#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Radicale calendar system # # Configuration based upon: # https://gigacog.com/blog/2016/01/radicale-and-uwsgi-on-nginx-with-systemd # # License # ======= # # Copyright (C) 2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='full full-vim' IN_DEFAULT_INSTALL=1 SHOW_ON_ABOUT=1 RADICALE_PASSWORD= RADICALE_ONION_PORT=8106 RADICALE_PORT=5232 RADICALE_DIRECTORY='/etc/radicale' radicale_variables=(ONION_ONLY MY_USERNAME RADICALE_PASSWORD DEFAULT_DOMAIN_NAME) function remove_user_radicale { remove_username="$1" if grep "$remove_username:" ${RADICALE_DIRECTORY}/users; then sed -i "/$remove_username:/d" ${RADICALE_DIRECTORY}/users systemctl reload radicale fi } function add_user_radicale { new_username="$1" new_user_password="$2" if [ ! -f ${RADICALE_DIRECTORY}/users ]; then touch ${RADICALE_DIRECTORY}/users fi if ! grep "$new_username:" ${RADICALE_DIRECTORY}/users; then htpasswd -bd ${RADICALE_DIRECTORY}/users "$new_username" "$new_user_password" systemctl reload radicale fi echo '0' } function install_interactive_radicale { echo -n '' APP_INSTALLED=1 } function change_password_radicale { echo -n '' } function reconfigure_radicale { echo -n '' } function upgrade_radicale { if [ -f /etc/init.d/radicale ]; then systemctl stop radicale rm /etc/init.d/radicale systemctl daemon-reload systemctl start radicale fi } function backup_local_radicale { source_directory=${RADICALE_DIRECTORY} if [ -d $source_directory ]; then dest_directory=radicale function_check backup_directory_to_usb backup_directory_to_usb $source_directory $dest_directory fi } function restore_local_radicale { if [ -d ${RADICALE_DIRECTORY} ]; then temp_restore_dir=/root/tempradicale function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir radicale cp -r $temp_restore_dir${RADICALE_DIRECTORY}/* ${RADICALE_DIRECTORY} if [ ! "$?" = "0" ]; then function_check backup_unmount_drive backup_unmount_drive exit 46872 fi rm -rf $temp_restore_dir systemctl restart radicale fi } function backup_remote_radicale { if [ -d ${RADICALE_DIRECTORY} ]; then echo $"Backing up the radicale settings" backup_directory_to_friend ${RADICALE_DIRECTORY} radicale echo $"Backup of radicale settings complete" fi } function restore_remote_radicale { if [ -d ${RADICALE_DIRECTORY} ]; then temp_restore_dir=/root/tempradicale function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir radicale cp -r $temp_restore_dir${RADICALE_DIRECTORY}/* ${RADICALE_DIRECTORY} if [ ! "$?" = "0" ]; then exit 463735 fi rm -rf $temp_restore_dir systemctl restart radicale fi } function configure_firewall_for_radicale { if [ ! -d ${RADICALE_DIRECTORY} ]; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi if [[ $ONION_ONLY != "no" ]]; then return fi firewall_add radicale ${RADICALE_PORT} tcp mark_completed $FUNCNAME } function remove_radicale { nginx_dissite radicale systemctl stop radicale systemctl stop uwsgi_rundir systemctl disable radicale systemctl disable uwsgi_rundir if [ -f /etc/systemd/system/uwsgi_rundir.service ]; then rm /etc/systemd/system/uwsgi_rundir.service fi if [ -f /etc/systemd/system/radicale.service ]; then rm /etc/systemd/system/radicale.service fi if [ -f /etc/nginx/sites-available/radicale ]; then rm /etc/nginx/sites-available/radicale fi if [ -f /usr/local/bin/uwsgi_rundir.sh ]; then rm /usr/local/bin/uwsgi_rundir.sh fi firewall_remove ${RADICALE_PORT} tcp function_check remove_onion_service remove_onion_service radicale ${RADICALE_ONION_PORT} apt-get -yq remove --purge radicale python-radicale if [ -d ${RADICALE_DIRECTORY} ]; then rm -rf ${RADICALE_DIRECTORY} fi if [ -d /var/www/radicale ]; then rm -rf /var/www/radicale fi if [ -f touch /var/log/radicale/radicale.log ]; then rm -rf /var/log/radicale fi if [ -d /var/log/radicale ]; then rm -rf /var/log/radicale fi remove_completion_param install_radicale sed -i '/radicale/d' $COMPLETION_FILE sed -i '/Radicale/d' /home/$MY_USERNAME/README } function install_radicale { if [[ $ONION_ONLY == 'no' ]]; then # obtain a cert