Newer
Older
#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Zap application
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim social'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
NOT_ON_ONION=1
ZAP_DOMAIN_NAME=
ZAP_CODE=
ZAP_REPO="https://framagit.org/macgirvin/osada"
ZAP_ADDONS_REPO="https://framagit.org/macgirvin/osada-addons.git"
ZAP_ADMIN_PASSWORD=
ZAP_SHORT_DESCRIPTION=$'Nomadic social network server'
ZAP_DESCRIPTION=$'Zap is a full featured social network application running under the Zot6 protocol. It provides enhanced privacy modes and identity/content mirroring across multiple servers ("nomadic identity").'
ZAP_MOBILE_APP_URL='https://f-droid.org/en/packages/com.dfa.hubzilla_android/'
zap_variables=(ONION_ONLY
ZAP_DOMAIN_NAME
ZAP_CODE
DDNS_PROVIDER
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
MY_USERNAME)
function logging_on_zap {
echo -n ''
}
function logging_off_zap {
echo -n ''
}
function remove_user_zap {
remove_username="$1"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp zap
}
function add_user_zap {
if [[ $(app_is_installed zap) == "0" ]]; then
echo '0'
return
fi
new_username="$1"
new_user_password="$2"
"${PROJECT_NAME}-pass" -u "$new_username" -a zap -p "$new_user_password"
echo '0'
}
function install_interactive_zap {
if [[ "$ONION_ONLY" != "no" ]]; then
return
fi
function_check interactive_site_details
interactive_site_details zap
APP_INSTALLED=1
}
function change_password_zap {
# ZAP_USERNAME="$1"
ZAP_PASSWORD="$2"
if [ ${#ZAP_PASSWORD} -lt 8 ]; then
return
fi
# TODO: This doesn't actually change the password
#${PROJECT_NAME}-pass -u $ZAP_USERNAME -a zap -p "$ZAP_PASSWORD"
}
function zap_create_database {
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
ZAP_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
fi
if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
ZAP_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a zap -p "$ZAP_ADMIN_PASSWORD"
if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database zap "$ZAP_ADMIN_PASSWORD"
}
function reconfigure_zap {
echo -n ''
}
function zap_set_permissions {
chown -R www-data:www-data "$ZAP_PATH/doc"
chown -R www-data:www-data "$ZAP_PATH/store"
chmod -R 755 "$ZAP_PATH/store"
chmod 1755 "$ZAP_PATH/store/[data]/smarty3"
chmod 1755 "$ZAP_PATH/view/tpl"
chmod 1755 "$ZAP_PATH/view/tpl/smarty3"
chmod 755 "$ZAP_PATH/.htconfig.php"
}
CURR_ZAP_COMMIT=$(get_completion_param "zap commit")
if [[ "$CURR_ZAP_COMMIT" == "$ZAP_COMMIT" ]]; then
return
fi
function_check set_repo_commit
set_repo_commit "$ZAP_PATH" "zap commit" "$ZAP_COMMIT" $ZAP_REPO
cd ${ZAP_PATH} || exit 34568735
./util/update_addon_repo zaddons
if [ -d "$ZAP_PATH/store/[data]/smarty3/compiled" ]; then
rm -rf "$ZAP_PATH/store/[data]/smarty3/compiled"/*
fi
chown -R www-data:www-data "$ZAP_PATH/extend"
./util/importdoc
}
function backup_local_zap {
zap_path=/var/www/${ZAP_DOMAIN_NAME}/htdocs
if [ -d "$zap_path" ]; then
function_check backup_database_to_usb
backup_database_to_usb zap
backup_directory_to_usb "$zap_path" zap
fi
}
function restore_local_zap {
temp_restore_dir=/root/tempzap
zap_dir=/var/www/${ZAP_DOMAIN_NAME}/htdocs
function_check zap_create_database
zap_create_database
restore_database zap "${ZAP_DOMAIN_NAME}"
if [ -d "$USB_MOUNT/backup/zap" ]; then
if [ ! -d "$zap_dir/store/[data]/smarty3" ]; then
mkdir -p "$zap_dir/store/[data]/smarty3"
fi
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
chown -R www-data:www-data "$zap_dir/"*
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$ZAP_PATH/.htconfig.php"
MARIADB_PASSWORD=
fi
}
function backup_remote_zap {
echo -n ''
}
function restore_remote_zap {
echo -n ''
}
function remove_zap {
