanity/plugins" ]; then + mkdir -p "/home/$USERNAME/.local/share/profanity/plugins" fi - if [ -f $INSTALL_DIR/profanity-omemo-plugin/omemo.py ]; then - rm $INSTALL_DIR/profanity-omemo-plugin/omemo.* + if [ -f "$INSTALL_DIR/profanity-omemo-plugin/omemo.py" ]; then + rm "$INSTALL_DIR/profanity-omemo-plugin/omemo.*" fi - cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$USERNAME/.local/share/profanity/plugins - chown -R $USERNAME:$USERNAME /home/$USERNAME/.local + cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$USERNAME/.local/share/profanity/plugins" + chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.local" fi done if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then rm /etc/skel/.local/share/profanity/plugins/omemo.* fi - cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins + cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/etc/skel/.local/share/profanity/plugins" fi chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_* @@ -183,11 +184,11 @@ function restore_remote_profanity { function remove_profanity { if [ -f /usr/local/bin/profanity ]; then - cd $INSTALL_DIR/profanity + cd "$INSTALL_DIR/profanity" || exit 4628462848 make uninstall remove_completion_param install_profanity - sed -i '/profanity/d' $COMPLETION_FILE + sed -i '/profanity/d' "$COMPLETION_FILE" fi } @@ -197,8 +198,8 @@ function install_profanity { return fi # install profanity from source in order to get OMEMO support - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir -p "$INSTALL_DIR" fi apt-get -yq install automake autoconf autoconf-archive libtool build-essential @@ -207,15 +208,15 @@ function install_profanity { # dependency for profanity not available in debian if [ -d /repos/libmesode ]; then - mkdir $INSTALL_DIR/libmesode - cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode - cd $INSTALL_DIR/libmesode + mkdir "$INSTALL_DIR/libmesode" + cp -r -p /repos/libmesode/. "$INSTALL_DIR/libmesode" + cd "$INSTALL_DIR/libmesode" || exit 46287642846872 git pull else - git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode + git_clone "$LIBMESODE_REPO" "$INSTALL_DIR/libmesode" fi - cd $INSTALL_DIR/libmesode + cd "$INSTALL_DIR/libmesode" || exit 2468246284 git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT ./bootstrap.sh ./configure @@ -225,15 +226,15 @@ function install_profanity { # build profanity if [ -d /repos/profanity ]; then - mkdir $INSTALL_DIR/profanity - cp -r -p /repos/profanity/. $INSTALL_DIR/profanity - cd $INSTALL_DIR/profanity + mkdir "$INSTALL_DIR/profanity" + cp -r -p /repos/profanity/. "$INSTALL_DIR/profanity" + cd "$INSTALL_DIR/profanity" || exit 2468246824 git pull else - git_clone $PROFANITY_REPO $INSTALL_DIR/profanity + git_clone "$PROFANITY_REPO" "$INSTALL_DIR/profanity" fi - cd $INSTALL_DIR/profanity + cd "$INSTALL_DIR/profanity" || exit 54287452858 git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT ./bootstrap.sh ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver @@ -249,116 +250,116 @@ function install_profanity { apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev if [ -d /repos/profanity-omemo ]; then - mkdir $INSTALL_DIR/profanity-omemo-plugin - cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin - cd $INSTALL_DIR/profanity-omemo-plugin + mkdir "$INSTALL_DIR/profanity-omemo-plugin" + cp -r -p /repos/profanity-omemo/. "$INSTALL_DIR/profanity-omemo-plugin" + cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 24682462842 git pull else - git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin + git_clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$INSTALL_DIR/profanity-omemo-plugin" fi - cd $INSTALL_DIR/profanity-omemo-plugin + cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 6428468248 git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT - if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then + if [ ! -f "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" ]; then echo $'prof_omemo_plugin.py not found' exit 389225 fi - sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh + sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh" ./install.sh mkdir -p /etc/skel/.local/share/profanity/plugins - cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins - cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$MY_USERNAME/.local/share/profanity/plugins - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local + cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins + cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /home/$MY_USERNAME/.local/share/profanity/plugins + chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local" XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts - if [ ! -d $XMPP_CLIENT_DIR ]; then - mkdir -p $XMPP_CLIENT_DIR + if [ ! -d "$XMPP_CLIENT_DIR" ]; then + mkdir -p "$XMPP_CLIENT_DIR" fi XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname) - MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME") + #MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME") if [[ $ONION_ONLY == 'no' ]]; then - echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS - echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS - echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS - echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS - # There is a bug where profanity doesn't refresh the screen - # after gpg-agent has asked for a password, so for now - # don't set the gpg key by default - #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS - echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS - echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS - echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS - echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS + { echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]"; + echo 'enabled=true'; + echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}"; + echo "server=$XMPP_ONION_HOSTNAME"; + # There is a bug where profanity doesn't refresh the screen + # after gpg-agent has asked for a password, so for now + # don't set the gpg key by default + #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID"; + echo "pgp.keyid="; + echo 'resource=profanity'; + echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}"; + echo "muc.nick=${MY_USERNAME}"; + echo 'presence.last=online'; + echo 'presence.login=online'; + echo 'priority.online=0'; + echo 'priority.chat=0'; + echo 'priority.away=0'; + echo 'priority.xa=0'; + echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS" if [ ${#XMPP_PASSWORD} -gt 2 ]; then - echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS + echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS" fi fi if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then - echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS + echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> "$XMPP_CLIENT_ACCOUNTS" if [[ $ONION_ONLY == 'no' ]]; then - echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS + echo 'enabled=false' >> "$XMPP_CLIENT_ACCOUNTS" else - echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS + echo 'enabled=true' >> "$XMPP_CLIENT_ACCOUNTS" fi - echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS - # There is a bug where profanity doesn't refresh the screen - # after gpg-agent has asked for a password, so for now - # don't set the gpg key by default - #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS - echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS - echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS - echo "muc.service=${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS + { echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}"; + echo "server=$XMPP_ONION_HOSTNAME"; + # There is a bug where profanity doesn't refresh the screen + # after gpg-agent has asked for a password, so for now + # don't set the gpg key by default + #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID"; + echo "pgp.keyid="; + echo 'resource=profanity'; + echo "muc.service=${XMPP_ONION_HOSTNAME}"; + echo "muc.nick=${MY_USERNAME}"; + echo 'presence.last=online'; + echo 'presence.login=online'; + echo 'priority.online=0'; + echo 'priority.chat=0'; + echo 'priority.away=0'; + echo 'priority.xa=0'; + echo 'priority.dnd=0'; } >> "$XMPP_CLIENT_ACCOUNTS" if [ ${#XMPP_PASSWORD} -gt 2 ]; then - echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS + echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS" fi fi - if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then - mkdir -p /home/$MY_USERNAME/.config/profanity + if [ ! -d "/home/$MY_USERNAME/.config/profanity" ]; then + mkdir -p "/home/$MY_USERNAME/.config/profanity" fi - echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc + echo '[connection]' > "/home/$MY_USERNAME/.config/profanity/profrc" if [[ $ONION_ONLY == 'no' ]]; then - echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc + echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc" else - echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc + echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc" fi - echo '' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '[plugins]' >> /home/$MY_USERNAME/.config/profanity/profrc - echo 'load=prof_omemo_plugin.py;' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '[otr]' >> /home/$MY_USERNAME/.config/profanity/profrc - echo 'policy=opportunistic' >> /home/$MY_USERNAME/.config/profanity/profrc - echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '[pgp]' >> /home/$MY_USERNAME/.config/profanity/profrc - echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '' >> /home/$MY_USERNAME/.config/profanity/profrc - echo '[ui]' >> /home/$MY_USERNAME/.config/profanity/profrc - echo 'enc.warn=true' >> /home/$MY_USERNAME/.config/profanity/profrc + { echo ''; + echo '[plugins]'; + echo 'load=prof_omemo_plugin.py;'; + echo ''; + echo '[otr]'; + echo 'policy=opportunistic'; + echo 'log=off'; + echo ''; + echo '[pgp]'; + echo 'log=off'; + echo ''; + echo '[ui]'; + echo 'enc.warn=true'; } >> "/home/$MY_USERNAME/.config/profanity/profrc" - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config + chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local" + chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config" chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_* APP_INSTALLED=1 diff --git a/src/freedombone-app-radicale b/src/freedombone-app-radicale index 7e925801..6d37c502 100755 --- a/src/freedombone-app-radicale +++ b/src/freedombone-app-radicale @@ -61,15 +61,15 @@ function logging_off_radicale { function remove_user_radicale { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp radicale + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale if grep -q "${remove_username}:" ${RADICALE_USERS}; then sed -i "/${remove_username}:/d" ${RADICALE_USERS} - if [ -d /var/www/radicale/collections/${remove_username} ]; then - rm -rf /var/www/radicale/collections/${remove_username} + if [ -d "/var/www/radicale/collections/${remove_username}" ]; then + rm -rf "/var/www/radicale/collections/${remove_username}" fi - if [ -f /var/www/radicale/collections/${remove_username}.props ]; then - rm /var/www/radicale/collections/${remove_username}.props + if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then + rm "/var/www/radicale/collections/${remove_username}.props" fi systemctl restart radicale fi @@ -79,7 +79,7 @@ function add_user_radicale { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a radicale -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password" if [ ! -f ${RADICALE_USERS} ]; then touch ${RADICALE_USERS} @@ -88,13 +88,13 @@ function add_user_radicale { if ! grep -q "$new_username:" ${RADICALE_USERS}; then htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password" - echo '{"ICAL:calendar-color": "#9e50df"}' > /var/www/radicale/collections/${new_username}.props - mkdir /var/www/radicale/collections/${new_username} - echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > /var/www/radicale/collections/${new_username}/calendar.props - echo 'BEGIN:VCALENDAR' > /var/www/radicale/collections/${new_username}/calendar - echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN' >> /var/www/radicale/collections/${new_username}/calendar - echo 'VERSION:2.0' >> /var/www/radicale/collections/${new_username}/calendar - echo 'END:VCALENDAR' >> /var/www/radicale/collections/${new_username}/calendar + echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props" + mkdir "/var/www/radicale/collections/${new_username}" + echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props" + { echo 'BEGIN:VCALENDAR'; + echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN'; + echo 'VERSION:2.0'; + echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar" chown -R www-data:www-data /var/www/radicale chmod -R 755 /var/www/radicale/* @@ -107,7 +107,7 @@ function change_password_radicale { existing_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $existing_username -a radicale -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password" if grep -q "${existing_username}:" ${RADICALE_USERS}; then sed -i "/${existing_username}:/d" ${RADICALE_USERS} @@ -127,14 +127,14 @@ function reconfigure_radicale { rm -rf /var/log/radicale/* # create an admin password - if [ -f $IMAGE_PASSWORD_FILE ]; then - RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD" touch /var/log/radicale/radicale.log chown -R www-data:www-data /var/log/radicale @@ -145,7 +145,7 @@ function upgrade_radicale { return fi - if ! grep -q "radicale version:" $COMPLETION_FILE; then + if ! grep -q "radicale version:" "$COMPLETION_FILE"; then return fi @@ -155,7 +155,7 @@ function upgrade_radicale { fi # get the source - cd /var/www/radicale + cd /var/www/radicale || exit 62784628468 wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz # check the hash @@ -170,7 +170,7 @@ function upgrade_radicale { exit 73529 fi rm Radicale-${RADICALE_VERSION}.tar.gz - cd Radicale-${RADICALE_VERSION} + cd "Radicale-${RADICALE_VERSION}" || exit 264824684 # move the old command mv /usr/local/bin/radicale /usr/local/bin/radicale_previous @@ -186,9 +186,9 @@ function upgrade_radicale { fi # remove the old source - rm -rf Radicale-${CURR_RADICALE_VERSION} + rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282 - sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" ${COMPLETION_FILE} + sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}" chown -R www-data:www-data /var/www/radicale systemctl restart radicale systemctl restart nginx @@ -219,6 +219,7 @@ function restore_local_radicale { else cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check backup_unmount_drive backup_unmount_drive @@ -233,6 +234,7 @@ function restore_local_radicale { else cp -r $temp_restore_dir/* /var/www/radicale/* fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check backup_unmount_drive backup_unmount_drive @@ -264,6 +266,7 @@ function restore_remote_radicale { else cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 236746 fi @@ -276,6 +279,7 @@ function restore_remote_radicale { else cp -r $temp_restore_dir/* /var/www/radicale fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 3674284 fi @@ -332,17 +336,17 @@ function remove_radicale { fi remove_completion_param install_radicale - sed -i '/radicale/d' $COMPLETION_FILE - sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + sed -i '/radicale/d' "$COMPLETION_FILE" + sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" systemctl restart nginx } function install_radicale { if [[ $ONION_ONLY == 'no' ]]; then # obtain a cert for the default domain - if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then + if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then echo $'Obtaining certificate for the main domain' - create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' + create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes' fi fi @@ -368,7 +372,7 @@ function install_radicale { fi # get the source - cd /var/www/radicale + cd /var/www/radicale || exit 462874628 wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz # check the hash @@ -383,7 +387,7 @@ function install_radicale { exit 623252 fi rm Radicale-${RADICALE_VERSION}.tar.gz - cd Radicale-${RADICALE_VERSION} + cd "Radicale-${RADICALE_VERSION}" || exit 872462842 python setup.py install if [ ! -f /usr/local/bin/radicale ]; then echo $'Radicale did not install' @@ -398,52 +402,52 @@ function install_radicale { fi # create the configuration - echo '[server]' > ${RADICALE_DIRECTORY}/config - echo 'hosts=localhost:52322' >> ${RADICALE_DIRECTORY}/config - echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config - echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config - echo 'base_prefix=/radicale/' >> ${RADICALE_DIRECTORY}/config - echo '' >> ${RADICALE_DIRECTORY}/config - echo '[storage]' >> ${RADICALE_DIRECTORY}/config - echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config - echo "filesystem_folder = /var/www/radicale/collections" >> ${RADICALE_DIRECTORY}/config - echo '' >> ${RADICALE_DIRECTORY}/config - echo '[well-known]' >> ${RADICALE_DIRECTORY}/config - echo "caldav = '/%(user)s/caldav/'" >> ${RADICALE_DIRECTORY}/config - echo "carddav = '/%(user)s/carddav/'" >> ${RADICALE_DIRECTORY}/config - echo '' >> ${RADICALE_DIRECTORY}/config - echo '#[auth]' >> ${RADICALE_DIRECTORY}/config - echo '#imap_hostname = localhost' >> ${RADICALE_DIRECTORY}/config - echo '#imap_port = 143' >> ${RADICALE_DIRECTORY}/config - echo '#imap_ssl = False' >> ${RADICALE_DIRECTORY}/config - echo '' >> ${RADICALE_DIRECTORY}/config - echo '[logging]' >> ${RADICALE_DIRECTORY}/config - echo 'debug = False' >> ${RADICALE_DIRECTORY}/config + { echo '[server]'; + echo 'hosts=localhost:52322'; + echo 'ssl = False'; + echo 'daemon = False'; + echo 'base_prefix=/radicale/'; + echo ''; + echo '[storage]'; + echo 'type = filesystem'; + echo "filesystem_folder = /var/www/radicale/collections"; + echo ''; + echo '[well-known]'; + echo "caldav = '/%(user)s/caldav/'"; + echo "carddav = '/%(user)s/carddav/'"; + echo ''; + echo '#[auth]'; + echo '#imap_hostname = localhost'; + echo '#imap_port = 143'; + echo '#imap_ssl = False'; + echo ''; + echo '[logging]'; + echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config" # create an admin password if [ ${#RADICALE_PASSWORD} -lt 8 ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD" - echo '[Unit]' > /etc/systemd/system/radicale.service - echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service - echo 'After=network.target' >> /etc/systemd/system/radicale.service - echo '' >> /etc/systemd/system/radicale.service - echo '[Service]' >> /etc/systemd/system/radicale.service - echo 'Type=simple' >> /etc/systemd/system/radicale.service - echo 'User=www-data' >> /etc/systemd/system/radicale.service - echo 'Group=www-data' >> /etc/systemd/system/radicale.service - echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service - echo 'Restart=on-failure' >> /etc/systemd/system/radicale.service - echo 'RestartSec=10' >> /etc/systemd/system/radicale.service - echo '' >> /etc/systemd/system/radicale.service - echo '[Install]' >> /etc/systemd/system/radicale.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service + { echo '[Unit]'; + echo 'Description=Radicale CalDAV Server'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=www-data'; + echo 'Group=www-data'; + echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config"; + echo 'Restart=on-failure'; + echo 'RestartSec=10'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service addresses_str=$"Addresses" echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props @@ -461,107 +465,107 @@ function install_radicale { systemctl enable radicale systemctl start radicale - if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then + if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then # create a new site config RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT}) if [[ $ONION_ONLY == 'no' ]]; then - echo 'server {' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo " listen 443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo " #listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + { echo 'server {'; + echo " listen 443 ssl;"; + echo " #listen [::]:443 ssl;"; + echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" function_check nginx_ssl - nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile + nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile function_check nginx_disable_sniffing - nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo " server_name ${DEFAULT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}" + { echo ''; + echo " server_name ${DEFAULT_DOMAIN_NAME};"; - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Start radicale'; + echo ' location @radicale {'; + echo ' auth_basic "Radicale";'; + echo ' auth_basic_user_file /var/www/radicale/users;'; + echo ' proxy_pass http://localhost:52322;'; + echo ' proxy_buffering off;'; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo " proxy_set_header X-Forwarded-Proto \$scheme;"; + echo ' }'; + echo ''; + echo ' location /radicale {'; + echo " try_files \$uri @radicale;"; + echo ' }'; + echo ''; + echo ' location /.well-known/carddav {'; + echo " try_files \$uri @radicale;"; + echo ' }'; + echo ''; + echo ' location /.well-known/caldav {'; + echo " try_files \$uri @radicale;"; + echo ' }'; + echo ' # End radicale'; + echo '}'; + echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" else - echo -n '' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" fi - echo 'server {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo " listen localhost:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo " server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo ' # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + { echo 'server {'; + echo " listen localhost:${RADICALE_ONION_PORT} default_server;"; + echo ''; + echo " server_name ${RADICALE_ONION_HOSTNAME};"; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Start radicale'; + echo ' location @radicale {'; + echo ' auth_basic "Radicale";'; + echo ' auth_basic_user_file /var/www/radicale/users;'; + echo ' proxy_pass http://localhost:52322;'; + echo ' proxy_buffering off;'; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo " proxy_set_header X-Forwarded-Proto \$scheme;"; + echo ' }'; + echo ''; + echo ' location /radicale {'; + echo " try_files \$uri @radicale;"; + echo ' }'; + echo ''; + echo ' location /.well-known/carddav {'; + echo " try_files \$uri @radicale;"; + echo ' }'; + echo ''; + echo ' location /.well-known/caldav {'; + echo " try_files \$uri @radicale;"; + echo ' }'; + echo ' # End radicale'; + echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}" else # alter the existing site config - if ! grep -q "# Start radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then - sed -i '/]:443/a # Start radicale\n location @radicale {\n auth_basic "Radicale";\n auth_basic_user_file \/var\/www\/radicale\/users;\n proxy_pass http:\/\/localhost:52322;\n proxy_buffering off;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }\n\n location \/radicale {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/carddav {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/caldav {\n try_files $uri @radicale;\n }\n # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} - sed -i '/listen localhost/a # Start radicale\n location @radicale {\n auth_basic "Radicale";\n auth_basic_user_file \/var\/www\/radicale\/users;\n proxy_pass http:\/\/localhost:52322;\n proxy_buffering off;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }\n\n location \/radicale {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/carddav {\n try_files $uri @radicale;\n }\n\n location \/.well-known\/caldav {\n try_files $uri @radicale;\n }\n # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} + if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then + sed -i "/]:443/a # Start radicale\\n location @radicale {\\n auth_basic \"Radicale\";\\n auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n proxy_pass http:\\/\\/localhost:52322;\\n proxy_buffering off;\\n proxy_set_header Host $host;\\n proxy_set_header X-Real-IP $remote_addr;\\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n proxy_set_header X-Forwarded-Proto $scheme;\\n }\\n\\n location \\/radicale {\\n try_files $uri @radicale;\\n }\n\n location \\/.well-known\\/carddav {\\n try_files $uri @radicale;\\n }\\n\\n location \\/.well-known\\/caldav {\\n try_files $uri @radicale;\\n }\n # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" + sed -i "/listen localhost/a # Start radicale\\n location @radicale {\\n auth_basic \"Radicale\";\\n auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n proxy_pass http:\\/\\/localhost:52322;\\n proxy_buffering off;\\n proxy_set_header Host $host;\\n proxy_set_header X-Real-IP $remote_addr;\\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n proxy_set_header X-Forwarded-Proto $scheme;\\n }\\n\\n location \/radicale {\\n try_files $uri @radicale;\\n }\\n\\n location \\/.well-known\\/carddav {\\n try_files $uri @radicale;\\n }\\n\\n location \\/.well-known\\/caldav {\\n try_files $uri @radicale;\\n }\\n # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" fi fi # create a certificate - if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then - if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then - ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH} - check_certificates $DEFAULT_DOMAIN_NAME + if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then + if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then + "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}" + check_certificates "$DEFAULT_DOMAIN_NAME" fi fi - if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale fi @@ -572,13 +576,13 @@ function install_radicale { systemctl restart nginx - ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD" # keep track of the version so we can check for upgrades - if ! grep -q "radicale version:" ${COMPLETION_FILE}; then - echo "radicale version:${RADICALE_VERSION}" >> ${COMPLETION_FILE} + if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then + echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}" else - sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" ${COMPLETION_FILE} + sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}" fi APP_INSTALLED=1 diff --git a/src/freedombone-app-riot b/src/freedombone-app-riot index ffd7214b..13f27b4b 100755 --- a/src/freedombone-app-riot +++ b/src/freedombone-app-riot @@ -76,39 +76,40 @@ function install_interactive_riot { RIOT_DETAILS_COMPLETE= while [ ! $RIOT_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Riot Web user interface for Matrix" \ - --form $"\nPlease enter your details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \ + --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \ $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ $"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"Riot Web user interface for Matrix" \ - --form $"\nPlease enter your details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \ + --form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \ $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - RIOT_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $RIOT_DOMAIN_NAME ]; then + RIOT_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$RIOT_DOMAIN_NAME" ]; then TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $RIOT_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$RIOT_DOMAIN_NAME" ]]; then RIOT_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - RIOT_CODE=$(cat $data | sed -n 2p) + RIOT_CODE=$(sed -n 2p < "$data") validate_freedns_code "$RIOT_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then RIOT_DOMAIN_NAME= fi fi @@ -117,6 +118,7 @@ function install_interactive_riot { if [ $RIOT_DOMAIN_NAME ]; then RIOT_DETAILS_COMPLETE="yes" fi + rm -f "$data" done # save the results in the config file @@ -132,14 +134,14 @@ function reconfigure_riot { function riot_download { # download - if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then - wget ${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz -O $INSTALL_DIR/${RIOT_FILENAME}.tar.gz + if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then + wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" fi - if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then + if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then echo $'Unable to download Riot Web from releases' exit 62836 fi - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 2468724628 # check the hash curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}') @@ -149,17 +151,17 @@ function riot_download { fi tar -xzvf ${RIOT_FILENAME}.tar.gz - if [ ! -d $INSTALL_DIR/${RIOT_FILENAME} ]; then + if [ ! -d "$INSTALL_DIR/${RIOT_FILENAME}" ]; then echo $'Unable to extract Riot Web tarball' exit 542826 fi - cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs + cp -r "$INSTALL_DIR/${RIOT_FILENAME}/*" "/var/www/$RIOT_DOMAIN_NAME/htdocs" - chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs + chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs" } function upgrade_riot { - if ! grep -q 'riot version:' $COMPLETION_FILE; then + if ! grep -q 'riot version:' "$COMPLETION_FILE"; then return fi @@ -171,7 +173,7 @@ function upgrade_riot { fi riot_download - sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE} + sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}" riot_remove_bad_links systemctl restart nginx @@ -207,7 +209,7 @@ function remove_riot { fi remove_completion_param install_riot - sed -i '/riot /d' $COMPLETION_FILE + sed -i '/riot /d' "$COMPLETION_FILE" } function install_riot { @@ -216,7 +218,7 @@ function install_riot { fi # check that matrix has been installed - if [ ! $MATRIX_DOMAIN_NAME ]; then + if [ ! "$MATRIX_DOMAIN_NAME" ]; then exit 687292 fi if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then @@ -235,32 +237,32 @@ function install_riot { mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs fi - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir "$INSTALL_DIR" fi riot_download - cd /var/www/$RIOT_DOMAIN_NAME/htdocs + cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 4628462876 - if [[ $ONION_ONLY == 'no' ]]; then + if [[ "$ONION_ONLY" == 'no' ]]; then riot_config_file="config.