for the default domain if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then echo $'Obtaining certificate for the main domain' create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' fi fi if [ ! -d /var/log/radicale ]; then mkdir /var/log/radicale fi if [ ! -f /var/log/radicale/radicale.log ]; then touch /var/log/radicale/radicale.log fi chown -R www-data:www-data /var/log/radicale apt-get -yq install python-radicale uwsgi uwsgi-plugin-python radicale apache2-utils if [ ! -d ${RADICALE_DIRECTORY} ]; then echo $"ERROR: radicale does not appear to have installed" exit 46372 fi systemctl stop radicale if [ -f /etc/init.d/radicale ]; then rm /etc/init.d/radicale fi if [ ! -d ${RADICALE_DIRECTORY}/collections ]; then mkdir -p ${RADICALE_DIRECTORY}/collections fi chown www-data:www-data ${RADICALE_DIRECTORY}/collections echo '[server]' > ${RADICALE_DIRECTORY}/config echo 'hosts=127.0.0.1:52322' >> ${RADICALE_DIRECTORY}/config echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config echo '' >> ${RADICALE_DIRECTORY}/config echo '[auth]' >> ${RADICALE_DIRECTORY}/config echo 'type = htpasswd' >> ${RADICALE_DIRECTORY}/config echo "htpasswd_filename = ${RADICALE_DIRECTORY}/users" >> ${RADICALE_DIRECTORY}/config echo 'htpasswd_encryption = crypt' >> ${RADICALE_DIRECTORY}/config echo '' >> ${RADICALE_DIRECTORY}/config echo '[rights]' >> ${RADICALE_DIRECTORY}/config echo 'type = owner_only' >> ${RADICALE_DIRECTORY}/config echo '' >> ${RADICALE_DIRECTORY}/config echo '[storage]' >> ${RADICALE_DIRECTORY}/config echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config echo "filesystem_folder = ${RADICALE_DIRECTORY}/collections" >> ${RADICALE_DIRECTORY}/config if [ ${#RADICALE_PASSWORD} -lt 8 ]; then if [ -f $IMAGE_PASSWORD_FILE ]; then RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" else RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" fi fi add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD" if [ ! -f /var/www/radicale ]; then mkdir /var/www/radicale fi #echo 'import radicale' > /var/www/radicale/radicale.py #echo 'radicale.log.start()' >> /var/www/radicale/radicale.py #echo 'application = radicale.Application()' >> /var/www/radicale/radicale.py #echo '[uwsgi]' > /var/www/radicale/uwsgi.ini #echo 'plugins = python' >> /var/www/radicale/uwsgi.ini #echo 'socket = /var/run/uwsgi/radicale.sock' >> /var/www/radicale/uwsgi.ini #echo 'chmod-socket = 660' >> /var/www/radicale/uwsgi.ini #echo '' >> /var/www/radicale/uwsgi.ini #echo 'wsgi-file = /var/www/radicale/radicale.py' >> /var/www/radicale/uwsgi.ini #echo 'master' >> /var/www/radicale/uwsgi.ini #echo 'workers = 1' >> /var/www/radicale/uwsgi.ini #echo 'max-requests = 100' >> /var/www/radicale/uwsgi.ini #echo 'harakiri = 30' >> /var/www/radicale/uwsgi.ini #echo 'die-on-term' >> /var/www/radicale/uwsgi.ini #echo '#!/bin/sh' > /usr/local/bin/uwsgi_rundir.sh #echo 'mkdir -p /var/run/uwsgi' >> /usr/local/bin/uwsgi_rundir.sh #echo 'chown www-data:www-data /var/run/uwsgi' >> /usr/local/bin/uwsgi_rundir.sh #chmod +x /usr/local/bin/uwsgi_rundir.sh #echo '[Unit]' > /etc/systemd/system/uwsgi_rundir.service #echo 'Description=UWSGI socket directory' >> /etc/systemd/system/uwsgi_rundir.service #echo 'After=network.target' >> /etc/systemd/system/uwsgi_rundir.service #echo '' >> /etc/systemd/system/uwsgi_rundir.service #echo '[Service]' >> /etc/systemd/system/uwsgi_rundir.service #echo 'Type=simple' >> /etc/systemd/system/uwsgi_rundir.service #echo 'User=root' >> /etc/systemd/system/uwsgi_rundir.service #echo 'ExecStart=/usr/local/bin/uwsgi_rundir.sh' >> /etc/systemd/system/uwsgi_rundir.service #echo '' >> /etc/systemd/system/uwsgi_rundir.service #echo '[Install]' >> /etc/systemd/system/uwsgi_rundir.service #echo 'WantedBy=multi-user.target' >> /etc/systemd/system/uwsgi_rundir.service #systemctl enable uwsgi_rundir echo '[Unit]' > /etc/systemd/system/radicale.service echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service echo 'After=network.target' >> /etc/systemd/system/radicale.service #echo 'Requires=uwsgi_rundir.service' >> /etc/systemd/system/radicale.service echo '' >> /etc/systemd/system/radicale.service echo '[Service]' >> /etc/systemd/system/radicale.service echo 'Type=simple' >> /etc/systemd/system/radicale.service echo 'User=www-data' >> /etc/systemd/system/radicale.service echo 'Group=www-data' >> /etc/systemd/system/radicale.service echo "ExecStart=/usr/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service echo '' >> /etc/systemd/system/radicale.service echo '[Install]' >> /etc/systemd/system/radicale.