Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
SHOW_CLEARNET_ADDRESS_ON_ABOUT=0
CRYPTPAD_REPO="https://github.com/xwiki-labs/cryptpad"
CRYPTPAD_COMMIT='d49f787bcd2606f4f4d2c3a5de3708808e6c5cf0'
CRYPTPAD_DOMAIN_NAME=cryptpad.local
CRYPTPAD_SHORT_DESCRIPTION=$'Secure realtime collaboration'
CRYPTPAD_DESCRIPTION=$'Secure realtime collaboration with docs, presentations, drawing and voting. Documents are ephemeral and unless you save them will be deleted when you close the browser.'
cryptpad_variables=(ONION_ONLY
CRYPTPAD_DOMAIN_NAME)
function logging_on_cryptpad {
echo -n ''
}
function logging_off_cryptpad {
echo -n ''
}
function remove_user_cryptpad {
remove_username="$1"
}
function add_user_cryptpad {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_cryptpad {
APP_INSTALLED=1
}
function change_password_cryptpad {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_cryptpad {
if [ -d $CRYPTPAD_DIR/datastore ]; then
rm -rf $CRYPTPAD_DIR/datastore
fi
}
function cryptpad_generate_api_config {
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}
function upgrade_cryptpad {
CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit")
if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then
return
fi
systemctl stop cryptpad
# update to the next commit
function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
rm -rf $CRYPTPAD_DIR/.cache/bower
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
su -c './node_modules/bower/bin/bower update --config.interactive=false' - cryptpad
cryptpad_generate_api_config
if ! grep -q "debug|kanban" /etc/nginx/sites-available/cryptpad; then
sed -i 's@location ~.*@location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban)$ {@g' /etc/nginx/sites-available/cryptpad
if grep -q "location = /cryptpad_websocket {" /etc/nginx/sites-available/cryptpad; then
sed -i 's|location = /cryptpad_websocket {|location ^~ /cryptpad_websocket {|g' /etc/nginx/sites-available/cryptpad
systemctl restart nginx
fi
}
function backup_local_cryptpad {
source_directory=$CRYPTPAD_DIR/datastore
if [ -d $source_directory ]; then
systemctl stop cryptpad
dest_directory=cryptpad
function_check suspend_site
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
systemctl start cryptpad
fi
}
function restore_local_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir cryptpad
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
exit 8736529
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
systemctl start cryptpad
fi
}
function backup_remote_cryptpad {
}
function remove_cryptpad {
systemctl stop cryptpad
systemctl disable cryptpad
if [ -f /etc/systemd/system/cryptpad.service ]; then
rm /etc/systemd/system/cryptpad.service
fi
function_check remove_nodejs
remove_nodejs cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -f /etc/nginx/sites-available/cryptpad ]; then
rm /etc/nginx/sites-available/cryptpad
fi
function_check remove_onion_service
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad
remove_completion_param install_cryptpad
function cryptpad_create_config {
cryptpad_install_type=$1
cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
{ echo '/*@flow*/';
echo '/*';
echo ' globals module';
echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {';
echo " httpAddress: '::',";
echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"';
echo ' },';
echo '';
echo ' contentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain,";
echo '';
echo ' "child-src blob: *",';
echo ' "frame-src blob: *",';
echo ' "media-src * blob:",';
echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '';
echo " \"img-src 'self' data: blob:\" + domain,";
echo '';
echo ' "frame-ancestors *",';
echo " ].join('; '),";
echo '';
echo ' padContentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain,";
echo '';
echo ' "child-src *",';
echo ' "frame-src *",';
echo '';
echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '';
echo ' "img-src * blob:",';
echo " ].join('; '),";
echo '';
echo " httpPort: ${CRYPTPAD_PORT},";
echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '';
echo " websocketPath: '/cryptpad_websocket',";
echo '';
echo ' logToStdout: false,';
echo '';
echo ' verbose: false,';
echo '';
echo ' mainPages: [';
echo " 'index'";
echo ' ],';
echo '';
echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
{ echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo ' customLimits: {';
echo ' },';
echo '';
echo ' adminEmail: false,';
echo '';
echo " storage: './storage/file',";
echo '';
echo " filePath: './datastore/',";
echo " pinPath: './pins',";
echo " blobPath: './blob',";
echo " blobStagingPath: './blobstage',";
echo ' channelExpirationMs: 30000,';
echo ' openFileLimit: 1024,';
echo " rpc: './rpc.js',";
echo ' suppressRPCErrors: false,';
echo ' enableUploads: true,';
echo ' //restrictUploads: false,';
echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' //logFeedback: true,';
echo ' //logRPC: true,';
echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" != "mesh" ]]; then
else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir "$rootdir/var/www/cryptpad"
if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf "$rootdir$CRYPTPAD_DIR"
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " set \$unsafe 0;";
echo " if (\$uri = \"/pad/inner.html\") { set \$unsafe 1; }";
echo " if (\$host != sandbox.cryptpad.info) { set \$unsafe 0; }";
echo " if (\$unsafe) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline' P${PEER_ID}.local\";";
echo ' location ^~ /cryptpad_websocket {';
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' add_header Cache-Control max-age=31536000;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /datastore/ {';
echo ' add_header Cache-Control max-age=0;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > "$cryptpad_nginx_site"
cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
npm install --arch=$NPM_ARCH --build-from-source
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
echo $'Cryptpad config file not found'
exit 628252
fi
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service
}
function install_cryptpad_main {
if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
return
fi
if [ ! -d /var/www/cryptpad ]; then
mkdir /var/www/cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
git pull
else
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
fi
if [ ! -d $CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
{ echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo ' error_page 404 /customize.dist/404.html;';
echo '';
echo " if (\$args ~ ver=) {";
echo " set \$cacheControl max-age=31536000;";
echo ' }';
echo " add_header Cache-Control \$cacheControl;";
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " set \$unsafe 0;";
echo " if (\$uri = \"/pad/inner.html\") { set \$unsafe 1; }";
echo " if (\$host != sandbox.cryptpad.info) { set \$unsafe 0; }";
echo " if (\$unsafe) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline' $CRYPTPAD_ONION_HOSTNAME\";";
echo ' location ^~ /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' add_header Cache-Control max-age=31536000;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /datastore/ {';
echo ' add_header Cache-Control max-age=0;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > $cryptpad_nginx_site
install_completed cryptpad_main
}
function install_cryptpad {
function_check install_nodejs
install_nodejs cryptpad
increment_app_install_progress
increment_app_install_progress
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
su -c './node_modules/bower/bin/bower update --config.interactive=false' - cryptpad
cp config.example.js config.js
if [ ! -f config.js ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service
systemctl daemon-reload
systemctl start cryptpad.service
cryptpad_generate_api_config
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
systemctl restart nginx
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"