${RIOT_DOMAIN_NAME}.json" cp config.sample.json $riot_config_file - sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file - sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file - sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file - sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file + sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file" + sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file" + sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" "$riot_config_file" + sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," "$riot_config_file" else riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json" - cp config.sample.json $riot_config_file - sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file - sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file - sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file - sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file + cp config.sample.json "$riot_config_file" + sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file" + sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file" + sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" "$riot_config_file" + sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," "$riot_config_file" fi - sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file - sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file - sed -i 's|https://piwik.riot.im/||g' $riot_config_file + sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" "$riot_config_file" + sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" "$riot_config_file" + sed -i 's|https://piwik.riot.im/||g' "$riot_config_file" RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT}) @@ -268,68 +270,68 @@ function install_riot { if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect nginx_http_redirect $RIOT_DOMAIN_NAME - echo 'server {' >> $riot_nginx_site - echo ' listen 443 ssl;' >> $riot_nginx_site - echo ' #listen [::]:443 ssl;' >> $riot_nginx_site - echo " server_name $RIOT_DOMAIN_NAME;" >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' # Security' >> $riot_nginx_site + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $RIOT_DOMAIN_NAME;"; + echo ''; + echo ' # Security'; } >> $riot_nginx_site function_check nginx_ssl nginx_ssl $RIOT_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $RIOT_DOMAIN_NAME - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' # Logs' >> $riot_nginx_site - echo ' access_log /dev/null;' >> $riot_nginx_site - echo ' error_log /dev/null;' >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' # Root' >> $riot_nginx_site - echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' index index.html;' >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' location / {' >> $riot_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.html;'; + echo ''; + echo ' location / {'; } >> $riot_nginx_site function_check nginx_limits nginx_limits $RIOT_DOMAIN_NAME '15m' - echo ' }' >> $riot_nginx_site - echo '}' >> $riot_nginx_site - echo '' >> $riot_nginx_site + { echo ' }'; + echo '}'; + echo ''; } >> $riot_nginx_site else echo -n '' > $riot_nginx_site fi - echo 'server {' >> $riot_nginx_site - echo " listen 127.0.0.1:$RIOT_ONION_PORT default_server;" >> $riot_nginx_site - echo " server_name $RIOT_ONION_HOSTNAME;" >> $riot_nginx_site - echo '' >> $riot_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$RIOT_ONION_PORT default_server;"; + echo " server_name $RIOT_ONION_HOSTNAME;"; + echo ''; } >> $riot_nginx_site function_check nginx_disable_sniffing nginx_disable_sniffing $RIOT_DOMAIN_NAME - echo '' >> $riot_nginx_site - echo ' # Logs' >> $riot_nginx_site - echo ' access_log /dev/null;' >> $riot_nginx_site - echo ' error_log /dev/null;' >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' # Root' >> $riot_nginx_site - echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' index index.html;' >> $riot_nginx_site - echo '' >> $riot_nginx_site - echo ' location / {' >> $riot_nginx_site + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.html;'; + echo ''; + echo ' location / {'; } >> $riot_nginx_site function_check nginx_limits nginx_limits $RIOT_DOMAIN_NAME '15m' - echo ' }' >> $riot_nginx_site - echo '}' >> $riot_nginx_site + echo ' }' >> "$riot_nginx_site" + echo '}' >> "$riot_nginx_site" - sed '/Content-Security-Policy/d' $riot_nginx_site - sed -i 's| DENY;| SAMEORIGIN;|g' $riot_nginx_site - sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' $riot_nginx_site - sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' $riot_nginx_site + sed '/Content-Security-Policy/d' "$riot_nginx_site" + sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site" + sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site" + sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' "$riot_nginx_site" function_check create_site_certificate - if [ ! -f /etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem ]; then - create_site_certificate $RIOT_DOMAIN_NAME 'yes' + if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then + create_site_certificate "$RIOT_DOMAIN_NAME" 'yes' fi function_check nginx_ensite @@ -344,10 +346,10 @@ function install_riot { systemctl restart nginx set_completion_param "riot domain" "$RIOT_DOMAIN_NAME" - if ! grep -q "riot version:" ${COMPLETION_FILE}; then - echo "riot version:${RIOT_VERSION}" >> ${COMPLETION_FILE} + if ! grep -q "riot version:" "${COMPLETION_FILE}"; then + echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}" else - sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" ${COMPLETION_FILE} + sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}" fi APP_INSTALLED=1 } diff --git a/src/freedombone-app-rss b/src/freedombone-app-rss index 550e6209..8ee2f7ea 100755 --- a/src/freedombone-app-rss +++ b/src/freedombone-app-rss @@ -62,12 +62,13 @@ function logging_off_rss { } function remove_user_rss { - remove_username="$1" + echo -n '' +# remove_username="$1" } function add_user_rss { - new_username="$1" - new_user_password="$2" +# new_username="$1" +# new_user_password="$2" echo '0' } @@ -77,26 +78,27 @@ function install_interactive_rss { } function change_password_rss { - curr_username="$1" - new_user_password="$2" + echo -n '' +# curr_username="$1" +# new_user_password="$2" #${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password" } function rss_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $RSS_READER_ADMIN_PASSWORD ]; then - RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then + RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $RSS_READER_ADMIN_PASSWORD ]; then + if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME + create_database ttrss "$RSS_READER_ADMIN_PASSWORD" "$MY_USERNAME" } function reconfigure_rss { @@ -131,8 +133,8 @@ function upgrade_rss { # remove any previous install if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then - sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE - sed -i '/rss mobile reader commit/d' $COMPLETION_FILE + sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE" + sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE" rm -rf $RSS_READER_PATH/g2ttree-mobile fi fi @@ -184,6 +186,7 @@ function restore_local_rss { fi cp -r $temp_restore_dir/* /etc/share/tt-rss/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check set_user_permissions set_user_permissions @@ -207,14 +210,14 @@ function restore_local_rss { function_check rss_modifications rss_modifications - if [ -d $USB_MOUNT/backup/ttrss ]; then + if [ -d "$USB_MOUNT/backup/ttrss" ]; then chown -R www-data:www-data /etc/share/tt-rss if [ -d $temp_restore_dir ]; then rm -rf $temp_restore_dir fi fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php MARIADB_PASSWORD= } @@ -245,7 +248,7 @@ function backup_remote_rss { function restore_remote_rss { temp_restore_dir=/root/tempttrss - if grep -q "rss reader domain" $COMPLETION_FILE; then + if grep -q "rss reader domain" "$COMPLETION_FILE"; then echo $"Restoring ttrss" function_check get_mariadb_password get_mariadb_password @@ -263,6 +266,7 @@ function restore_remote_rss { fi cp -r $temp_restore_dir/* /etc/share/tt-rss/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 6391 fi @@ -280,14 +284,14 @@ function restore_remote_rss { function_check rss_modifications rss_modifications - if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then + if [ -d "$SERVER_DIRECTORY/backup/ttrss" ]; then chown -R www-data:www-data /etc/share/tt-rss fi if [ -d /root/tempttrss ]; then rm -rf /root/tempttrss fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php MARIADB_PASSWORD= @@ -313,9 +317,9 @@ function remove_rss { function_check drop_database drop_database ttrss remove_completion_param install_rss - sed -i '/RSS /d' $COMPLETION_FILE - sed -i '/rss /d' $COMPLETION_FILE - sed -i '/rss_/d' $COMPLETION_FILE + sed -i '/RSS /d' "$COMPLETION_FILE" + sed -i '/rss /d' "$COMPLETION_FILE" + sed -i '/rss_/d' "$COMPLETION_FILE" remove_backup_database_local ttrss } @@ -329,15 +333,15 @@ function rss_modifications { # ensure that socks5 proxy is used if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then - sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php + sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php" rss_modified=1 fi if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then - sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php + sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php" rss_modified=1 fi if [ $rss_modified ]; then - cd $RSS_READER_PATH + cd $RSS_READER_PATH || exit 564286428 git commit -a -m"Modify for Tor proxying" fi chown -R www-data:www-data $RSS_READER_PATH @@ -358,12 +362,12 @@ function install_rss_main { if [ ! -d /etc/share ]; then mkdir /etc/share fi - cd /etc/share + cd /etc/share || exit 46284628 if [ -d /repos/rss ]; then mkdir tt-rss cp -r -p /repos/rss/. tt-rss - cd tt-rss + cd tt-rss || exit 462846822 git pull else function_check git_clone @@ -374,7 +378,7 @@ function install_rss_main { echo $'Could not clone RSS reader repo' exit 52925 fi - cd $RSS_READER_PATH + cd $RSS_READER_PATH || exit 42479825792593 git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT set_completion_param "rss reader commit" "$RSS_READER_COMMIT" @@ -397,151 +401,151 @@ function install_rss_main { USE_V2_ONION_ADDRESS=1 RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT}) - echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + { echo 'server {'; + echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;"; + echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;"; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' root /etc/share/ttrss-mobile;'; + echo ' index index.html index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' location / {'; + echo " try_files \$uri \$uri/ @ttrss;"; + echo ' }'; + echo ' location /tt-rss {'; + echo " try_files \$uri \$uri/ @ttrss_base;"; + echo ' }'; + echo ''; + echo ' location @ttrss {'; + echo " rewrite ^(.*)\$ /index.html?p=\$1 last;"; + echo ' }'; + echo ' location @ttrss_base {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' location ~ /\.(git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Robots-Tag none;'; + echo ' add_header X-Download-Options noopen;'; + echo ' add_header X-Permitted-Cross-Domain-Policies none;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' client_max_body_size 15m;'; + echo '}'; + echo ''; + echo 'server {'; + echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;"; + echo " server_name $RSS_READER_ONION_HOSTNAME;"; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' root /etc/share/tt-rss;'; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo " set \$mobile_rewrite do_not_perform;"; + echo ''; + echo ' ## chi http_user_agent for mobile / smart phones ##'; + echo " if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {"; + echo " set \$mobile_rewrite perform;"; + echo ' }'; + echo ''; + echo " if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {"; + echo " set \$mobile_rewrite perform;"; + echo ' }'; + echo ''; + echo " if (\$mobile_rewrite = perform) {"; + echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;"; + echo ' break;'; + echo ' }'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' }'; + echo ''; + echo ' location / {'; + echo " try_files \$uri \$uri/ @ttrss;"; + echo ' }'; + echo ''; + echo ' location @ttrss {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' location ~ /\.