if [ ${#ZAP_DOMAIN_NAME} -eq 0 ]; then
return
fi
nginx_dissite "$ZAP_DOMAIN_NAME"
remove_certs "${ZAP_DOMAIN_NAME}"
if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
rm -rf "/var/www/$ZAP_DOMAIN_NAME"
fi
if [ -f "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
fi
function_check drop_database
drop_database zap
sed -i '/zap/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain "$ZAP_DOMAIN_NAME"
}
function install_zap {
if [ ! "$ZAP_DOMAIN_NAME" ]; then
return
fi
if [[ "$ONION_ONLY" != "no" ]]; then
ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
function_check install_mariadb
install_mariadb
if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
remove_zap
fi
function_check get_mariadb_password
get_mariadb_password
function_check repair_databases_script
repair_databases_script
$INSTALL_PACKAGES php-common php-cli php-curl php-gd php-mysql php-mcrypt git
increment_app_install_progress
increment_app_install_progress
if [ ! -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
mkdir "/var/www/$ZAP_DOMAIN_NAME"
fi
if [ ! -d "$ZAP_PATH" ]; then
mkdir -p "$ZAP_PATH"
fi
if [ ! -f "$ZAP_PATH/index.php" ]; then
if [ -d /repos/zap ]; then
mkdir -p "$ZAP_PATH"
cp -r -p /repos/zap/. "$ZAP_PATH"
cd "$ZAP_PATH" || exit 245672478
git pull
else
function_check git_clone
git_clone "$ZAP_REPO" "$ZAP_PATH"
fi
git checkout "$ZAP_COMMIT" -b "$ZAP_COMMIT"
set_completion_param "zap commit" "$ZAP_COMMIT"
chown -R www-data:www-data "$ZAP_PATH"
fi
if [ ! -f "$ZAP_PATH/install/schema_mysql.sql" ]; then
echo $'No database schema found for zap'
exit 252782
fi
zap_create_database
function_check add_ddns_domain
add_ddns_domain "$ZAP_DOMAIN_NAME"
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
function_check nginx_http_redirect
nginx_http_redirect "$ZAP_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root $ZAP_PATH;";
echo " server_name $ZAP_DOMAIN_NAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$ZAP_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$ZAP_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' fastcgi_param HTTPS on;';
echo ' include mime.types;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {';
echo " if (!-e \$request_filename) {";
echo " rewrite ^(.*)\$ /index.php?req=\$1;";
echo ' }';
echo ' }';
echo '';
echo " # make sure webfinger and other well known services aren't blocked";
echo " # by denying dot files and rewrite request to the front controller";
echo ' location ^~ /.well-known/ {';
echo ' allow all;';
echo " if (!-e \$request_filename) {";
echo " rewrite ^(.*)\$ /index.php?req=\$1;";
echo ' }';
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo " # location ~* \\.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)\$ {";
echo ' # expires 30d;';
echo " # try_files \$uri /index.php?req=\$uri&\$args;";
echo ' # }';
echo '';
echo ' # block these file types';
echo " location ~* \\.(tpl|md|tgz|log|out)\$ {";
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo " location ~* \\.php\$ {";
echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo ' # server, which is entirely possible with php-fpm/php-fcgi.';
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri =404;";
echo '';
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo " fastcgi_split_path_info ^(.+\\.php)(/.+)\$;";
echo '';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' fastcgi_read_timeout 300;';
echo '';
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo '';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
function_check create_site_certificate
create_site_certificate "$ZAP_DOMAIN_NAME" 'yes'
if [ ! -d "$ZAP_PATH/view/tpl/smarty3" ]; then
mkdir "$ZAP_PATH/view/tpl/smarty3"
fi
