Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Riot Web user interface for Matrix
#
# License
# =======
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim chat'
RIOT_HASH='f1b0187133037401530bb698a6536d184a551c20ab9f145af010398e1133d9e6'
RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
RIOT_ONION_PORT=8115
RIOT_ONION_HOSTNAME=
RIOT_DOMAIN_NAME=
RIOT_CODE=
RIOT_SHORT_DESCRIPTION=$'Web based client for Matrix'
RIOT_DESCRIPTION=$'Web based client for Matrix'
RIOT_MOBILE_APP_URL='https://f-droid.org/packages/im.vector.alpha'
riot_variables=(MY_USERNAME
RIOT_DOMAIN_NAME
MATRIX_DOMAIN_NAME
SYSTEM_TYPE
function upgrade_distro_riot {
target_distro="$1"
if [[ "$target_distro" == 'buster' ]]; then
echo -n ''
fi
}
function riot_set_default_homeserver {
if [ ! "$RIOT_DOMAIN_NAME" ]; then
read_config_param RIOT_DOMAIN_NAME
fi
if [[ "$ONION_ONLY" == 'no' ]]; then
if [ ! "$MATRIX_DOMAIN_NAME" ]; then
read_config_param MATRIX_DOMAIN_NAME
fi
if [ -f "/var/www/$RIOT_DOMAIN_NAME/htdocs/config.$RIOT_DOMAIN_NAME.json" ]; then
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${RIOT_DOMAIN_NAME}\",|g" "/var/www/$RIOT_DOMAIN_NAME/htdocs/config.$RIOT_DOMAIN_NAME.json"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${RIOT_DOMAIN_NAME}\",|g" "/var/www/$RIOT_DOMAIN_NAME/htdocs/config.$RIOT_DOMAIN_NAME.json"
fi
sed -i "s|https://matrix.org|https://$MATRIX_DOMAIN_NAME|g" /var/www/$RIOT_DOMAIN_NAME/htdocs/bundles/*/*.js
sed -i "s|https://vector.im|https://$MATRIX_DOMAIN_NAME|g" /var/www/$RIOT_DOMAIN_NAME/htdocs/bundles/*/*.js
else
if [ -f "/var/www/$RIOT_DOMAIN_NAME/htdocs/config.$MATRIX_ONION_HOSTNAME.json" ]; then
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_ONION_HOSTNAME}\",|g" "/var/www/$RIOT_DOMAIN_NAME/htdocs/config.$MATRIX_ONION_HOSTNAME.json"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_ONION_HOSTNAME}\",|g" "/var/www/$RIOT_DOMAIN_NAME/htdocs/config.$MATRIX_ONION_HOSTNAME.json"
fi
if [ -f /var/lib/tor/hidden_service_matrix/hostname ]; then
MATRIX_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_matrix/hostname)
sed -i "s|https://matrix.org|http://$MATRIX_ONION_HOSTNAME|g" /var/www/$RIOT_DOMAIN_NAME/htdocs/bundles/*/*.js
sed -i "s|https://vector.im|http://$MATRIX_ONION_HOSTNAME|g" /var/www/$RIOT_DOMAIN_NAME/htdocs/bundles/*/*.js
function logging_on_riot {
echo -n ''
}
function logging_off_riot {
echo -n ''
}
function remove_user_riot {
echo -n ''
}
function add_user_riot {
echo '0'
}
function riot_remove_bad_links {
sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
}
RIOT_DOMAIN_NAME='riot.local'
else
RIOT_DETAILS_COMPLETE=
while [ ! $RIOT_DETAILS_COMPLETE ]
do
dialog --backtitle $"Freedombone Configuration" \
--title $"Riot Web user interface for Matrix" \
--form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
$"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
2> "$data"
RIOT_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$RIOT_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME
validate_domain_name
RIOT_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
fi
fi
if [ $RIOT_DOMAIN_NAME ]; then
RIOT_DETAILS_COMPLETE="yes"
fi
done
fi
write_config_param "RIOT_DOMAIN_NAME" "$RIOT_DOMAIN_NAME"
APP_INSTALLED=1
}
function reconfigure_riot {
echo -n ''
}
if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz"
cd "$INSTALL_DIR" || exit 24
# check the hash
curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}')
if [[ "$curr_hash" != "$RIOT_HASH" ]]; then
echo $'Riot download hash does not match'
cp -r "$INSTALL_DIR/${RIOT_FILENAME}/"* "/var/www/$RIOT_DOMAIN_NAME/htdocs"
read_config_param RIOT_DOMAIN_NAME
riot_nginx_site=/etc/nginx/sites-available/$RIOT_DOMAIN_NAME
if ! grep -q 'req_limit_per_ip burst=50 ' "$riot_nginx_site"; then
sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=50 nodelay;|g' "$riot_nginx_site"
fi
CURR_RIOT_VERSION=$(get_completion_param "riot version")
echo "riot current version: ${CURR_RIOT_VERSION}"
