#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # privatebin application # # License # ======= # # Copyright (C) 2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='full full-vim writer' IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=1 PRIVATEBIN_DOMAIN_NAME= PRIVATEBIN_CODE= PRIVATEBIN_ONION_PORT=8150 PRIVATEBIN_REPO="https://github.com/PrivateBin/PrivateBin" PRIVATEBIN_COMMIT='9c132cd839fd5e91da18e4a1e8ebef64fce605fb' PRIVATEBIN_ADMIN_PASSWORD= PRIVATEBIN_SHORT_DESCRIPTION=$'PrivateBin' PRIVATEBIN_DESCRIPTION=$'PrivateBin zero knowledge pastebin' PRIVATEBIN_MOBILE_APP_URL= privatebin_variables=(ONION_ONLY PRIVATEBIN_DOMAIN_NAME PRIVATEBIN_CODE DDNS_PROVIDER MY_USERNAME) function secure_privatebin { pbpath="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" pbdata="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data" htgroup='www-data' rootuser='root' find "${pbpath}/" -type f -print0 | xargs -0 chmod 0640 find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550 chown -R ${rootuser}:${htgroup} "${pbpath}/" chown -R www-data:www-data "${pbdata}" chmod 755 "${pbdata}" } function logging_on_privatebin { echo -n '' } function logging_off_privatebin { echo -n '' } function remove_user_privatebin { echo -n '' # remove_username="$1" } function add_user_privatebin { # new_username="$1" # new_user_password="$2" echo '0' } function install_interactive_privatebin { if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi if [[ "$ONION_ONLY" != "no" ]]; then PRIVATEBIN_DOMAIN_NAME='privatebin.local' else PRIVATEBIN_DETAILS_COMPLETE= while [ ! $PRIVATEBIN_DETAILS_COMPLETE ] do data=$(mktemp 2>/dev/null) if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"PrivateBin Configuration" \ --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \ 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"PrivateBin Configuration" \ --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \ 2> "$data" fi sel=$? case $sel in 1) rm -f "$data" exit 1;; 255) rm -f "$data" exit 1;; esac PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data") if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then PRIVATEBIN_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME validate_domain_name if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then PRIVATEBIN_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then PRIVATEBIN_CODE=$(sed -n 2p < "$data") validate_freedns_code "$PRIVATEBIN_CODE" if [ ! "$VALID_CODE" ]; then PRIVATEBIN_DOMAIN_NAME= fi fi fi fi if [ $PRIVATEBIN_DOMAIN_NAME ]; then PRIVATEBIN_DETAILS_COMPLETE="yes" fi rm -f "$data" done write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE" fi write_config_param "PRIVATEBIN_DOMAIN_NAME" "$PRIVATEBIN_DOMAIN_NAME" APP_INSTALLED=1 } function change_password_privatebin { # curr_username="$1" # new_user_password="$2" echo -n '' } function reconfigure_privatebin { echo -n '' } function upgrade_privatebin { if grep -q "privatebin domain" "$COMPLETION_FILE"; then PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") fi chmod 755 "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data" CURR_PRIVATEBIN_COMMIT=$(get_completion_param "privatebin commit") if [[ "$CURR_PRIVATEBIN_COMMIT" == "$PRIVATEBIN_COMMIT" ]]; then return fi # update to the next commit function_check set_repo_commit set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO" secure_privatebin } function backup_local_privatebin { PRIVATEBIN_DOMAIN_NAME='privatebin' if grep -q "privatebin domain" "$COMPLETION_FILE"; then PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") fi source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data" function_check suspend_site suspend_site "${PRIVATEBIN_DOMAIN_NAME}" function_check backup_directory_to_usb dest_directory=privatebin backup_directory_to_usb "$source_directory" "$dest_directory" function_check restart_site restart_site } function restore_local_privatebin { if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then return fi PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then echo $"Restoring privatebin" temp_restore_dir=/root/tempprivatebin privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data" function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir privatebin if [ -d $temp_restore_dir ]; then if [ -d "$temp_restore_dir$privatebin_dir" ]; then cp -rp "$temp_restore_dir$privatebin_dir/"* "$privatebin_dir/" else cp -rp "$temp_restore_dir/"* "$privatebin_dir/" fi secure_privatebin rm -rf $temp_restore_dir fi echo $"Restore of privatebin complete" fi } function backup_remote_privatebin { PRIVATEBIN_DOMAIN_NAME='privatebin' if grep -q "privatebin domain" "$COMPLETION_FILE"; then PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") fi source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data" function_check suspend_site suspend_site "${PRIVATEBIN_DOMAIN_NAME}" function_check backup_directory_to_friend dest_directory=privatebin backup_directory_to_friend "$source_directory" "$dest_directory" function_check restart_site restart_site } function restore_remote_privatebin { if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then return fi PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain") if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then