(git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Robots-Tag none;'; + echo ' add_header X-Download-Options noopen;'; + echo ' add_header X-Permitted-Cross-Domain-Policies none;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' client_max_body_size 15m;'; + echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME" if [ ! -f $RSS_READER_PATH/config.php ]; then # generate a config file RSS_FEED_CRYPT_KEY="$(create_password 24)" - echo ' $RSS_READER_PATH/config.php - echo " define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php - echo " define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php - echo " define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php - echo " define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php - echo " define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php - echo " define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php - echo " define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php - echo " define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php - echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php - echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php - echo " define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php - echo " define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php - echo " define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php - echo " define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php - echo " define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php - echo " define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php - echo " define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php - echo " define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php - echo " define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php - echo " define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php - echo " define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php - echo " define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php - echo " define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php - echo " define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php - echo " define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php - echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php - echo " define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php - echo " define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php - echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php - echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php - echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php - echo " define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php - echo " define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php - echo " define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php - echo " define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php - echo " define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php - echo " define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php - echo " define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php - echo " define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php - echo " define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php + { echo ' $RSS_READER_PATH/config.php fi # initialize the database @@ -569,28 +573,28 @@ function install_rss_main { systemctl restart nginx # daemon to update feeds - echo '[Unit]' > /etc/systemd/system/ttrss.service - echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service - echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service - echo 'After=tor.service' >> /etc/systemd/system/ttrss.service - echo '' >> /etc/systemd/system/ttrss.service - echo '[Service]' >> /etc/systemd/system/ttrss.service - echo 'User=www-data' >> /etc/systemd/system/ttrss.service - echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service - echo '' >> /etc/systemd/system/ttrss.service - echo '[Install]' >> /etc/systemd/system/ttrss.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service + { echo '[Unit]'; + echo 'Description=ttrss_backend'; + echo 'After=network.target mariadb.service'; + echo 'After=tor.service'; + echo ''; + echo '[Service]'; + echo 'User=www-data'; + echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon"; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service systemctl enable ttrss systemctl daemon-reload systemctl start ttrss - ${PROJECT_NAME}-pass -u $MY_USERNAME -a rss -p "$RSS_READER_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD" install_completed rss_main } function install_rss_gnusocial { - if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then + if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then return fi @@ -608,19 +612,19 @@ function install_rss_gnusocial { return fi - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir -p "$INSTALL_DIR" fi - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 7246284 function_check git_clone git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial - if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then + if [ ! -d "$INSTALL_DIR/ttrss-gnusocial" ]; then echo $'Could not clone repo for RSS reader gnusocial plugin' exit 52838 fi - cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH - cd $RSS_READER_GNUSOCIAL_PATH + cp -r "$INSTALL_DIR/ttrss-gnusocial" $RSS_READER_GNUSOCIAL_PATH + cd "$RSS_READER_GNUSOCIAL_PATH" || exit 782462424 git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH @@ -642,8 +646,8 @@ function install_rss_mobile_reader { # remove any previous install if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then - sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE - sed -i '/rss mobile reader commit/d' $COMPLETION_FILE + sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE" + sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE" rm -rf $RSS_READER_PATH/g2ttree-mobile fi fi @@ -652,12 +656,12 @@ function install_rss_mobile_reader { return fi - cd /etc/share + cd /etc/share || exit 7498264462 if [ -d /repos/rss-mobile ]; then mkdir ttrss-mobile cp -r -p /repos/rss-mobile/. ttrss-mobile - cd ttrss-mobile + cd ttrss-mobile || exit 462846284682 git pull else function_check git_clone @@ -668,7 +672,7 @@ function install_rss_mobile_reader { echo $'Could not clone RSS mobile reader repo' exit 24816 fi - cd $RSS_MOBILE_READER_PATH + cd "$RSS_MOBILE_READER_PATH" || exit 462846246824 git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT" diff --git a/src/freedombone-app-scuttlebot b/src/freedombone-app-scuttlebot index 6a1972ce..f19da997 100755 --- a/src/freedombone-app-scuttlebot +++ b/src/freedombone-app-scuttlebot @@ -61,39 +61,44 @@ function scuttlebot_create_invite { invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g') clear - echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n' + echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n" + # shellcheck disable=SC2034 read -n1 -r -p $"Press any key to continue..." key } function configure_interactive_scuttlebot { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Scuttlebot" \ --radiolist $"Choose an operation:" 10 50 2 \ 1 $"Create an invite" off \ - 2 $"Exit" on 2> $data + 2 $"Exit" on 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - case $(cat $data) in + case $(cat "$data") in 1) scuttlebot_create_invite;; - 2) break;; + 2) rm -f "$data" + break;; esac + rm -f "$data" done } function remove_user_scuttlebot { - remove_username="$1" + echo -n '' +# remove_username="$1" } function add_user_scuttlebot { - new_username="$1" - new_user_password="$2" +# new_username="$1" +# new_user_password="$2" echo '0' } @@ -109,8 +114,8 @@ function install_interactive_scuttlebot { } function change_password_scuttlebot { - new_username="$1" - new_user_password="$2" +# new_username="$1" +# new_user_password="$2" echo '0' } @@ -123,7 +128,7 @@ function reconfigure_scuttlebot { } function upgrade_scuttlebot { - if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then + if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then return fi @@ -134,11 +139,10 @@ function upgrade_scuttlebot { return fi - npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save - if [ ! "$?" = "0" ]; then + if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then return fi - sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE} + sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}" } function backup_local_scuttlebot { @@ -218,71 +222,72 @@ function remove_scuttlebot { fi remove_completion_param install_scuttlebot - sed -i '/scuttlebot /d' $COMPLETION_FILE + sed -i '/scuttlebot /d' "$COMPLETION_FILE" } function git_ssb_script { if [[ "$1" == "mesh" ]]; then + # shellcheck disable=SC2154 git_ssb_script_name=$rootdir/usr/bin/git-ssb-create git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service else git_ssb_script_name=/usr/bin/git-ssb-create git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service fi - echo '#!/bin/bash' > $git_ssb_script_name - echo 'reponame="$1"' >> $git_ssb_script_name - echo '' >> $git_ssb_script_name - echo 'if [[ "$reponame" != "" ]]; then' >> $git_ssb_script_name - echo ' mkdir $reponame' >> $git_ssb_script_name - echo ' cd $reponame' >> $git_ssb_script_name - echo ' git init' >> $git_ssb_script_name - echo ' git ssb create ssb $reponame' >> $git_ssb_script_name - echo ' git push --tags ssb master' >> $git_ssb_script_name - echo 'fi' >> $git_ssb_script_name - echo 'exit 0' >> $git_ssb_script_name + { echo '#!/bin/bash'; + echo "reponame=\"\$1\""; + echo ''; + echo "if [[ \"\$reponame\" != \"\" ]]; then"; + echo " mkdir \$reponame"; + echo " cd \$reponame"; + echo ' git init'; + echo " git ssb create ssb \$reponame"; + echo ' git push --tags ssb master'; + echo 'fi'; + echo 'exit 0'; } > $git_ssb_script_name chmod +x $git_ssb_script_name - echo '[Unit]' > $git_ssb_daemon_filename - echo 'Description=Git SSB (SSB git web interface)' >> $git_ssb_daemon_filename - echo 'After=syslog.target' >> $git_ssb_daemon_filename - echo 'After=network.target' >> $git_ssb_daemon_filename - echo 'After=scuttlebot.target' >> $git_ssb_daemon_filename - echo '' >> $git_ssb_daemon_filename - echo '[Service]' >> $git_ssb_daemon_filename - echo 'Type=simple' >> $git_ssb_daemon_filename - echo 'User=scuttlebot' >> $git_ssb_daemon_filename - echo 'Group=scuttlebot' >> $git_ssb_daemon_filename - echo "WorkingDirectory=/etc/scuttlebot" >> $git_ssb_daemon_filename - echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT" >> $git_ssb_daemon_filename - echo 'Restart=always' >> $git_ssb_daemon_filename - echo 'Environment="USER=scuttlebot"' >> $git_ssb_daemon_filename - echo '' >> $git_ssb_daemon_filename - echo '[Install]' >> $git_ssb_daemon_filename - echo 'WantedBy=multi-user.target' >> $git_ssb_daemon_filename + { echo '[Unit]'; + echo 'Description=Git SSB (SSB git web interface)'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo 'After=scuttlebot.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=scuttlebot'; + echo 'Group=scuttlebot'; + echo "WorkingDirectory=/etc/scuttlebot"; + echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT"; + echo 'Restart=always'; + echo 'Environment="USER=scuttlebot"'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename } function scuttlebot_git_setup { if [[ "$1" == "mesh" ]]; then - if [ ! -d $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then - mkdir $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight + if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then + mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" fi - if [ ! -f $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then + if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then echo $'Could not find foundation.css' exit 347687245 fi - cp $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css + cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css" git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb - echo 'server {' > $git_ssb_nginx_site - echo " listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site - echo " server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' access_log /dev/null;' >> $git_ssb_nginx_site - echo ' error_log /dev/null;' >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site - echo ' add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site - echo ' add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site + { echo 'server {'; + echo " listen $NGINX_GIT_SSB_PORT default_server;"; + echo " server_name P${PEER_ID}.local;"; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site" else if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then exit 7357225 @@ -300,15 +305,15 @@ function scuttlebot_git_setup { git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME} function_check nginx_http_redirect nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html" - echo 'server {' >> $git_ssb_nginx_site - echo ' listen 443 ssl;' >> $git_ssb_nginx_site - echo ' #listen [::]:443 ssl;' >> $git_ssb_nginx_site - echo " server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $SCUTTLEBOT_DOMAIN_NAME;"; + echo ''; } >> $git_ssb_nginx_site function_check nginx_compress nginx_compress $SCUTTLEBOT_DOMAIN_NAME - echo '' >> $git_ssb_nginx_site - echo ' # Security' >> $git_ssb_nginx_site + echo '' >> "$git_ssb_nginx_site" + echo ' # Security' >> "$git_ssb_nginx_site" function_check nginx_ssl nginx_ssl $SCUTTLEBOT_DOMAIN_NAME @@ -316,45 +321,45 @@ function scuttlebot_git_setup { nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME fi - echo '' >> $git_ssb_nginx_site - echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' location = / {' >> $git_ssb_nginx_site - echo " proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site - echo ' proxy_set_header Host $host;' >> $git_ssb_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site - echo ' proxy_http_version 1.1;' >> $git_ssb_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site - echo ' proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site - echo ' }' >> $git_ssb_nginx_site - echo '}' >> $git_ssb_nginx_site + { echo ''; + echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;'; + echo ''; + echo ' location = / {'; + echo " proxy_pass http://localhost:${GIT_SSB_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection upgrade;'; + echo ' }'; + echo '}'; } >> $git_ssb_nginx_site - if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then - echo '' >> $git_ssb_nginx_site - echo 'server {' >> $git_ssb_nginx_site - echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site - echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' access_log /dev/null;' >> $git_ssb_nginx_site - echo ' error_log /dev/null;' >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site - echo ' add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site - echo ' add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site - echo '' >> $git_ssb_nginx_site - echo ' location = / {' >> $git_ssb_nginx_site - echo " proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site - echo ' proxy_set_header Host $host;' >> $git_ssb_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site - echo ' proxy_http_version 1.1;' >> $git_ssb_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site - echo ' proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site - echo ' }' >> $git_ssb_nginx_site - echo '}' >> $git_ssb_nginx_site + if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then + { echo ''; + echo 'server {'; + echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;"; + echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};"; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ''; + echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;'; + echo ''; + echo ' location = / {'; + echo " proxy_pass http://localhost:${GIT_SSB_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection upgrade;'; + echo ' }'; + echo '}'; } >> $git_ssb_nginx_site fi if [[ "$1" != "mesh" ]]; then nginx_ensite git_ssb @@ -364,23 +369,23 @@ function scuttlebot_git_setup { function mesh_install_dat { get_npm_arch - cat < $rootdir/usr/bin/install_dat + cat < "$rootdir/usr/bin/install_dat" #!