if [ ! -d "$ZAP_PATH/store" ]; then
mkdir "$ZAP_PATH/store"
fi
if [ ! -d "$ZAP_PATH/store/[data]" ]; then
mkdir "$ZAP_PATH/store/[data]"
fi
if [ ! -d "$ZAP_PATH/store/[data]/smarty3" ]; then
mkdir "$ZAP_PATH/store/[data]/smarty3"
# Ensure that the database gets backed up locally, if remote
# backups are not being used
function_check backup_databases_script_header
backup_databases_script_header
function_check backup_database_local
backup_database_local zap
chown -R www-data:www-data "$ZAP_PATH"
function_check nginx_ensite
nginx_ensite "$ZAP_DOMAIN_NAME"
function_check initialise_database
initialise_database zap "$ZAP_PATH/install/schema_mysql.sql"
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
ZAP_LOCATION_HASH="$(create_random_string 30)$(create_random_string 30)$(create_random_string 30)"
{ echo '<?php';
echo '';
echo "\$db_host = '127.0.0.1';";
echo "\$db_port = '0';";
echo "\$db_user = 'root';";
echo "\$db_pass = '${MARIADB_PASSWORD}';";
echo "\$db_data = 'zap';";
echo "\$db_type = '0'; // an integer. 0 or unset for mysql, 1 for postgres";
echo '';
echo "define('NOMADIC',1);";
echo '';
echo "App::\$config['system']['timezone'] = 'Europe/London';";
echo '';
echo "App::\$config['system']['baseurl'] = 'https://${ZAP_DOMAIN_NAME}';";
echo "App::\$config['system']['sitename'] = 'Zap';";
echo "App::\$config['system']['location_hash'] = '${ZAP_LOCATION_HASH}';"
echo '';
echo "App::\$config['system']['transport_security_header'] = 1;";
echo "App::\$config['system']['content_security_policy'] = 1;";
echo "App::\$config['system']['ssl_cookie_protection'] = 1;";
echo '';
echo '// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.';
echo "App::\$config['system']['register_policy'] = REGISTER_OPEN;";
echo "App::\$config['system']['register_text'] = '';";
echo "App::\$config['system']['admin_email'] = '$MY_EMAIL_ADDRESS';";
echo '';
echo "App::\$config['system']['verify_email'] = 0;";
echo '';
echo '// Your choices are ACCESS_PRIVATE, ACCESS_PAID, ACCESS_TIERED, and ACCESS_FREE.';
echo "App::\$config['system']['access_policy'] = ACCESS_PRIVATE;";
echo '';
echo "App::\$config['system']['sellpage'] = '';";
echo '';
echo '// Maximum size of an imported message, 0 is unlimited';
echo '';
echo "App::\$config['system']['max_import_size'] = 200000;";
echo '';
echo "App::\$config['system']['php_path'] = '/usr/bin/php';";
echo '';
echo '// Configure how we communicate with directory servers.';
echo '// DIRECTORY_MODE_NORMAL = directory client, we will find a directory';
echo '// DIRECTORY_MODE_SECONDARY = caching directory or mirror';
echo '// DIRECTORY_MODE_PRIMARY = master directory server - one per realm';
echo '// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services';
echo '';
echo "App::\$config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;";
echo '';
echo "App::\$config['system']['theme'] = 'redbasic';";
echo '';
echo '// Uncomment the following 4 lines to turn on PHP error logging.';
echo '//error_reporting(E_ERROR | E_WARNING | E_PARSE );';
echo "//ini_set('error_log','php.out');";
echo "//ini_set('log_errors','1');";
echo "//ini_set('display_errors', '0');"; } > "$ZAP_PATH/.htconfig.php"
chown www-data:www-data "$ZAP_PATH/.htconfig.php"
chmod 755 "$ZAP_PATH/.htconfig.php"
systemctl restart mariadb
increment_app_install_progress
# shellcheck disable=SC2086
systemctl restart php${PHP_VERSION}-fpm
increment_app_install_progress
increment_app_install_progress
./util/add_addon_repo ${ZAP_ADDONS_REPO} zaddons
chown -R www-data:www-data "$ZAP_PATH/extend"
./util/importdoc
chown -R www-data:www-data "$ZAP_PATH/doc"
echo "*/10 * * * * www-data cd $ZAP_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1" >> /etc/crontab