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service systemctl enable radicale systemctl start radicale RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT}) if [[ $ONION_ONLY == 'no' ]]; then echo 'server {' > /etc/nginx/sites-available/radicale echo " listen ${RADICALE_PORT} ssl;" >> /etc/nginx/sites-available/radicale echo " listen [::]:${RADICALE_PORT} ssl;" >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale function_check nginx_ssl nginx_ssl radicale function_check nginx_disable_sniffing nginx_disable_sniffing radicale echo '' >> /etc/nginx/sites-available/radicale echo " server_name $DEFAULT_DOMAIN_NAME;" >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale echo ' access_log /dev/null;' >> /etc/nginx/sites-available/radicale echo ' error_log /var/log/radicale/radicale.log warn;' >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale echo ' location / {' >> /etc/nginx/sites-available/radicale echo ' proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/radicale #echo ' uwsgi_pass unix:/var/run/uwsgi/radicale.sock;' >> /etc/nginx/sites-available/radicale #echo ' include uwsgi_params;' >> /etc/nginx/sites-available/radicale echo ' }' >> /etc/nginx/sites-available/radicale echo '}' >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale else echo -n '' > /etc/nginx/sites-available/radicale fi echo 'server {' >> /etc/nginx/sites-available/radicale echo " listen 127.0.0.1:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale echo " server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale echo ' access_log /dev/null;' >> /etc/nginx/sites-available/radicale echo ' error_log /var/log/radicale/radicale.log warn;' >> /etc/nginx/sites-available/radicale echo '' >> /etc/nginx/sites-available/radicale echo ' location / {' >> /etc/nginx/sites-available/radicale echo ' proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/radicale #echo ' uwsgi_pass unix:/var/run/uwsgi/radicale.sock;' >> /etc/nginx/sites-available/radicale #echo ' include uwsgi_params;' >> /etc/nginx/sites-available/radicale echo ' }' >> /etc/nginx/sites-available/radicale echo '}' >> /etc/nginx/sites-available/radicale if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale fi sed -i "s|radicale.key|${DEFAULT_DOMAIN_NAME}.key|g" /etc/nginx/sites-available/radicale sed -i "s|radicale.dhparam|${DEFAULT_DOMAIN_NAME}.dhparam|g" /etc/nginx/sites-available/radicale # create a certificate #if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then # if [[ "$(cert_exists $DEFAULT_DOMAIN_NAME)" == "0" ]]; then # ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH} # check_certificates $DEFAULT_DOMAIN_NAME # fi #fi update_default_domain nginx_ensite radicale systemctl reload nginx set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}" if ! grep -q "# Radicale" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo $'# Radicale' >> /home/$MY_USERNAME/README echo $"Radicale onion domain: ${RADICALE_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README echo $"Your Radicale password is: ${RADICALE_PASSWORD}" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README else sed -i "s|Radicale onion domain.*|Radicale onion domain: ${RADICALE_ONION_HOSTNAME}|g" /home/$MY_USERNAME/README sed -i "s|Your Radicale password is.*|Your Radicale password is: ${RADICALE_PASSWORD}|g" /home/$MY_USERNAME/README fi function_check configure_firewall_for_radicale configure_firewall_for_radicale APP_INSTALLED=1 } # NOTE: deliberately no exit 0