Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# privatebin application
#
# License
# =======
#
# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
PRIVATEBIN_DOMAIN_NAME=
PRIVATEBIN_CODE=
PRIVATEBIN_ONION_PORT=8150
PRIVATEBIN_REPO="https://github.com/PrivateBin/PrivateBin"
PRIVATEBIN_COMMIT='9c132cd839fd5e91da18e4a1e8ebef64fce605fb'
PRIVATEBIN_ADMIN_PASSWORD=
privatebin_variables=(ONION_ONLY
PRIVATEBIN_DOMAIN_NAME
PRIVATEBIN_CODE
DDNS_PROVIDER
MY_USERNAME)
function secure_privatebin {
pbpath="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
pbdata="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
htgroup='www-data'
rootuser='root'
find "${pbpath}/" -type f -print0 | xargs -0 chmod 0640
find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
find "${pbdata}/" -type f -print0 | xargs -0 chmod 0640
find "${pbdata}/" -type d -print0 | xargs -0 chmod 0750
chown -R ${rootuser}:${htgroup} "${pbpath}/"
}
function logging_on_privatebin {
echo -n ''
}
function logging_off_privatebin {
echo -n ''
}
function remove_user_privatebin {
remove_username="$1"
}
function add_user_privatebin {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_privatebin {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
PRIVATEBIN_DOMAIN_NAME='privatebin.local'
else
PRIVATEBIN_DETAILS_COMPLETE=
while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \
--form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
$"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
2> $data
else
dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \
--form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
2> $data
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
PRIVATEBIN_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then
PRIVATEBIN_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
PRIVATEBIN_CODE=$(cat $data | sed -n 2p)
validate_freedns_code "$PRIVATEBIN_CODE"
if [ ! $VALID_CODE ]; then
PRIVATEBIN_DOMAIN_NAME=
fi
fi
fi
fi
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
PRIVATEBIN_DETAILS_COMPLETE="yes"
fi
done
write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
fi
write_config_param "PRIVATEBIN_DOMAIN_NAME" "$PRIVATEBIN_DOMAIN_NAME"
APP_INSTALLED=1
}
function change_password_privatebin {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_privatebin {
echo -n ''
}
function upgrade_privatebin {
CURR_PRIVATEBIN_COMMIT=$(get_completion_param "privatebin commit")
if [[ "$CURR_PRIVATEBIN_COMMIT" == "$PRIVATEBIN_COMMIT" ]]; then
return
fi
if grep -q "privatebin domain" $COMPLETION_FILE; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO
secure_privatebin
}
function backup_local_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin'
if grep -q "privatebin domain" $COMPLETION_FILE; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check suspend_site
suspend_site ${PRIVATEBIN_DOMAIN_NAME}
function_check backup_directory_to_usb
dest_directory=privatebin
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
}
function restore_local_privatebin {
if ! grep -q "privatebin domain" $COMPLETION_FILE; then
return
fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
echo $"Restoring privatebin"
temp_restore_dir=/root/tempprivatebin
privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$privatebin_dir ]; then
cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
else
cp -rp $temp_restore_dir/* $privatebin_dir/
fi
secure_privatebin
rm -rf $temp_restore_dir
fi
echo $"Restore of privatebin complete"
fi
}
function backup_remote_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin'
if grep -q "privatebin domain" $COMPLETION_FILE; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check suspend_site
suspend_site ${PRIVATEBIN_DOMAIN_NAME}
function_check backup_directory_to_friend
dest_directory=privatebin
backup_directory_to_friend $source_directory $dest_directory
function_check restart_site
restart_site
}
function restore_remote_privatebin {
if ! grep -q "privatebin domain" $COMPLETION_FILE; then
return
fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
temp_restore_dir=/root/tempprivatebin
privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$privatebin_dir ]; then
cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
else
cp -rp $temp_restore_dir/* $privatebin_dir/
fi
secure_privatebin
rm -rf $temp_restore_dir
fi
fi
}
function remove_privatebin {
if [ ${#PRIVATEBIN_DOMAIN_NAME} -eq 0 ]; then
return
fi
read_config_param "PRIVATEBIN_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $PRIVATEBIN_DOMAIN_NAME"
nginx_dissite $PRIVATEBIN_DOMAIN_NAME
remove_certs $PRIVATEBIN_DOMAIN_NAME
if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME
fi
if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
fi
function_check remove_onion_service
remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
if grep -q "privatebin" /etc/crontab; then
sed -i "/privatebin/d" /etc/crontab
fi
remove_app privatebin
remove_completion_param install_privatebin
sed -i '/privatebin/d' $COMPLETION_FILE
function_check remove_ddns_domain
remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME
}
function install_privatebin {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then
echo $'No domain name was given for privatebin'
exit 7359
fi
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
apt-get -yq install php-libsodium libsodium18 php-mcrypt
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME
fi
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
if [ -d /repos/privatebin ]; then
mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone privatebin repo'
exit 63763873
fi
fi
cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT
set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
function_check add_ddns_domain
add_ddns_domain $PRIVATEBIN_DOMAIN_NAME
PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php"
echo 'server {' >> $privatebin_nginx_site
echo ' listen 443 ssl;' >> $privatebin_nginx_site
echo ' listen [::]:443 ssl;' >> $privatebin_nginx_site
echo " server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
function_check nginx_compress
nginx_compress $PRIVATEBIN_DOMAIN_NAME
echo '' >> $privatebin_nginx_site
echo ' # Security' >> $privatebin_nginx_site
function_check nginx_ssl
nginx_ssl $PRIVATEBIN_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Logs' >> $privatebin_nginx_site
echo ' access_log /dev/null;' >> $privatebin_nginx_site
echo ' error_log /dev/null;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' index index.php;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' location ~ \.php {' >> $privatebin_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Location' >> $privatebin_nginx_site
echo ' location / {' >> $privatebin_nginx_site
function_check nginx_limits
nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site
echo ' deny all;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '}' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
else
echo -n '' > $privatebin_nginx_site
fi
echo 'server {' >> $privatebin_nginx_site
echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site
echo " server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
function_check nginx_compress
nginx_compress $PRIVATEBIN_DOMAIN_NAME
echo '' >> $privatebin_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
echo '' >> $privatebin_nginx_site
echo ' # Logs' >> $privatebin_nginx_site
echo ' access_log /dev/null;' >> $privatebin_nginx_site
echo ' error_log /dev/null;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' index index.php;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' location ~ \.php {' >> $privatebin_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Location' >> $privatebin_nginx_site
echo ' location / {' >> $privatebin_nginx_site
function_check nginx_limits
nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site
echo ' deny all;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '}' >> $privatebin_nginx_site
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes'
function_check nginx_ensite
nginx_ensite $PRIVATEBIN_DOMAIN_NAME
cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
# Change some defaults
sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|limit =.*|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php