echo "riot app version: ${RIOT_VERSION}"
if [[ "${CURR_RIOT_VERSION}" == "${RIOT_VERSION}" ]]; then
return
fi
riot_download
sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}"
read_config_param ONION_ONLY
riot_set_default_homeserver
read_config_param MATRIX_DOMAIN_NAME
riot_config_file="/var/www/${RIOT_DOMAIN_NAME}/htdocs/config.${RIOT_DOMAIN_NAME}.json"
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
}
function backup_local_riot {
echo -n ''
}
function restore_local_riot {
echo -n ''
}
function backup_remote_riot {
echo -n ''
}
function restore_remote_riot {
echo -n ''
}
function remove_riot {
function_check remove_onion_service
remove_onion_service riot ${RIOT_ONION_PORT}
nginx_dissite $RIOT_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$RIOT_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$RIOT_DOMAIN_NAME
fi
if [ -d /var/www/$RIOT_DOMAIN_NAME ]; then
rm -rf /var/www/$RIOT_DOMAIN_NAME
fi
# shellcheck disable=SC2086
check_ram_availability $MATRIX_MINIMUM_RAM_MB
fi
if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then
function_check get_completion_param
MATRIX_ONION_DOMAIN_NAME=$(get_completion_param "matrix onion domain")
if [ ! -d /var/www/$RIOT_DOMAIN_NAME/htdocs ]; then
mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs
fi
cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 46
RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
{ echo '{';
echo " \"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",";
echo " \"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",";
echo " \"disable_custom_urls\": false,";
echo " \"disable_guests\": true,";
echo ' "brand": "Riot",';
echo ' "integrations_ui_url": "",';
echo ' "integrations_rest_url": "",';
echo " \"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",";
echo ' "enableLabs": false,';
echo ' "roomDirectory": {';
echo ' "servers": [';
echo " \"${MATRIX_DOMAIN_NAME}\",";
echo ' "matrix.org"';
echo ' ]';
echo ' }';
echo '}'; } > "$riot_config_file"
riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
{ echo '{';
echo " \"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",";
echo " \"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",";
echo ' "brand": "Riot",';
echo ' "integrations_ui_url": "",';
echo ' "integrations_rest_url": "",';
echo " \"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",";
echo ' "enableLabs": false,';
echo ' "roomDirectory": {';
echo ' "servers": [';
echo " \"${MATRIX_ONION_DOMAIN_NAME}\"";
echo ' ]';
echo ' }';
echo '}'; } > "$riot_config_file"
riot_nginx_site="/etc/nginx/sites-available/$RIOT_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $RIOT_DOMAIN_NAME;";
echo '';
echo ' # Security'; } >> $riot_nginx_site
nginx_security_options "$RIOT_DOMAIN_NAME"
nginx_robots "$RIOT_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.html;';
echo '';
echo ' location / {'; } >> $riot_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
echo " server_name $RIOT_ONION_HOSTNAME;";
echo ''; } >> $riot_nginx_site
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
echo '';
echo ' index index.html;';
echo '';
echo ' location / {'; } >> $riot_nginx_site
echo ' }' >> "$riot_nginx_site"
echo '}' >> "$riot_nginx_site"
sed '/Content-Security-Policy/d' "$riot_nginx_site"
sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site"
sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site"
sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=50 nodelay;|g' "$riot_nginx_site"
if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then
create_site_certificate "$RIOT_DOMAIN_NAME" 'yes'
chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs"
set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"
if ! grep -q "riot version:" "${COMPLETION_FILE}"; then
echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}"
sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}"
riot_set_default_homeserver
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0