#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # IRC server application # # License # ======= # # Copyright (C) 2014-2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='full chat' IRC_PORT=6697 IRC_ONION_PORT=6697 # An optional password to log into IRC. This applies to all users IRC_PASSWORD= function run_client_irc { irssi } function irc_show_password { IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') dialog --title $"IRC Password" \ --msgbox "$IRC_PASSWORD" 6 40 } function irc_set_global_password { dialog --title $"IRC Password" \ --clear \ --backtitle $"Freedombone Control Panel" \ --passwordbox $"Password for all IRC users, or press Enter for no password" 10 50 2> $data sel=$? case $sel in 0) EXISTING_IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') NEW_IRC_PASSWORD=$(<$data) sed -i "0,/RE/s/Password =.*/Password =$NEW_IRC_PASSWORD/" /etc/ngircd/ngircd.conf # replace the password for all users for d in /home/*/ ; do IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $IRC_USERNAME != "git" && $IRC_USERNAME != "mirrors" && $IRC_USERNAME != "sync" && $IRC_USERNAME != "tahoelafs" ]]; then if [ -f /home/$IRC_USERNAME/.irssi/config ]; then sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/$IRC_USERNAME/.irssi/config chown -R $IRC_USERNAME:$IRC_USERNAME /home/$IRC_USERNAME/.irssi fi fi done # restart the daemon for the new password to take effect systemctl restart ngircd dialog --title $"IRC Password" \ --msgbox $"The IRC password was changed" 6 40 ;; esac } function configure_interactive_irc { if [ ! -d /etc/ngircd ]; then dialog --title $"IRC Menu" \ --msgbox $"No IRC server is installed" 6 70 return fi while true do data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"IRC Menu" \ --radiolist $"Choose an operation:" 14 70 4 \ 1 $"Set a password for all IRC users" off \ 2 $"Show current IRC login password" off \ 3 $"Exit" on 2> $data sel=$? case $sel in 1) break;; 255) break;; esac case $(cat $data) in 1) irc_set_global_password;; 2) irc_show_password;; 3) break;; esac done } function install_interactive_irc { echo -n '' } function change_password_irc { echo -n '' } function reconfigure_irc { echo -n '' } function upgrade_irc { echo -n '' } function backup_local_irc { echo -n '' } function restore_local_irc { echo -n '' } function backup_remote_irc { echo -n '' } function restore_remote_irc { echo -n '' } function remove_irc { if [[ $(app_is_installed irc) == "0" ]]; then return fi systemctl stop ngircd apt-get -y remove --purge ngircd apt-get -y remove --purge irssi if [ -d /etc/ngircd ]; then rm -rf /etc/ngircd fi iptables -D INPUT -p tcp --dport $IRC_PORT -j ACCEPT iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT function_check save_firewall_settings save_firewall_settings function_check remove_onion_service remove_onion_service irc ${IRC_ONION_PORT} sed -i '/install_irc/d' $COMPLETION_FILE sed -i '/IRC /d' $COMPLETION_FILE sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE } function configure_firewall_for_irc { if [ ! -d /etc/ngircd ]; then return fi if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi if [[ $ONION_ONLY != "no" ]]; then return fi iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT function_check save_firewall_settings save_firewall_settings OPEN_PORTS+=("IRC $IRC_PORT") echo 'configure_firewall_for_irc' >> $COMPLETION_FILE } function install_irc_server { if grep -Fxq "install_irc_server" $COMPLETION_FILE; then return fi apt-get -y install ngircd if [ ! -d /etc/ngircd ]; then echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" exit 53 fi if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH function_check check_certificates check_certificates ngircd fi DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" fi # create a login password if needed if [ ! $IRC_PASSWORD ]; then IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" fi echo '**************************************************' > /etc/ngircd/motd echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd echo '* *' >> /etc/ngircd/motd echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd echo '**************************************************' >> /etc/ngircd/motd sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf IRC_SALT="$(create_password 30)" if [ -f $IMAGE_PASSWORD_FILE ]; then IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" else IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" fi sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf if [ $IRC_PASSWORD ]; then sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf fi # If we are on a mesh then DNS is not available if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf fi # upgrade a cypher sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf mkdir /var/run/ircd chown -R irc:irc /var/run/ircd mkdir /var/run/ngircd touch /var/run/ngircd/ngircd.pid chown -R irc:irc /var/run/ngircd IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE fi systemctl restart ngircd # keep the daemon running echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo $'IRC Server' >> /home/$MY_USERNAME/README echo '==========' >> /home/$MY_USERNAME/README echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README if [[ $ONION_ONLY != 'yes' ]]; then echo " irssi" >> /home/$MY_USERNAME/README echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README else echo " usetorwith irssi" >> /home/$MY_USERNAME/README echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README fi echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi function_check configure_firewall_for_irc configure_firewall_for_irc echo 'install_irc_server' >> $COMPLETION_FILE } function install_irc_client { if grep -Fxq "install_irc_client" $COMPLETION_FILE; then return fi apt-get -y install irssi if [ ! -d /home/$MY_USERNAME/.irssi ]; then mkdir /home/$MY_USERNAME/.irssi fi echo 'servers = (' > /home/$MY_USERNAME/.irssi/config echo ' {' >> /home/$MY_USERNAME/.irssi/config echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config echo ' },' >> /home/$MY_USERNAME/.irssi/config echo ' {' >> /home/$MY_USERNAME/.irssi/config echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config echo ' },' >> /home/$MY_USERNAME/.irssi/config echo ' {' >> /home/$MY_USERNAME/.irssi/config echo " address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config if [[ $ONION_ONLY == 'no' ]]; then echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config else IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}') echo " port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config echo ' use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config fi echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config if [ $IRC_PASSWORD ]; then echo " password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config fi echo ' }' >> /home/$MY_USERNAME/.irssi/config echo ');' >> /home/$MY_USERNAME/.irssi/config echo '' >> /home/$MY_USERNAME/.irssi/config echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' };' >> /home/$MY_USERNAME/.irssi/config echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' };' >> /home/$MY_USERNAME/.irssi/config echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config echo ' };' >> /home/$MY_USERNAME/.irssi/config echo '};' >> /home/$MY_USERNAME/.irssi/config echo '' >> /home/$MY_USERNAME/.irssi/config echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config echo ');' >> /home/$MY_USERNAME/.irssi/config echo '' >> /home/$MY_USERNAME/.irssi/config echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config echo '};' >> /home/$MY_USERNAME/.irssi/config echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi echo 'install_irc_client' >> $COMPLETION_FILE } function install_irc { if [[ $(app_is_installed irc) == "1" ]]; then return fi install_irc_server install_irc_client install_completed irc } # NOTE: deliberately no exit 0