/bin/bash npm install --arch=$NPM_ARCH -g dat npm install --arch=$NPM_ARCH -g @garbados/dat-boi npm install --arch=$NPM_ARCH -g add-to-systemd -add-to-systemd dat-boi --user $(whoami) `which dat-boi` +add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)" EOF chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat chroot "$rootdir" /usr/bin/install_dat - rm $rootdir/usr/bin/install_dat + rm "$rootdir/usr/bin/install_dat" } function install_dat { npm install -g dat npm install -g @garbados/dat-boi npm install -g add-to-systemd - add-to-systemd dat-boi --user $(whoami) `which dat-boi` + add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)" } function mesh_install_scuttlebot { @@ -390,7 +395,7 @@ function mesh_install_scuttlebot { get_npm_arch - cat < $rootdir/usr/bin/install_scuttlebot + cat < "$rootdir/usr/bin/install_scuttlebot" #!/bin/bash npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION} npm install --arch=$NPM_ARCH -g git-ssb @@ -398,37 +403,37 @@ npm install --arch=$NPM_ARCH -g git-remote-ssb EOF chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot chroot "$rootdir" /usr/bin/install_scuttlebot - rm $rootdir/usr/bin/install_scuttlebot + rm "$rootdir/usr/bin/install_scuttlebot" - if [ ! -f $rootdir/usr/local/bin/sbot ]; then + if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then echo $'Scuttlebot was not installed' exit 528253 fi - if [ ! -d $rootdir/etc/scuttlebot ]; then - mkdir -p $rootdir/etc/scuttlebot + if [ ! -d "$rootdir/etc/scuttlebot" ]; then + mkdir -p "$rootdir/etc/scuttlebot" fi # an unprivileged user to run as chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot # daemon - echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service - echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service - echo '' >> $rootdir/etc/systemd/system/scuttlebot.service - echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service - echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service - echo '' >> $rootdir/etc/systemd/system/scuttlebot.service - echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service - echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service + { echo '[Unit]'; + echo 'Description=Scuttlebot (messaging system)'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=scuttlebot'; + echo 'Group=scuttlebot'; + echo "WorkingDirectory=/etc/scuttlebot"; + echo 'ExecStart=/usr/local/bin/sbot server'; + echo 'Restart=always'; + echo 'Environment="USER=scuttlebot"'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service" scuttlebot_git_setup mesh git_ssb_script mesh @@ -455,22 +460,22 @@ function install_scuttlebot { useradd -d /etc/scuttlebot/ scuttlebot # daemon - echo '[Unit]' > /etc/systemd/system/scuttlebot.service - echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service - echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service - echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service - echo '' >> /etc/systemd/system/scuttlebot.service - echo '[Service]' >> /etc/systemd/system/scuttlebot.service - echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service - echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service - echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service - echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service - echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service - echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service - echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service - echo '' >> /etc/systemd/system/scuttlebot.service - echo '[Install]' >> /etc/systemd/system/scuttlebot.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service + { echo '[Unit]'; + echo 'Description=Scuttlebot (messaging system)'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=scuttlebot'; + echo 'Group=scuttlebot'; + echo "WorkingDirectory=/etc/scuttlebot"; + echo 'ExecStart=/usr/local/bin/sbot server'; + echo 'Restart=always'; + echo 'Environment="USER=scuttlebot"'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service chown -R scuttlebot:scuttlebot /etc/scuttlebot @@ -489,24 +494,24 @@ function install_scuttlebot { exit 73528 fi - echo '{' > /etc/scuttlebot/.ssb/config - echo " \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config - echo " \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config - echo ' "timeout": 30000,' >> /etc/scuttlebot/.ssb/config - echo ' "pub": true,' >> /etc/scuttlebot/.ssb/config - echo ' "local": true,' >> /etc/scuttlebot/.ssb/config - echo ' "friends": {' >> /etc/scuttlebot/.ssb/config - echo ' "dunbar": 150,' >> /etc/scuttlebot/.ssb/config - echo ' "hops": 3' >> /etc/scuttlebot/.ssb/config - echo ' },' >> /etc/scuttlebot/.ssb/config - echo ' "gossip": {' >> /etc/scuttlebot/.ssb/config - echo ' "connections": 2' >> /etc/scuttlebot/.ssb/config - echo ' },' >> /etc/scuttlebot/.ssb/config - echo ' "master": [],' >> /etc/scuttlebot/.ssb/config - echo ' "logging": {' >> /etc/scuttlebot/.ssb/config - echo ' "level": "error"' >> /etc/scuttlebot/.ssb/config - echo ' }' >> /etc/scuttlebot/.ssb/config - echo '}' >> /etc/scuttlebot/.ssb/config + { echo '{'; + echo " \"host\": \"${DEFAULT_DOMAIN_NAME}\","; + echo " \"port\": ${SCUTTLEBOT_PORT},"; + echo ' "timeout": 30000,'; + echo ' "pub": true,'; + echo ' "local": true,'; + echo ' "friends": {'; + echo ' "dunbar": 150,'; + echo ' "hops": 3'; + echo ' },'; + echo ' "gossip": {'; + echo ' "connections": 2'; + echo ' },'; + echo ' "master": [],'; + echo ' "logging": {'; + echo ' "level": "error"'; + echo ' }'; + echo '}'; } > /etc/scuttlebot/.ssb/config chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config systemctl restart scuttlebot.service @@ -527,10 +532,10 @@ function install_scuttlebot { systemctl restart nginx - if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then - echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE} + if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then + echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}" else - sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE} + sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}" fi APP_INSTALLED=1 diff --git a/src/freedombone-app-searx b/src/freedombone-app-searx index 41f4f04a..74e2c8c6 100755 --- a/src/freedombone-app-searx +++ b/src/freedombone-app-searx @@ -61,8 +61,8 @@ function searx_set_default_background { cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg chown -R searx:searx ${SEARX_PATH}/searx else - if [ -f /home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg ]; then - cp /home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg + if [ -f "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" ]; then + cp "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" "/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg" chown -R searx:searx ${SEARX_PATH}/searx fi fi @@ -91,7 +91,7 @@ function searx_set_background_image_from_url { if [ ${#ext} -gt 0 ]; then if [ -d /etc/searx/searx/static/themes/courgette/img ]; then - cd /etc/searx/searx/static/themes/courgette/img + cd "/etc/searx/searx/static/themes/courgette/img" || exit 37853539539 # remove any existing image @@ -126,15 +126,14 @@ function searx_set_background_image_from_url { } function searx_set_background_image { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"SearX Metasearch" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a background image URL' 10 60 2>$data + --inputbox $'Set a background image URL' 10 60 2>"$data" sel=$? case $sel in 0) - temp_background=$(<$data) + temp_background=$(<"$data") if [ ${#temp_background} -gt 0 ]; then SEARX_BACKGROUND_IMAGE_URL="$temp_background" write_config_param "SEARX_BACKGROUND_IMAGE_URL" "$SEARX_BACKGROUND_IMAGE_URL" @@ -145,21 +144,22 @@ function searx_set_background_image { fi ;; esac + rm -f "$data" } function searx_enable_login { dialog --title $"Enable Searx login" \ --backtitle $"Freedombone Control Panel" \ --defaultno \ - --yesno $"\nDo you want to add a login so that random web users can't use your metasearch engine?" 10 60 + --yesno $"\\nDo you want to add a login so that random web users can't use your metasearch engine?" 10 60 sel=$? case $sel in 0) if grep -q '#auth_basic' /etc/nginx/sites-available/searx; then sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/searx systemctl restart nginx fi - read_config_param $MY_USERNAME - SEARX_LOGIN_PASS=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a searx) + read_config_param "$MY_USERNAME" + SEARX_LOGIN_PASS=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a searx) dialog --title $"Enable Searx login" \ --msgbox $"Searx logins are now enabled with the password $SEARX_LOGIN_PASS" 6 65 SEARX_LOGIN_PASS= @@ -177,31 +177,34 @@ function searx_enable_login { function configure_interactive_searx { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"SearX Metasearch" \ --radiolist $"Choose an operation:" 12 70 3 \ 1 $"Set a background image" off \ 2 $"Enable login" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - case $(cat $data) in + case $(cat "$data") in 1) searx_set_background_image;; 2) searx_enable_login;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } function remove_user_searx { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp searx + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp searx if grep -q "$remove_username:" /etc/nginx/.htpasswd; then sed -i "/$remove_username:/d" /etc/nginx/.htpasswd fi @@ -216,12 +219,12 @@ function add_user_searx { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a searx -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a searx -p "$new_user_password" if grep -q "$new_username:" /etc/nginx/.htpasswd; then sed -i "/$new_username:/d" /etc/nginx/.htpasswd fi - echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd $new_username + echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd "$new_username" echo '0' } @@ -237,8 +240,8 @@ function change_password_searx { if grep -q "$new_username:" /etc/nginx/.htpasswd; then sed -i "/$new_username:/d" /etc/nginx/.htpasswd - echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd $new_username - ${PROJECT_NAME}-pass -u $curr_username -a searx -p "$new_user_password" + echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd "$new_username" + "${PROJECT_NAME}-pass" -u "$new_username" -a searx -p "$new_user_password" echo '0' fi echo '1' @@ -254,531 +257,531 @@ function create_searx_config { SEARX_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_searx/hostname) SEARX_SECRET_KEY=$(get_completion_param "searx key") - echo 'general:' > $settings_file - echo ' debug : False' >> $settings_file - echo ' instance_name : "Freedombone Metasearch"' >> $settings_file - echo '' >> $settings_file - echo 'search:' >> $settings_file - echo ' safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict' >> $settings_file - echo ' autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "startpage", "wikipedia" - leave blank to turn it off by default' >> $settings_file - echo ' language : "all"' >> $settings_file - echo '' >> $settings_file - echo 'server:' >> $settings_file - echo ' port : 8888' >> $settings_file - echo ' bind_address : "127.0.0.1" # address to listen on' >> $settings_file - echo " secret_key : \"${SEARX_SECRET_KEY}\"" >> $settings_file - echo " base_url : http://${SEARX_ONION_HOSTNAME}/" >> $settings_file - echo ' image_proxy : True # Proxying image results through searx' >> $settings_file - echo ' http_protocol_version : "1.1" # 1.0 and 1.1 are supported' >> $settings_file - echo '' >> $settings_file - echo 'ui:' >> $settings_file - echo ' static_path : "" # Custom static path - leave it blank if you didnt change' >> $settings_file - echo ' templates_path : "" # Custom templates path - leave it blank if you didnt change' >> $settings_file - echo ' themes_path : "" # Custom ui themes path' >> $settings_file - echo ' default_theme : courgette # ui theme' >> $settings_file - echo ' default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the 'locales' config section' >> $settings_file - echo '' >> $settings_file - echo 'outgoing: # communication with search engines' >> $settings_file - echo ' request_timeout : 10.0 # seconds' >> $settings_file - echo ' useragent_suffix : "" # suffix of searx_useragent, could contain informations like an email address to the administrator' >> $settings_file - echo ' pool_connections : 100 # Number of different hosts' >> $settings_file - echo ' pool_maxsize : 10 # Number of simultaneous requests by host' >> $settings_file - echo ' proxies :' >> $settings_file - echo ' http : socks5://127.0.0.1:9050' >> $settings_file - echo '' >> $settings_file - echo 'engines:' >> $settings_file - echo ' - name : arch linux wiki' >> $settings_file - echo ' engine : archlinux' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' shortcut : al' >> $settings_file - echo '' >> $settings_file - echo ' - name : archive is' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' search_url : https://archive.is/{query}' >> $settings_file - echo ' url_xpath : (//div[@class="TEXT-BLOCK"]/a)/@href' >> $settings_file - echo ' title_xpath : (//div[@class="TEXT-BLOCK"]/a)' >> $settings_file - echo ' content_xpath : //div[@class="TEXT-BLOCK"]/ul/li' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' timeout : 7.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' shortcut : ai' >> $settings_file - echo '' >> $settings_file - echo ' - name : base' >> $settings_file - echo ' engine : base' >> $settings_file - echo ' shortcut : bs' >> $settings_file - echo '' >> $settings_file - echo ' - name : wikipedia' >> $settings_file - echo ' engine : wikipedia' >> $settings_file - echo ' shortcut : wp' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' base_url : "https://{language}.wikipedia.org/"' >> $settings_file - echo '' >> $settings_file - echo ' - name : bitbucket' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://bitbucket.org/repo/all/{pageno}?name={query}' >> $settings_file - echo ' url_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]/@href' >> $settings_file - echo ' title_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]' >> $settings_file - echo ' content_xpath : //article[@class="repo-summary"]/p' >> $settings_file - echo ' categories : code' >> $settings_file - echo ' timeout : 4.