temp_restore_dir=/root/tempprivatebin privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir privatebin if [ -d $temp_restore_dir ]; then if [ -d "$temp_restore_dir$privatebin_dir" ]; then cp -rp "$temp_restore_dir$privatebin_dir/"* "$privatebin_dir/" else cp -rp "$temp_restore_dir/"* "$privatebin_dir/" fi secure_privatebin rm -rf $temp_restore_dir fi fi } function remove_privatebin { if [ ${#PRIVATEBIN_DOMAIN_NAME} -eq 0 ]; then return fi read_config_param "PRIVATEBIN_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $PRIVATEBIN_DOMAIN_NAME" nginx_dissite "$PRIVATEBIN_DOMAIN_NAME" remove_certs "$PRIVATEBIN_DOMAIN_NAME" if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME" fi if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" fi function_check remove_onion_service remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT} if grep -q "privatebin" /etc/crontab; then sed -i "/privatebin/d" /etc/crontab fi remove_app privatebin remove_completion_param install_privatebin sed -i '/privatebin/d' "$COMPLETION_FILE" function_check remove_ddns_domain remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME" } function install_privatebin { if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then echo $'No domain name was given for privatebin' exit 7359 fi apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl apt-get -yq install php-libsodium libsodium18 php-mcrypt if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME" fi if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/privatebin ]; then mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824 git pull else function_check git_clone git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" fi if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone privatebin repo' exit 63763873 fi fi cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462 git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT" set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT" chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" function_check add_ddns_domain add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME" PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT}) privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php" { echo 'server {'; echo ' listen 443 ssl;'; echo ' #listen [::]:443 ssl;'; echo " server_name $PRIVATEBIN_DOMAIN_NAME;"; echo ''; } >> "$privatebin_nginx_site" function_check nginx_compress nginx_compress "$PRIVATEBIN_DOMAIN_NAME" echo '' >> "$privatebin_nginx_site" echo ' # Security' >> "$privatebin_nginx_site" function_check nginx_ssl nginx_ssl "$PRIVATEBIN_DOMAIN_NAME" function_check nginx_security_options nginx_security_options "$PRIVATEBIN_DOMAIN_NAME" { echo ' add_header Strict-Transport-Security max-age=15768000;'; echo ''; echo ' # Logs'; echo ' access_log /dev/null;'; echo ' error_log /dev/null;'; echo ''; echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;"; echo ''; echo ' index index.php;'; echo ''; echo ' location ~ \.php {'; echo ' include snippets/fastcgi-php.conf;'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' fastcgi_read_timeout 30;'; echo ' }'; echo ''; echo ' # Location'; echo ' location / {'; } >> "$privatebin_nginx_site" function_check nginx_limits nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m' { echo " try_files \$uri \$uri/ @privatebin;"; echo ' }'; echo ''; echo ' # Restrict access that is unnecessary anyway'; echo ' location ~ /\.(ht|git) {'; echo ' deny all;'; echo ' }'; echo '}'; echo ''; } >> "$privatebin_nginx_site" else echo -n '' > "$privatebin_nginx_site" fi { echo 'server {'; echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;"; echo " server_name $PRIVATEBIN_ONION_HOSTNAME;"; echo ''; } >> "$privatebin_nginx_site" function_check nginx_compress nginx_compress "$PRIVATEBIN_DOMAIN_NAME" echo '' >> "$privatebin_nginx_site" function_check nginx_security_options nginx_security_options "$PRIVATEBIN_DOMAIN_NAME" { echo ''; echo ' # Logs'; echo ' access_log /dev/null;'; echo ' error_log /dev/null;'; echo ''; echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;"; echo ''; echo ' index index.php;'; echo ''; echo ' location ~ \.php {'; echo ' include snippets/fastcgi-php.conf;'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' fastcgi_read_timeout 30;'; echo ' }'; echo ''; echo ' # Location'; echo ' location / {'; } >> "$privatebin_nginx_site" function_check nginx_limits nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m' { echo " try_files \$uri \$uri/ @privatebin;"; echo ' }'; echo ''; echo ' # Restrict access that is unnecessary anyway'; echo ' location ~ /\.(ht|git) {'; echo ' deny all;'; echo ' }'; echo '}'; } >> "$privatebin_nginx_site" function_check configure_php configure_php function_check create_site_certificate create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes' function_check nginx_ensite nginx_ensite "$PRIVATEBIN_DOMAIN_NAME" cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" # Change some defaults sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php" mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data" secure_privatebin systemctl restart php7.0-fpm systemctl restart nginx set_completion_param "privatebin domain" "$PRIVATEBIN_DOMAIN_NAME" APP_INSTALLED=1 } # NOTE: deliberately there is no "exit 0"