Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
SHOW_CLEARNET_ADDRESS_ON_ABOUT=0
CRYPTPAD_REPO="https://github.com/xwiki-labs/cryptpad"
CRYPTPAD_COMMIT='0769452f04a454680c12b1fe818e7fe0002f9a04'
function logging_on_cryptpad {
echo -n ''
}
function logging_off_cryptpad {
echo -n ''
}
function remove_user_cryptpad {
remove_username="$1"
}
function add_user_cryptpad {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_cryptpad {
APP_INSTALLED=1
}
function change_password_cryptpad {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_cryptpad {
if [ -d $CRYPTPAD_DIR/datastore ]; then
rm -rf $CRYPTPAD_DIR/datastore
fi
}
function cryptpad_generate_api_config {
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}
function upgrade_cryptpad {
CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit")
if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then
return
fi
systemctl stop cryptpad
# update to the next commit
function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
rm -rf $CRYPTPAD_DIR/.cache/bower
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
su -c './node_modules/bower/bin/bower update --config.interactive=false' - cryptpad
cryptpad_generate_api_config
if ! grep -q "debug|kanban" /etc/nginx/sites-available/cryptpad; then
sed -i 's@location ~.*@location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban)$ {@g' /etc/nginx/sites-available/cryptpad
if grep -q "location = /cryptpad_websocket {" /etc/nginx/sites-available/cryptpad; then
sed -i 's|location = /cryptpad_websocket {|location ^~ /cryptpad_websocket {|g' /etc/nginx/sites-available/cryptpad
systemctl restart nginx
fi
}
function backup_local_cryptpad {
source_directory=$CRYPTPAD_DIR/datastore
if [ -d $source_directory ]; then
systemctl stop cryptpad
dest_directory=cryptpad
function_check suspend_site
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
systemctl start cryptpad
fi
}
function restore_local_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir cryptpad
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
exit 8736529
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
systemctl start cryptpad
fi
}
function backup_remote_cryptpad {
temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad
function_check suspend_site
echo $"Backing up Cryptpad installation"
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir cryptpad
function_check restart_site
restart_site
systemctl start cryptpad
else
echo $"cryptpad domain specified but not found in ${temp_backup_dir}"
fi
fi
}
function restore_remote_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_friend $temp_restore_dir cryptpad
if [ ! -d $temp_restore_dir$CRYPTPAD_DIR/datastore ]; then
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
return
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
fi
rm -rf $temp_restore_dir
systemctl start cryptpad
fi
}
function remove_cryptpad {
systemctl stop cryptpad
systemctl disable cryptpad
if [ -f /etc/systemd/system/cryptpad.service ]; then
rm /etc/systemd/system/cryptpad.service
fi
function_check remove_nodejs
remove_nodejs cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -f /etc/nginx/sites-available/cryptpad ]; then
rm /etc/nginx/sites-available/cryptpad
fi
function_check remove_onion_service
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad
remove_completion_param install_cryptpad
function cryptpad_create_config {
cryptpad_install_type=$1
cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
{ echo '/*@flow*/';
echo '/*';
echo ' globals module';
echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {';
echo " httpAddress: '::',";
echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"';
echo ' },';
echo '';
echo ' contentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain,";
echo '';
echo ' "child-src blob: *",';
echo ' "frame-src blob: *",';
echo ' "media-src * blob:",';
echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '';
echo " \"img-src 'self' data: blob:\" + domain,";
echo '';
echo ' "frame-ancestors *",';
echo " ].join('; '),";
echo '';
echo ' padContentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain,";
echo '';
echo ' "child-src *",';
echo ' "frame-src *",';
echo '';
echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '';
echo ' "img-src * blob:",';
echo " ].join('; '),";
echo '';
echo " httpPort: ${CRYPTPAD_PORT},";
echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '';
echo " websocketPath: '/cryptpad_websocket',";
echo '';
echo ' logToStdout: false,';
echo '';
echo ' verbose: false,';
echo '';
echo ' mainPages: [';
echo " 'index'";
echo ' ],';
echo '';
echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
{ echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo ' customLimits: {';
echo ' },';
echo '';
echo ' adminEmail: false,';
echo '';
echo " storage: './storage/file',";
echo '';
echo " filePath: './datastore/',";
echo " pinPath: './pins',";
echo " blobPath: './blob',";
echo " blobStagingPath: './blobstage',";
echo ' channelExpirationMs: 30000,';
echo ' openFileLimit: 1024,';
echo " rpc: './rpc.js',";
echo ' suppressRPCErrors: false,';
echo ' enableUploads: true,';
echo ' //restrictUploads: false,';
echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' //logFeedback: true,';
echo ' //logRPC: true,';
echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" != "mesh" ]]; then
else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir "$rootdir/var/www/cryptpad"
if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf "$rootdir$CRYPTPAD_DIR"
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " set \$unsafe 0;";
echo " if (\$uri = \"/pad/inner.html\") { set \$unsafe 1; }";
echo " if (\$host != sandbox.cryptpad.info) { set \$unsafe 0; }";
echo " if (\$unsafe) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline' P${PEER_ID}.local\";";
echo ' location ^~ /cryptpad_websocket {';
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' add_header Cache-Control max-age=31536000;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /datastore/ {';
echo ' add_header Cache-Control max-age=0;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > "$cryptpad_nginx_site"
cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
npm install --arch=$NPM_ARCH --build-from-source
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
echo $'Cryptpad config file not found'
exit 628252
fi
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service
}
function install_cryptpad_main {
if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
return
fi
if [ ! -d /var/www/cryptpad ]; then
mkdir /var/www/cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR
git pull
else
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
fi
if [ ! -d $CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
{ echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo ' error_page 404 /customize.dist/404.html;';
echo '';
echo " if (\$args ~ ver=) {";
echo " set \$cacheControl max-age=31536000;";
echo ' }';
echo " add_header Cache-Control \$cacheControl;";
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " set \$unsafe 0;";
echo " if (\$uri = \"/pad/inner.html\") { set \$unsafe 1; }";
echo " if (\$host != sandbox.cryptpad.info) { set \$unsafe 0; }";
echo " if (\$unsafe) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline' $CRYPTPAD_ONION_HOSTNAME\";";
echo ' location ^~ /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' add_header Cache-Control max-age=31536000;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /datastore/ {';
echo ' add_header Cache-Control max-age=0;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > $cryptpad_nginx_site
install_completed cryptpad_main
}
function install_cryptpad {
function_check install_nodejs
install_nodejs cryptpad
install_cryptpad_main
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
su -c './node_modules/bower/bin/bower update --config.interactive=false' - cryptpad
cp config.example.js config.js
if [ ! -f config.js ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service
systemctl daemon-reload
systemctl start cryptpad.service
cryptpad_generate_api_config
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
systemctl restart nginx
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"