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' shortcut : bb' >> $settings_file - echo '' >> $settings_file - echo ' - name : ccc-tv' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : False' >> $settings_file - echo ' search_url : https://media.ccc.de/search/?q={query}' >> $settings_file - echo ' url_xpath : //div[@class="caption"]/h3/a/@href' >> $settings_file - echo ' title_xpath : //div[@class="caption"]/h3/a/text()' >> $settings_file - echo ' content_xpath : //div[@class="caption"]/h4/@title' >> $settings_file - echo ' categories : videos' >> $settings_file - echo ' shortcut : c3tv' >> $settings_file - echo '' >> $settings_file - echo ' - name : crossref' >> $settings_file - echo ' engine : json_engine' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : http://search.crossref.org/dois?q={query}&page={pageno}' >> $settings_file - echo ' url_query : doi' >> $settings_file - echo ' title_query : title' >> $settings_file - echo ' content_query : fullCitation' >> $settings_file - echo ' categories : science' >> $settings_file - echo ' shortcut : cr' >> $settings_file - echo '' >> $settings_file - echo ' - name : currency' >> $settings_file - echo ' engine : currency_convert' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' shortcut : cc' >> $settings_file - echo '' >> $settings_file - echo ' - name : deezer' >> $settings_file - echo ' engine : deezer' >> $settings_file - echo ' shortcut : dz' >> $settings_file - echo '' >> $settings_file - echo ' - name : deviantart' >> $settings_file - echo ' engine : deviantart' >> $settings_file - echo ' shortcut : da' >> $settings_file - echo ' timeout: 3.0' >> $settings_file - echo '' >> $settings_file - echo ' - name : ddg definitions' >> $settings_file - echo ' engine : duckduckgo_definitions' >> $settings_file - echo ' shortcut : ddd' >> $settings_file - echo ' weight : 2' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : digbt' >> $settings_file - echo ' engine : digbt' >> $settings_file - echo ' shortcut : dbt' >> $settings_file - echo ' timeout : 6.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : erowid' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' first_page_num : 0' >> $settings_file - echo ' page_size : 30' >> $settings_file - echo ' search_url : https://www.erowid.org/search.php?q={query}&s={pageno}' >> $settings_file - echo ' url_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/@href' >> $settings_file - echo ' title_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/text()' >> $settings_file - echo ' content_xpath : //dl[@class="results-list"]/dd[@class="result-details"]' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' shortcut : ew' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : wikidata' >> $settings_file - echo ' engine : wikidata' >> $settings_file - echo ' shortcut : wd' >> $settings_file - echo ' weight : 2' >> $settings_file - echo '' >> $settings_file - echo ' - name : duckduckgo' >> $settings_file - echo ' engine : duckduckgo' >> $settings_file - echo ' shortcut : ddg' >> $settings_file - echo ' categories : general' >> $settings_file - echo '' >> $settings_file - echo ' - name : etymonline' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : http://etymonline.com/?search={query}&p={pageno}' >> $settings_file - echo ' url_xpath : //dt/a[1]/@href' >> $settings_file - echo ' title_xpath : //dt' >> $settings_file - echo ' content_xpath : //dd' >> $settings_file - echo ' suggestion_xpath : //a[@class="crossreference"]' >> $settings_file - echo ' first_page_num : 0' >> $settings_file - echo ' shortcut : et' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : 500px' >> $settings_file - echo ' engine : www500px' >> $settings_file - echo ' shortcut : px' >> $settings_file - echo '' >> $settings_file - echo ' - name : 1x' >> $settings_file - echo ' engine : www1x' >> $settings_file - echo ' shortcut : 1x' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : fdroid' >> $settings_file - echo ' engine : fdroid' >> $settings_file - echo ' shortcut : fd' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : flickr' >> $settings_file - echo ' categories : images' >> $settings_file - echo ' shortcut : fl' >> $settings_file - echo '# You can use the engine using the official stable API, but you need an API key' >> $settings_file - echo '# See : https://www.flickr.com/services/apps/create/' >> $settings_file - echo '# engine : flickr' >> $settings_file - echo '# api_key: 'apikey' # required!' >> $settings_file - echo '# Or you can use the html non-stable engine, activated by default' >> $settings_file - echo ' engine : flickr_noapi' >> $settings_file - echo '' >> $settings_file - echo ' - name : frinkiac' >> $settings_file - echo ' engine : frinkiac' >> $settings_file - echo ' shortcut : frk' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : gigablast' >> $settings_file - echo ' engine : gigablast' >> $settings_file - echo ' shortcut : gb' >> $settings_file - echo ' timeout : 3.0' >> $settings_file - echo ' disabled: True' >> $settings_file - echo '' >> $settings_file - echo ' - name : gitlab' >> $settings_file - echo ' engine : json_engine' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://gitlab.com/api/v4/projects?search={query}&page={pageno}' >> $settings_file - echo ' url_query : web_url' >> $settings_file - echo ' title_query : name_with_namespace' >> $settings_file - echo ' content_query : description' >> $settings_file - echo ' page_size : 20' >> $settings_file - echo ' categories : code' >> $settings_file - echo ' shortcut : gl' >> $settings_file - echo ' timeout : 10.0' >> $settings_file - echo ' disabled : False' >> $settings_file - echo '' >> $settings_file - echo ' - name : github' >> $settings_file - echo ' engine : github' >> $settings_file - echo ' shortcut : gh' >> $settings_file - echo ' categories : code' >> $settings_file - echo '' >> $settings_file - echo ' - name : geektimes' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://geektimes.ru/search/page{pageno}/?q={query}' >> $settings_file - echo ' url_xpath : //div[@class="search_results"]//a[@class="post__title_link"]/@href' >> $settings_file - echo ' title_xpath : //div[@class="search_results"]//a[@class="post__title_link"]' >> $settings_file - echo ' content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]' >> $settings_file - echo ' categories : code' >> $settings_file - echo ' timeout : 4.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' shortcut : gt' >> $settings_file - echo '' >> $settings_file - echo ' - name : habrahabr' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://habrahabr.ru/search/page{pageno}/?q={query}' >> $settings_file - echo ' url_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]/@href' >> $settings_file - echo ' title_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]' >> $settings_file - echo ' content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]' >> $settings_file - echo ' categories : code' >> $settings_file - echo ' timeout : 4.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' shortcut : habr' >> $settings_file - echo '' >> $settings_file - echo ' - name : hoogle' >> $settings_file - echo ' engine : json_engine' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://www.haskell.org/hoogle/?mode=json&hoogle={query}&start={pageno}' >> $settings_file - echo ' results_query : results' >> $settings_file - echo ' url_query : location' >> $settings_file - echo ' title_query : self' >> $settings_file - echo ' content_query : docs' >> $settings_file - echo ' page_size : 20' >> $settings_file - echo ' categories : code' >> $settings_file - echo ' shortcut : ho' >> $settings_file - echo '' >> $settings_file - echo ' - name : ina' >> $settings_file - echo ' engine : ina' >> $settings_file - echo ' shortcut : in' >> $settings_file - echo ' timeout : 6.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name: kickass' >> $settings_file - echo ' engine : kickass' >> $settings_file - echo ' shortcut : kc' >> $settings_file - echo ' timeout : 4.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : library genesis' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' search_url : http://libgen.io/search.php?req={query}' >> $settings_file - echo ' url_xpath : //a[contains(@href,"bookfi.net")]/@href' >> $settings_file - echo ' title_xpath : //a[contains(@href,"book/")]/text()[1]' >> $settings_file - echo ' content_xpath : //td/a[1][contains(@href,"=author")]/text()' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' timeout : 7.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' shortcut : lg' >> $settings_file - echo '' >> $settings_file - echo ' - name : lobste.rs' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' search_url : https://lobste.rs/search?utf8=%E2%9C%93&q={query}&what=stories&order=relevance' >> $settings_file - echo ' results_xpath : //li[contains(@class, "story")]' >> $settings_file - echo ' url_xpath : .//span[@class="link"]/a/@href' >> $settings_file - echo ' title_xpath : .//span[@class="link"]/a' >> $settings_file - echo ' content_xpath : .//a[@class="domain"]' >> $settings_file - echo ' categories : code' >> $settings_file - echo ' shortcut : lo' >> $settings_file - echo '' >> $settings_file - echo ' - name : mixcloud' >> $settings_file - echo ' engine : mixcloud' >> $settings_file - echo ' shortcut : mc' >> $settings_file - echo '' >> $settings_file - echo ' - name : nyaa' >> $settings_file - echo ' engine : nyaa' >> $settings_file - echo ' shortcut : nt' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : openstreetmap' >> $settings_file - echo ' engine : openstreetmap' >> $settings_file - echo ' shortcut : osm' >> $settings_file - echo '' >> $settings_file - echo ' - name : openrepos' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://openrepos.net/search/node/{query}?page={pageno}' >> $settings_file - echo ' url_xpath : //li[@class="search-result"]//h3[@class="title"]/a/@href' >> $settings_file - echo ' title_xpath : //li[@class="search-result"]//h3[@class="title"]/a' >> $settings_file - echo ' content_xpath : //li[@class="search-result"]//div[@class="search-snippet-info"]//p[@class="search-snippet"]' >> $settings_file - echo ' categories : files' >> $settings_file - echo ' timeout : 4.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' shortcut : or' >> $settings_file - echo '' >> $settings_file - echo ' - name : pdbe' >> $settings_file - echo ' engine : pdbe' >> $settings_file - echo ' shortcut : pdb' >> $settings_file - echo '' >> $settings_file - echo ' - name : photon' >> $settings_file - echo ' engine : photon' >> $settings_file - echo ' shortcut : ph' >> $settings_file - echo '' >> $settings_file - echo ' - name : piratebay' >> $settings_file - echo ' engine : piratebay' >> $settings_file - echo ' shortcut : tpb' >> $settings_file - echo ' url: https://pirateproxy.red/' >> $settings_file - echo ' timeout : 3.0' >> $settings_file - echo '' >> $settings_file - echo ' - name : qwant' >> $settings_file - echo ' engine : qwant' >> $settings_file - echo ' shortcut : qw' >> $settings_file - echo ' categories : general' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : qwant images' >> $settings_file - echo ' engine : qwant' >> $settings_file - echo ' shortcut : qwi' >> $settings_file - echo ' categories : images' >> $settings_file - echo '' >> $settings_file - echo ' - name : qwant news' >> $settings_file - echo ' engine : qwant' >> $settings_file - echo ' shortcut : qwn' >> $settings_file - echo ' categories : news' >> $settings_file - echo '' >> $settings_file - echo ' - name : qwant social' >> $settings_file - echo ' engine : qwant' >> $settings_file - echo ' shortcut : qws' >> $settings_file - echo ' categories : social media' >> $settings_file - echo '' >> $settings_file - echo ' - name : reddit' >> $settings_file - echo ' engine : reddit' >> $settings_file - echo ' shortcut : re' >> $settings_file - echo ' page_size : 25' >> $settings_file - echo ' timeout : 10.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : scanr structures' >> $settings_file - echo ' shortcut: scs' >> $settings_file - echo ' engine : scanr_structures' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : soundcloud' >> $settings_file - echo ' engine : soundcloud' >> $settings_file - echo ' shortcut : sc' >> $settings_file - echo '' >> $settings_file - echo ' - name : stackoverflow' >> $settings_file - echo ' engine : stackoverflow' >> $settings_file - echo ' shortcut : st' >> $settings_file - echo '' >> $settings_file - echo ' - name : searchcode doc' >> $settings_file - echo ' engine : searchcode_doc' >> $settings_file - echo ' shortcut : scd' >> $settings_file - echo '' >> $settings_file - echo ' - name : searchcode code' >> $settings_file - echo ' engine : searchcode_code' >> $settings_file - echo ' shortcut : scc' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : framalibre' >> $settings_file - echo ' engine : framalibre' >> $settings_file - echo ' shortcut : frl' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : semantic scholar' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' paging : True' >> $settings_file - echo ' search_url : https://www.semanticscholar.org/search?q={query}&sort=relevance&page={pageno}&ae=false' >> $settings_file - echo ' results_xpath : //article' >> $settings_file - echo ' url_xpath : .//div[@class="search-result-title"]/a/@href' >> $settings_file - echo ' title_xpath : .//div[@class="search-result-title"]/a' >> $settings_file - echo ' content_xpath : .//div[@class="search-result-abstract"]' >> $settings_file - echo ' shortcut : se' >> $settings_file - echo ' categories : science' >> $settings_file - echo '' >> $settings_file - echo ' - name : spotify' >> $settings_file - echo ' engine : spotify' >> $settings_file - echo ' shortcut : stf' >> $settings_file - echo '' >> $settings_file - echo ' - name : subtitleseeker' >> $settings_file - echo ' engine : subtitleseeker' >> $settings_file - echo ' shortcut : ss' >> $settings_file - echo '# The language is an option. You can put any language written in english' >> $settings_file - echo '# Examples : English, French, German, Hungarian, Chinese...' >> $settings_file - echo '# language : English' >> $settings_file - echo '' >> $settings_file - echo ' - name : startpage' >> $settings_file - echo ' engine : startpage' >> $settings_file - echo ' shortcut : sp' >> $settings_file - echo ' timeout : 6.