Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
CRYPTPAD_REPO="https://github.com/xwiki-labs/cryptpad"
CRYPTPAD_COMMIT='fe202a92b490404e3d8b7b8a2712e2e0a33a9851'
function logging_on_cryptpad {
echo -n ''
}
function logging_off_cryptpad {
echo -n ''
}
function remove_user_cryptpad {
remove_username="$1"
}
function add_user_cryptpad {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_cryptpad {
APP_INSTALLED=1
}
function change_password_cryptpad {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_cryptpad {
if [ -d $CRYPTPAD_DIR/datastore ]; then
rm -rf $CRYPTPAD_DIR/datastore
fi
}
function cryptpad_generate_api_config {
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}
function upgrade_cryptpad {
CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit")
if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then
return
fi
systemctl stop cryptpad
# update to the next commit
function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
su -c 'echo "2" | bower update' - cryptpad
su -c 'bower install --config.interactive=false' - cryptpad
cryptpad_generate_api_config
systemctl start cryptpad
}
function backup_local_cryptpad {
source_directory=$CRYPTPAD_DIR/datastore
if [ -d $source_directory ]; then
systemctl stop cryptpad
dest_directory=cryptpad
function_check suspend_site
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
systemctl start cryptpad
fi
}
function restore_local_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir cryptpad
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
exit 8736529
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
systemctl start cryptpad
fi
}
function backup_remote_cryptpad {
temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad
function_check suspend_site
echo $"Backing up Cryptpad installation"
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir cryptpad
function_check restart_site
restart_site
systemctl start cryptpad
else
echo $"cryptpad domain specified but not found in ${temp_backup_dir}"
fi
fi
}
function restore_remote_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_friend $temp_restore_dir cryptpad
if [ ! -d $temp_restore_dir$CRYPTPAD_DIR/datastore ]; then
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
return
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
fi
rm -rf $temp_restore_dir
systemctl start cryptpad
fi
}
function remove_cryptpad {
systemctl stop cryptpad
systemctl disable cryptpad
if [ -f /etc/systemd/system/cryptpad.service ]; then
rm /etc/systemd/system/cryptpad.service
fi
function_check remove_nodejs
remove_nodejs cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -f /etc/nginx/sites-available/cryptpad ]; then
rm /etc/nginx/sites-available/cryptpad
fi
function_check remove_onion_service
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad
remove_completion_param install_cryptpad
function cryptpad_create_config {
cryptpad_install_type=$1
cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
{ echo '/*@flow*/';
echo '/*';
echo ' globals module';
echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {';
echo " httpAddress: '::',";
echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"';
echo ' },';
echo '';
echo ' contentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain,";
echo '';
echo ' "child-src blob: *",';
echo ' "frame-src blob: *",';
echo ' "media-src * blob:",';
echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '';
echo " \"img-src 'self' data: blob:\" + domain,";
echo '';
echo ' "frame-ancestors *",';
echo " ].join('; '),";
echo '';
echo ' padContentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain,";
echo '';
echo ' "child-src *",';
echo ' "frame-src *",';
echo '';
echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '';
echo ' "img-src * blob:",';
echo " ].join('; '),";
echo '';
echo " httpPort: ${CRYPTPAD_PORT},";
echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '';
echo " websocketPath: '/cryptpad_websocket',";
echo '';
echo ' logToStdout: false,';
echo '';
echo ' verbose: false,';
echo '';
echo ' mainPages: [';
echo " 'index'";
echo ' ],';
echo '';
echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
{ echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo ' customLimits: {';
echo ' },';
echo '';
echo ' adminEmail: false,';
echo '';
echo " storage: './storage/file',";
echo '';
echo " filePath: './datastore/',";
echo " pinPath: './pins',";
echo " blobPath: './blob',";
echo " blobStagingPath: './blobstage',";
echo ' channelExpirationMs: 30000,';
echo ' openFileLimit: 1024,';
echo " rpc: './rpc.js',";
echo ' suppressRPCErrors: false,';
echo ' enableUploads: true,';
echo ' //restrictUploads: false,';
echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' //logFeedback: true,';
echo ' //logRPC: true,';
echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" != "mesh" ]]; then
else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir "$rootdir/var/www/cryptpad"
if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf "$rootdir$CRYPTPAD_DIR"
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }';
echo '';
echo ' location = /cryptpad_websocket {';
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }';
echo '';
echo ' location ^~ /blob/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > "$cryptpad_nginx_site"
cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
#!/bin/bash
cd $CRYPTPAD_DIR
npm install --arch=$NPM_ARCH --build-from-source
npm install --arch=$NPM_ARCH -g bower@1.8.0
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad
cp config.example.js config.js
EOF
echo $'Cryptpad config file not found'
exit 628252
fi
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service
}
function install_cryptpad_main {
if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
return
fi
if [ ! -d /var/www/cryptpad ]; then
mkdir /var/www/cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR
git pull
else
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
fi
if [ ! -d $CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
{ echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo " if (\$args ~ ver=) {";
echo " set \$cacheControl max-age=31536000;";
echo ' }';
echo " add_header Cache-Control \$cacheControl;";
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }';
echo '';
echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo ' default_type text/javascript;';
echo ' rewrite ^.*$ /customize/api/config break;';
echo ' }';
echo '';
echo ' location ^~ /blob/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > $cryptpad_nginx_site
install_completed cryptpad_main
}
function install_cryptpad {
function_check install_nodejs
install_nodejs cryptpad
install_cryptpad_main
cp config.example.js config.js
if [ ! -f config.js ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service
systemctl daemon-reload
systemctl start cryptpad.service
cryptpad_generate_api_config
systemctl restart nginx
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"