Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# privatebin application
#
# License
# =======
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
PRIVATEBIN_DOMAIN_NAME=
PRIVATEBIN_CODE=
PRIVATEBIN_ONION_PORT=8150
PRIVATEBIN_REPO="https://github.com/PrivateBin/PrivateBin"
PRIVATEBIN_COMMIT='9c132cd839fd5e91da18e4a1e8ebef64fce605fb'
PRIVATEBIN_ADMIN_PASSWORD=
PRIVATEBIN_SHORT_DESCRIPTION=$'Zero knowledge pastebin'
PRIVATEBIN_DESCRIPTION=$'Zero knowledge pastebin'
privatebin_variables=(ONION_ONLY
PRIVATEBIN_DOMAIN_NAME
PRIVATEBIN_CODE
DDNS_PROVIDER
MY_USERNAME)
function upgrade_distro_privatebin {
target_distro="$1"
if [[ "$target_distro" == 'buster' ]]; then
echo -n ''
fi
}
function secure_privatebin {
pbpath="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
pbdata="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
htgroup='www-data'
rootuser='root'
find "${pbpath}/" -type f -print0 | xargs -0 chmod 0640
find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
chown -R ${rootuser}:${htgroup} "${pbpath}/"
}
function logging_on_privatebin {
echo -n ''
}
function logging_off_privatebin {
echo -n ''
}
function remove_user_privatebin {
echo '0'
}
function install_interactive_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin.local'
else
PRIVATEBIN_DETAILS_COMPLETE=
while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
do
dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \
--form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
2> "$data"
PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
PRIVATEBIN_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
validate_domain_name
PRIVATEBIN_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
fi
fi
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
PRIVATEBIN_DETAILS_COMPLETE="yes"
fi
done
fi
write_config_param "PRIVATEBIN_DOMAIN_NAME" "$PRIVATEBIN_DOMAIN_NAME"
APP_INSTALLED=1
}
function change_password_privatebin {
}
function reconfigure_privatebin {
echo -n ''
}
function upgrade_privatebin {
if grep -q "privatebin domain" "$COMPLETION_FILE"; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
chmod 755 "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
CURR_PRIVATEBIN_COMMIT=$(get_completion_param "privatebin commit")
if [[ "$CURR_PRIVATEBIN_COMMIT" == "$PRIVATEBIN_COMMIT" ]]; then
return
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
secure_privatebin
}
function backup_local_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin'
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
function_check backup_directory_to_usb
dest_directory=privatebin
function_check restart_site
restart_site
}
function restore_local_privatebin {
return
fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
echo $"Restoring privatebin"
temp_restore_dir=/root/tempprivatebin
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then
cp -rp "$temp_restore_dir$privatebin_dir/"* "$privatebin_dir/"
fi
secure_privatebin
rm -rf $temp_restore_dir
fi
echo $"Restore of privatebin complete"
fi
}
function backup_remote_privatebin {
}
function remove_privatebin {
if [ ${#PRIVATEBIN_DOMAIN_NAME} -eq 0 ]; then
return
fi
read_config_param "PRIVATEBIN_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $PRIVATEBIN_DOMAIN_NAME"
nginx_dissite "$PRIVATEBIN_DOMAIN_NAME"
remove_certs "$PRIVATEBIN_DOMAIN_NAME"
if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME"
if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME"
fi
function_check remove_onion_service
remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
if grep -q "privatebin" /etc/crontab; then
sed -i "/privatebin/d" /etc/crontab
fi
remove_app privatebin
remove_completion_param install_privatebin
$INSTALL_PACKAGES php-gettext php-curl php-gd php-mysql git curl
increment_app_install_progress
$INSTALL_PACKAGES memcached php-memcached php-intl exiftool libfcgi0ldbl
increment_app_install_progress
$INSTALL_PACKAGES php-libsodium libsodium18 php-mcrypt
if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME"
cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 34
git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24
set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $PRIVATEBIN_DOMAIN_NAME;";
echo ''; } >> "$privatebin_nginx_site"
nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
echo '' >> "$privatebin_nginx_site"
echo ' # Security' >> "$privatebin_nginx_site"
function_check nginx_security_options
nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.php;';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$privatebin_nginx_site"
{ echo " try_files \$uri \$uri/ @privatebin;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "$privatebin_nginx_site"
{ echo 'server {';
echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;";
echo " server_name $PRIVATEBIN_ONION_HOSTNAME;";
echo ''; } >> "$privatebin_nginx_site"
nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
echo '' >> "$privatebin_nginx_site"
function_check nginx_security_options
nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.php;';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$privatebin_nginx_site"
{ echo " try_files \$uri \$uri/ @privatebin;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "$privatebin_nginx_site"
cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
# shellcheck disable=SC2086
systemctl restart php${PHP_VERSION}-fpm
increment_app_install_progress
systemctl restart nginx
set_completion_param "privatebin domain" "$PRIVATEBIN_DOMAIN_NAME"
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"