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : ixquick' >> $settings_file - echo ' engine : startpage' >> $settings_file - echo " base_url : 'https://www.ixquick.eu/'" >> $settings_file - echo " search_url : 'https://www.ixquick.eu/do/search'" >> $settings_file - echo ' shortcut : iq' >> $settings_file - echo ' timeout : 6.0' >> $settings_file - echo '' >> $settings_file - echo ' - name : swisscows' >> $settings_file - echo ' engine : swisscows' >> $settings_file - echo ' shortcut : sw' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : tokyotoshokan' >> $settings_file - echo ' engine : tokyotoshokan' >> $settings_file - echo ' shortcut : tt' >> $settings_file - echo ' timeout : 6.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : twitter' >> $settings_file - echo ' engine : twitter' >> $settings_file - echo ' shortcut : tw' >> $settings_file - echo '' >> $settings_file - echo ' - name : urbandictionary' >> $settings_file - echo ' engine : xpath' >> $settings_file - echo ' search_url : http://www.urbandictionary.com/define.php?term={query}' >> $settings_file - echo ' url_xpath : //*[@class="word"]/@href' >> $settings_file - echo ' title_xpath : //*[@class="def-header"]' >> $settings_file - echo ' content_xpath : //*[@class="meaning"]' >> $settings_file - echo ' shortcut : ud' >> $settings_file - echo '' >> $settings_file - echo ' - name : yandex' >> $settings_file - echo ' engine : yandex' >> $settings_file - echo ' shortcut : yn' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : youtube' >> $settings_file - echo ' shortcut : yt' >> $settings_file - echo ' # You can use the engine using the official stable API, but you need an API key' >> $settings_file - echo ' # See : https://console.developers.google.com/project' >> $settings_file - echo ' # engine : youtube_api' >> $settings_file - echo ' # api_key: apikey # required!' >> $settings_file - echo ' # Or you can use the html non-stable engine, activated by default' >> $settings_file - echo ' engine : youtube_noapi' >> $settings_file - echo '' >> $settings_file - echo ' - name : dailymotion' >> $settings_file - echo ' engine : dailymotion' >> $settings_file - echo ' shortcut : dm' >> $settings_file - echo '' >> $settings_file - echo ' - name : vimeo' >> $settings_file - echo ' engine : vimeo' >> $settings_file - echo ' shortcut : vm' >> $settings_file - echo '' >> $settings_file - echo ' - name : wolframalpha' >> $settings_file - echo ' shortcut : wa' >> $settings_file - echo ' # You can use the engine using the official stable API, but you need an API key' >> $settings_file - echo ' # See : http://products.wolframalpha.com/api/' >> $settings_file - echo ' # engine : wolframalpha_api' >> $settings_file - echo ' # api_key: '' # required!' >> $settings_file - echo ' engine : wolframalpha_noapi' >> $settings_file - echo ' timeout: 6.0' >> $settings_file - echo ' categories : science' >> $settings_file - echo '' >> $settings_file - echo ' - name : seedpeer' >> $settings_file - echo ' engine : seedpeer' >> $settings_file - echo ' shortcut: speu' - echo ' categories: files, music, videos' - echo ' disabled: True' >> $settings_file - echo '' >> $settings_file - echo ' - name : dictzone' >> $settings_file - echo ' engine : dictzone' >> $settings_file - echo ' shortcut : dc' >> $settings_file - echo '' >> $settings_file - echo ' - name : mymemory translated' >> $settings_file - echo ' engine : translated' >> $settings_file - echo ' shortcut : tl' >> $settings_file - echo ' timeout : 5.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo ' # You can use without an API key, but you are limited to 1000 words/day' >> $settings_file - echo ' # See : http://mymemory.translated.net/doc/usagelimits.php' >> $settings_file - echo ' # api_key : ""' >> $settings_file - echo '' >> $settings_file - echo ' - name : voat' >> $settings_file - echo ' engine: xpath' >> $settings_file - echo ' shortcut: vo' >> $settings_file - echo ' categories: social media' >> $settings_file - echo ' search_url : https://voat.co/search?q={query}' >> $settings_file - echo ' url_xpath : //p[contains(@class, "title")]/a/@href' >> $settings_file - echo ' title_xpath : //p[contains(@class, "title")]/a' >> $settings_file - echo ' content_xpath : //span[@class="domain"]' >> $settings_file - echo ' timeout : 10.0' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo ' - name : 1337x' >> $settings_file - echo ' engine : 1337x' >> $settings_file - echo ' shortcut : 1337x' >> $settings_file - echo ' disabled : True' >> $settings_file - echo '' >> $settings_file - echo 'locales:' >> $settings_file - echo ' en : English' >> $settings_file - echo ' bg : Български (Bulgarian)' >> $settings_file - echo ' cs : Čeština (Czech)' >> $settings_file - echo ' de : Deutsch (German)' >> $settings_file - echo ' de_DE : Deutsch (German_Germany)' >> $settings_file - echo ' el_GR : Ελληνικά (Greek_Greece)' >> $settings_file - echo ' eo : Esperanto (Esperanto)' >> $settings_file - echo ' es : Español (Spanish)' >> $settings_file - echo ' fi : Suomi (Finnish)' >> $settings_file - echo ' fr : Français (French)' >> $settings_file - echo ' he : עברית (Hebrew)' >> $settings_file - echo ' hu : Magyar (Hungarian)' >> $settings_file - echo ' it : Italiano (Italian)' >> $settings_file - echo ' ja : 日本語 (Japanese)' >> $settings_file - echo ' nl : Nederlands (Dutch)' >> $settings_file - echo ' pt : Português (Portuguese)' >> $settings_file - echo ' pt_BR : Português (Portuguese_Brazil)' >> $settings_file - echo ' ro : Română (Romanian)' >> $settings_file - echo ' ru : Русский (Russian)' >> $settings_file - echo ' sk : Slovenčina (Slovak)' >> $settings_file - echo ' sv : Svenska (Swedish)' >> $settings_file - echo ' tr : Türkçe (Turkish)' >> $settings_file - echo ' uk : українська мова (Ukrainian)' >> $settings_file - echo ' zh : 中文 (Chinese)' >> $settings_file - echo '' >> $settings_file - echo 'doi_resolvers :' >> $settings_file - echo " oadoi.org : 'https://oadoi.org/'" >> $settings_file - echo " doi.org : 'https://doi.org/'" >> $settings_file - echo " doai.io : 'http://doai.io/'" >> $settings_file - echo '' >> $settings_file - echo "default_doi_resolver : 'oadoi.org'" >> $settings_file + { echo 'general:'; + echo ' debug : False'; + echo ' instance_name : "Freedombone Metasearch"'; + echo ''; + echo 'search:'; + echo ' safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict'; + echo ' autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "startpage", "wikipedia" - leave blank to turn it off by default'; + echo ' language : "all"'; + echo ''; + echo 'server:'; + echo ' port : 8888'; + echo ' bind_address : "127.0.0.1" # address to listen on'; + echo " secret_key : \"${SEARX_SECRET_KEY}\""; + echo " base_url : http://${SEARX_ONION_HOSTNAME}/"; + echo ' image_proxy : True # Proxying image results through searx'; + echo ' http_protocol_version : "1.1" # 1.0 and 1.1 are supported'; + echo ''; + echo 'ui:'; + echo ' static_path : "" # Custom static path - leave it blank if you didnt change'; + echo ' templates_path : "" # Custom templates path - leave it blank if you didnt change'; + echo ' themes_path : "" # Custom ui themes path'; + echo ' default_theme : courgette # ui theme'; + echo ' default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the 'locales' config section'; + echo ''; + echo 'outgoing: # communication with search engines'; + echo ' request_timeout : 10.0 # seconds'; + echo ' useragent_suffix : "" # suffix of searx_useragent, could contain informations like an email address to the administrator'; + echo ' pool_connections : 100 # Number of different hosts'; + echo ' pool_maxsize : 10 # Number of simultaneous requests by host'; + echo ' proxies :'; + echo ' http : socks5://127.0.0.1:9050'; + echo ''; + echo 'engines:'; + echo ' - name : arch linux wiki'; + echo ' engine : archlinux'; + echo ' categories : general'; + echo ' shortcut : al'; + echo ''; + echo ' - name : archive is'; + echo ' engine : xpath'; + echo ' search_url : https://archive.is/{query}'; + echo ' url_xpath : (//div[@class="TEXT-BLOCK"]/a)/@href'; + echo ' title_xpath : (//div[@class="TEXT-BLOCK"]/a)'; + echo ' content_xpath : //div[@class="TEXT-BLOCK"]/ul/li'; + echo ' categories : general'; + echo ' timeout : 7.0'; + echo ' disabled : True'; + echo ' shortcut : ai'; + echo ''; + echo ' - name : base'; + echo ' engine : base'; + echo ' shortcut : bs'; + echo ''; + echo ' - name : wikipedia'; + echo ' engine : wikipedia'; + echo ' shortcut : wp'; + echo ' categories : general'; + echo ' base_url : "https://{language}.wikipedia.org/"'; + echo ''; + echo ' - name : bitbucket'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' search_url : https://bitbucket.org/repo/all/{pageno}?name={query}'; + echo ' url_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]/@href'; + echo ' title_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]'; + echo ' content_xpath : //article[@class="repo-summary"]/p'; + echo ' categories : code'; + echo ' timeout : 4.0'; + echo ' disabled : True'; + echo ' shortcut : bb'; + echo ''; + echo ' - name : ccc-tv'; + echo ' engine : xpath'; + echo ' paging : False'; + echo ' search_url : https://media.ccc.de/search/?q={query}'; + echo ' url_xpath : //div[@class="caption"]/h3/a/@href'; + echo ' title_xpath : //div[@class="caption"]/h3/a/text()'; + echo ' content_xpath : //div[@class="caption"]/h4/@title'; + echo ' categories : videos'; + echo ' shortcut : c3tv'; + echo ''; + echo ' - name : crossref'; + echo ' engine : json_engine'; + echo ' paging : True'; + echo ' search_url : http://search.crossref.org/dois?q={query}&page={pageno}'; + echo ' url_query : doi'; + echo ' title_query : title'; + echo ' content_query : fullCitation'; + echo ' categories : science'; + echo ' shortcut : cr'; + echo ''; + echo ' - name : currency'; + echo ' engine : currency_convert'; + echo ' categories : general'; + echo ' shortcut : cc'; + echo ''; + echo ' - name : deezer'; + echo ' engine : deezer'; + echo ' shortcut : dz'; + echo ''; + echo ' - name : deviantart'; + echo ' engine : deviantart'; + echo ' shortcut : da'; + echo ' timeout: 3.0'; + echo ''; + echo ' - name : ddg definitions'; + echo ' engine : duckduckgo_definitions'; + echo ' shortcut : ddd'; + echo ' weight : 2'; + echo ' disabled : True'; + echo ''; + echo ' - name : digbt'; + echo ' engine : digbt'; + echo ' shortcut : dbt'; + echo ' timeout : 6.0'; + echo ' disabled : True'; + echo ''; + echo ' - name : erowid'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' first_page_num : 0'; + echo ' page_size : 30'; + echo ' search_url : https://www.erowid.org/search.php?q={query}&s={pageno}'; + echo ' url_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/@href'; + echo ' title_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/text()'; + echo ' content_xpath : //dl[@class="results-list"]/dd[@class="result-details"]'; + echo ' categories : general'; + echo ' shortcut : ew'; + echo ' disabled : True'; + echo ''; + echo ' - name : wikidata'; + echo ' engine : wikidata'; + echo ' shortcut : wd'; + echo ' weight : 2'; + echo ''; + echo ' - name : duckduckgo'; + echo ' engine : duckduckgo'; + echo ' shortcut : ddg'; + echo ' categories : general'; + echo ''; + echo ' - name : etymonline'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' search_url : http://etymonline.com/?search={query}&p={pageno}'; + echo ' url_xpath : //dt/a[1]/@href'; + echo ' title_xpath : //dt'; + echo ' content_xpath : //dd'; + echo ' suggestion_xpath : //a[@class="crossreference"]'; + echo ' first_page_num : 0'; + echo ' shortcut : et'; + echo ' disabled : True'; + echo ''; + echo ' - name : 500px'; + echo ' engine : www500px'; + echo ' shortcut : px'; + echo ''; + echo ' - name : 1x'; + echo ' engine : www1x'; + echo ' shortcut : 1x'; + echo ' disabled : True'; + echo ''; + echo ' - name : fdroid'; + echo ' engine : fdroid'; + echo ' shortcut : fd'; + echo ' disabled : True'; + echo ''; + echo ' - name : flickr'; + echo ' categories : images'; + echo ' shortcut : fl'; + echo '# You can use the engine using the official stable API, but you need an API key'; + echo '# See : https://www.flickr.com/services/apps/create/'; + echo '# engine : flickr'; + echo "# api_key: 'apikey' # required!"; + echo '# Or you can use the html non-stable engine, activated by default'; + echo ' engine : flickr_noapi'; + echo ''; + echo ' - name : frinkiac'; + echo ' engine : frinkiac'; + echo ' shortcut : frk'; + echo ' disabled : True'; + echo ''; + echo ' - name : gigablast'; + echo ' engine : gigablast'; + echo ' shortcut : gb'; + echo ' timeout : 3.0'; + echo ' disabled: True'; + echo ''; + echo ' - name : gitlab'; + echo ' engine : json_engine'; + echo ' paging : True'; + echo ' search_url : https://gitlab.com/api/v4/projects?search={query}&page={pageno}'; + echo ' url_query : web_url'; + echo ' title_query : name_with_namespace'; + echo ' content_query : description'; + echo ' page_size : 20'; + echo ' categories : code'; + echo ' shortcut : gl'; + echo ' timeout : 10.0'; + echo ' disabled : False'; + echo ''; + echo ' - name : github'; + echo ' engine : github'; + echo ' shortcut : gh'; + echo ' categories : code'; + echo ''; + echo ' - name : geektimes'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' search_url : https://geektimes.ru/search/page{pageno}/?q={query}'; + echo ' url_xpath : //div[@class="search_results"]//a[@class="post__title_link"]/@href'; + echo ' title_xpath : //div[@class="search_results"]//a[@class="post__title_link"]'; + echo ' content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]'; + echo ' categories : code'; + echo ' timeout : 4.0'; + echo ' disabled : True'; + echo ' shortcut : gt'; + echo ''; + echo ' - name : habrahabr'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' search_url : https://habrahabr.ru/search/page{pageno}/?q={query}'; + echo ' url_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]/@href'; + echo ' title_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]'; + echo ' content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]'; + echo ' categories : code'; + echo ' timeout : 4.0'; + echo ' disabled : True'; + echo ' shortcut : habr'; + echo ''; + echo ' - name : hoogle'; + echo ' engine : json_engine'; + echo ' paging : True'; + echo ' search_url : https://www.haskell.org/hoogle/?mode=json&hoogle={query}&start={pageno}'; + echo ' results_query : results'; + echo ' url_query : location'; + echo ' title_query : self'; + echo ' content_query : docs'; + echo ' page_size : 20'; + echo ' categories : code'; + echo ' shortcut : ho'; + echo ''; + echo ' - name : ina'; + echo ' engine : ina'; + echo ' shortcut : in'; + echo ' timeout : 6.0'; + echo ' disabled : True'; + echo ''; + echo ' - name: kickass'; + echo ' engine : kickass'; + echo ' shortcut : kc'; + echo ' timeout : 4.0'; + echo ' disabled : True'; + echo ''; + echo ' - name : library genesis'; + echo ' engine : xpath'; + echo ' search_url : http://libgen.io/search.php?req={query}'; + echo ' url_xpath : //a[contains(@href,"bookfi.net")]/@href'; + echo ' title_xpath : //a[contains(@href,"book/")]/text()[1]'; + echo ' content_xpath : //td/a[1][contains(@href,"=author")]/text()'; + echo ' categories : general'; + echo ' timeout : 7.0'; + echo ' disabled : True'; + echo ' shortcut : lg'; + echo ''; + echo ' - name : lobste.rs'; + echo ' engine : xpath'; + echo ' search_url : https://lobste.rs/search?utf8=%E2%9C%93&q={query}&what=stories&order=relevance'; + echo ' results_xpath : //li[contains(@class, "story")]'; + echo ' url_xpath : .//span[@class="link"]/a/@href'; + echo ' title_xpath : .//span[@class="link"]/a'; + echo ' content_xpath : .//a[@class="domain"]'; + echo ' categories : code'; + echo ' shortcut : lo'; + echo ''; + echo ' - name : mixcloud'; + echo ' engine : mixcloud'; + echo ' shortcut : mc'; + echo ''; + echo ' - name : nyaa'; + echo ' engine : nyaa'; + echo ' shortcut : nt'; + echo ' disabled : True'; + echo ''; + echo ' - name : openstreetmap'; + echo ' engine : openstreetmap'; + echo ' shortcut : osm'; + echo ''; + echo ' - name : openrepos'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' search_url : https://openrepos.net/search/node/{query}?page={pageno}'; + echo ' url_xpath : //li[@class="search-result"]//h3[@class="title"]/a/@href'; + echo ' title_xpath : //li[@class="search-result"]//h3[@class="title"]/a'; + echo ' content_xpath : //li[@class="search-result"]//div[@class="search-snippet-info"]//p[@class="search-snippet"]'; + echo ' categories : files'; + echo ' timeout : 4.0'; + echo ' disabled : True'; + echo ' shortcut : or'; + echo ''; + echo ' - name : pdbe'; + echo ' engine : pdbe'; + echo ' shortcut : pdb'; + echo ''; + echo ' - name : photon'; + echo ' engine : photon'; + echo ' shortcut : ph'; + echo ''; + echo ' - name : piratebay'; + echo ' engine : piratebay'; + echo ' shortcut : tpb'; + echo ' url: https://pirateproxy.red/'; + echo ' timeout : 3.0'; + echo ''; + echo ' - name : qwant'; + echo ' engine : qwant'; + echo ' shortcut : qw'; + echo ' categories : general'; + echo ' disabled : True'; + echo ''; + echo ' - name : qwant images'; + echo ' engine : qwant'; + echo ' shortcut : qwi'; + echo ' categories : images'; + echo ''; + echo ' - name : qwant news'; + echo ' engine : qwant'; + echo ' shortcut : qwn'; + echo ' categories : news'; + echo ''; + echo ' - name : qwant social'; + echo ' engine : qwant'; + echo ' shortcut : qws'; + echo ' categories : social media'; + echo ''; + echo ' - name : reddit'; + echo ' engine : reddit'; + echo ' shortcut : re'; + echo ' page_size : 25'; + echo ' timeout : 10.0'; + echo ' disabled : True'; + echo ''; + echo ' - name : scanr structures'; + echo ' shortcut: scs'; + echo ' engine : scanr_structures'; + echo ' disabled : True'; + echo ''; + echo ' - name : soundcloud'; + echo ' engine : soundcloud'; + echo ' shortcut : sc'; + echo ''; + echo ' - name : stackoverflow'; + echo ' engine : stackoverflow'; + echo ' shortcut : st'; + echo ''; + echo ' - name : searchcode doc'; + echo ' engine : searchcode_doc'; + echo ' shortcut : scd'; + echo ''; + echo ' - name : searchcode code'; + echo ' engine : searchcode_code'; + echo ' shortcut : scc'; + echo ' disabled : True'; + echo ''; + echo ' - name : framalibre'; + echo ' engine : framalibre'; + echo ' shortcut : frl'; + echo ' disabled : True'; + echo ''; + echo ' - name : semantic scholar'; + echo ' engine : xpath'; + echo ' paging : True'; + echo ' search_url : https://www.semanticscholar.org/search?q={query}&sort=relevance&page={pageno}&ae=false'; + echo ' results_xpath : //article'; + echo ' url_xpath : .//div[@class="search-result-title"]/a/@href'; + echo ' title_xpath : .//div[@class="search-result-title"]/a'; + echo ' content_xpath : .//div[@class="search-result-abstract"]'; + echo ' shortcut : se'; + echo ' categories : science'; + echo ''; + echo ' - name : spotify'; + echo ' engine : spotify'; + echo ' shortcut : stf'; + echo ''; + echo ' - name : subtitleseeker'; + echo ' engine : subtitleseeker'; + echo ' shortcut : ss'; + echo '# The language is an option. You can put any language written in english'; + echo '# Examples : English, French, German, Hungarian, Chinese...'; + echo '# language : English'; + echo ''; + echo ' - name : startpage'; + echo ' engine : startpage'; + echo ' shortcut : sp'; + echo ' timeout : 6.0'; + echo ' disabled : True'; + echo ''; + echo ' - name : ixquick'; + echo ' engine : startpage'; + echo " base_url : 'https://www.ixquick.eu/'"; + echo " search_url : 'https://www.ixquick.eu/do/search'"; + echo ' shortcut : iq'; + echo ' timeout : 6.0'; + echo ''; + echo ' - name : swisscows'; + echo ' engine : swisscows'; + echo ' shortcut : sw'; + echo ' disabled : True'; + echo ''; + echo ' - name : tokyotoshokan'; + echo ' engine : tokyotoshokan'; + echo ' shortcut : tt'; + echo ' timeout : 6.0'; + echo ' disabled : True'; + echo ''; + echo ' - name : twitter'; + echo ' engine : twitter'; + echo ' shortcut : tw'; + echo ''; + echo ' - name : urbandictionary'; + echo ' engine : xpath'; + echo ' search_url : http://www.urbandictionary.com/define.php?term={query}'; + echo ' url_xpath : //*[@class="word"]/@href'; + echo ' title_xpath : //*[@class="def-header"]'; + echo ' content_xpath : //*[@class="meaning"]'; + echo ' shortcut : ud'; + echo ''; + echo ' - name : yandex'; + echo ' engine : yandex'; + echo ' shortcut : yn'; + echo ' disabled : True'; + echo ''; + echo ' - name : youtube'; + echo ' shortcut : yt'; + echo ' # You can use the engine using the official stable API, but you need an API key'; + echo ' # See : https://console.developers.google.com/project'; + echo ' # engine : youtube_api'; + echo ' # api_key: apikey # required!'; + echo ' # Or you can use the html non-stable engine, activated by default'; + echo ' engine : youtube_noapi'; + echo ''; + echo ' - name : dailymotion'; + echo ' engine : dailymotion'; + echo ' shortcut : dm'; + echo ''; + echo ' - name : vimeo'; + echo ' engine : vimeo'; + echo ' shortcut : vm'; + echo ''; + echo ' - name : wolframalpha'; + echo ' shortcut : wa'; + echo ' # You can use the engine using the official stable API, but you need an API key'; + echo ' # See : http://products.wolframalpha.com/api/'; + echo ' # engine : wolframalpha_api'; + echo ' # api_key: '' # required!'; + echo ' engine : wolframalpha_noapi'; + echo ' timeout: 6.0'; + echo ' categories : science'; + echo ''; + echo ' - name : seedpeer'; + echo ' engine : seedpeer'; + echo ' shortcut: speu' + echo ' categories: files, music, videos' + echo ' disabled: True'; + echo ''; + echo ' - name : dictzone'; + echo ' engine : dictzone'; + echo ' shortcut : dc'; + echo ''; + echo ' - name : mymemory translated'; + echo ' engine : translated'; + echo ' shortcut : tl'; + echo ' timeout : 5.0'; + echo ' disabled : True'; + echo ' # You can use without an API key, but you are limited to 1000 words/day'; + echo ' # See : http://mymemory.translated.net/doc/usagelimits.php'; + echo ' # api_key : ""'; + echo ''; + echo ' - name : voat'; + echo ' engine: xpath'; + echo ' shortcut: vo'; + echo ' categories: social media'; + echo ' search_url : https://voat.co/search?q={query}'; + echo ' url_xpath : //p[contains(@class, "title")]/a/@href'; + echo ' title_xpath : //p[contains(@class, "title")]/a'; + echo ' content_xpath : //span[@class="domain"]'; + echo ' timeout : 10.0'; + echo ' disabled : True'; + echo ''; + echo ' - name : 1337x'; + echo ' engine : 1337x'; + echo ' shortcut : 1337x'; + echo ' disabled : True'; + echo ''; + echo 'locales:'; + echo ' en : English'; + echo ' bg : Български (Bulgarian)'; + echo ' cs : Čeština (Czech)'; + echo ' de : Deutsch (German)'; + echo ' de_DE : Deutsch (German_Germany)'; + echo ' el_GR : Ελληνικά (Greek_Greece)'; + echo ' eo : Esperanto (Esperanto)'; + echo ' es : Español (Spanish)'; + echo ' fi : Suomi (Finnish)'; + echo ' fr : Français (French)'; + echo ' he : עברית (Hebrew)'; + echo ' hu : Magyar (Hungarian)'; + echo ' it : Italiano (Italian)'; + echo ' ja : 日本語 (Japanese)'; + echo ' nl : Nederlands (Dutch)'; + echo ' pt : Português (Portuguese)'; + echo ' pt_BR : Português (Portuguese_Brazil)'; + echo ' ro : Română (Romanian)'; + echo ' ru : Русский (Russian)'; + echo ' sk : Slovenčina (Slovak)'; + echo ' sv : Svenska (Swedish)'; + echo ' tr : Türkçe (Turkish)'; + echo ' uk : українська мова (Ukrainian)'; + echo ' zh : 中文 (Chinese)'; + echo ''; + echo 'doi_resolvers :'; + echo " oadoi.org : 'https://oadoi.org/'"; + echo " doi.org : 'https://doi.org/'"; + echo " doai.io : 'http://doai.io/'"; + echo ''; + echo "default_doi_resolver : 'oadoi.org'"; } > $settings_file } function upgrade_searx { @@ -852,8 +855,8 @@ function remove_searx { rm -rf ${SEARX_PATH}/searx fi remove_completion_param install_searx - sed -i '/Search engine /d' $COMPLETION_FILE - sed -i '/searx /d' $COMPLETION_FILE + sed -i '/Search engine /d' "$COMPLETION_FILE" + sed -i '/searx /d' "$COMPLETION_FILE" } function install_searx { @@ -876,44 +879,37 @@ function install_searx { pip install --upgrade pip - pip install certifi - if [ ! "$?" = "0" ]; then + if ! pip install certifi; then echo $'Failed to install certifi' exit 737692 fi - pip install pyyaml - if [ ! "$?" = "0" ]; then + if ! pip install pyyaml; then echo $'Failed to install pyyaml' exit 469242 fi - pip install flask --upgrade - if [ ! "$?" = "0" ]; then + if ! pip install flask --upgrade; then echo $'Failed to install flask' exit 888575 fi - pip install flask_restless --upgrade - if [ ! "$?" = "0" ]; then + if ! pip install flask_restless --upgrade; then echo $'Failed to install flask_restless' exit 54835 fi - pip install flask_babel --upgrade - if [ ! "$?" = "0" ]; then + if ! pip install flask_babel --upgrade; then echo $'Failed to install flask_babel' exit 63738 fi - pip install requests --upgrade - if [ ! "$?" = "0" ]; then + if ! pip install requests --upgrade; then echo $'Failed to install requests' exit 357282 fi - pip install pygments --upgrade - if [ ! "$?" = "0" ]; then + if ! pip install pygments --upgrade; then echo $'Failed to install pygments' exit 357282 fi @@ -923,12 +919,12 @@ function install_searx { fi # clone the repo - cd $SEARX_PATH + cd $SEARX_PATH || exit 26482468 if [ -d /repos/searx ]; then mkdir searx cp -r -p /repos/searx/. searx - cd searx + cd searx || exit 2468246 git pull else function_check git_clone @@ -946,57 +942,57 @@ function install_searx { adduser searx debian-tor # daemon - echo '[Unit]' > /etc/systemd/system/searx.service - echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service - echo 'After=syslog.target' >> /etc/systemd/system/searx.service - echo 'After=network.target' >> /etc/systemd/system/searx.service - echo '' >> /etc/systemd/system/searx.service - echo '[Service]' >> /etc/systemd/system/searx.service - echo 'Type=simple' >> /etc/systemd/system/searx.service - echo 'User=searx' >> /etc/systemd/system/searx.service - echo 'Group=searx' >> /etc/systemd/system/searx.service - echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service - echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service - echo 'Restart=always' >> /etc/systemd/system/searx.service - echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service - echo '' >> /etc/systemd/system/searx.service - echo '[Install]' >> /etc/systemd/system/searx.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service + { echo '[Unit]'; + echo 'Description=Searx (search engine)'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=searx'; + echo 'Group=searx'; + echo "WorkingDirectory=${SEARX_PATH}/searx"; + echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py"; + echo 'Restart=always'; + echo 'Environment="USER=searx"'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/searx.service # create a webserver file - echo 'server {' > /etc/nginx/sites-available/searx - echo " listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx - echo " root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx - echo " server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/searx - echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx + { echo 'server {'; + echo " listen 127.0.0.1:${SEARX_ONION_PORT} default_server;"; + echo " root ${SEARX_PATH}/searx;"; + echo " server_name ${SEARX_ONION_HOSTNAME};"; + echo ' access_log /dev/null;'; + echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;"; + echo ''; } > /etc/nginx/sites-available/searx function_check nginx_disable_sniffing nginx_disable_sniffing searx - echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' location / {' >> /etc/nginx/sites-available/searx + { echo ' add_header Strict-Transport-Security max-age=0;'; + echo ''; + echo ' location / {'; } >> /etc/nginx/sites-available/searx function_check nginx_limits nginx_limits searx '1M' - echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx - echo " #auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx - echo ' #auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx - echo ' }' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx - echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx - echo ' allow all;' >> /etc/nginx/sites-available/searx - echo ' log_not_found off;' >> /etc/nginx/sites-available/searx - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/searx - echo ' }' >> /etc/nginx/sites-available/searx - echo '}' >> /etc/nginx/sites-available/searx + { echo ' proxy_pass http://localhost:8888;'; + echo " #auth_basic \"${SEARX_LOGIN_TEXT}\";"; + echo ' #auth_basic_user_file /etc/nginx/.htpasswd;'; + echo ' }'; + echo ''; + echo ' fastcgi_buffers 64 4K;'; + echo ''; + echo ' error_page 403 /core/templates/403.php;'; + echo ' error_page 404 /core/templates/404.php;'; + echo ''; + echo ' location = /robots.txt {'; + echo ' allow all;'; + echo ' log_not_found off;'; + echo ' access_log /dev/null;'; + echo ' }'; + echo '}'; } >> /etc/nginx/sites-available/searx # replace the secret key - if ! grep -q "searx key" $COMPLETION_FILE; then + if ! grep -q "searx key" "$COMPLETION_FILE"; then SEARX_SECRET_KEY="$(create_password 30)" set_completion_param "searx key" "${SEARX_SECRET_KEY}" fi @@ -1019,12 +1015,12 @@ function install_searx { systemctl daemon-reload systemctl start searx.service - SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a searx -p "$SEARX_PASSWORD" + SEARX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a searx -p "$SEARX_PASSWORD" if grep -q "$MY_USERNAME:" /etc/nginx/.htpasswd; then sed -i "/$MY_USERNAME:/d" /etc/nginx/.htpasswd fi - echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME + echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd "$MY_USERNAME" APP_INSTALLED=1 }