-
Bob Mottram authored
ICANN may not control all of the clearnet
Bob Mottram authoredICANN may not control all of the clearnet
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-app-scuttlebot 18.14 KiB
#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# scuttlebot pub application. Enables nat traversal for SSB.
# https://scuttlebot.io
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim social'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SHOW_CLEARNET_ADDRESS_ON_ABOUT=0
SCUTTLEBOT_DOMAIN_NAME=
SCUTTLEBOT_CODE=
SCUTTLEBOT_VERSION='11.2.0'
SCUTTLEBOT_PORT=8010
SCUTTLEBOT_ONION_PORT=8623
GIT_SSB_PORT=7718
NGINX_GIT_SSB_PORT=7719
scuttlebot_variables=(MY_USERNAME
SCUTTLEBOT_DOMAIN_NAME
SCUTTLEBOT_CODE
DEFAULT_DOMAIN_NAME
SYSTEM_TYPE)
function logging_on_scuttlebot {
echo -n ''
}
function logging_off_scuttlebot {
echo -n ''
}
function scuttlebot_create_invite {
invite_string=$(su -c "/etc/scuttlebot/node_modules/.bin/sbot invite.create 1" - scuttlebot | sed 's/"//g')
clear
echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
# shellcheck disable=SC2034
read -n1 -r -p $"Press any key to continue..." key
}
function configure_interactive_scuttlebot {
W=(1 $"Create an invite")
while true
do
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Scuttlebot" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
break
fi
case $selection in
1) scuttlebot_create_invite;;
esac
done
}
function remove_user_scuttlebot {
echo -n ''
# remove_username="$1"
}
function add_user_scuttlebot {
# new_username="$1"
# new_user_password="$2"
echo '0'
}
function install_interactive_scuttlebot {
if [[ $ONION_ONLY != "no" ]]; then
SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details scuttlebot
fi
APP_INSTALLED=1
}
function change_password_scuttlebot {
# new_username="$1"
# new_user_password="$2"
echo '0'
}
function reconfigure_scuttlebot {
if [ -d /etc/scuttlebot/.ssb ]; then
systemctl stop scuttlebot
rm -rf /etc/scuttlebot/.ssb
systemctl start scuttlebot
fi
}
function upgrade_scuttlebot {
if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
return
fi
CURR_SCUTTLEBOT_VERSION=$(get_completion_param "scuttlebot version")
echo "scuttlebot current version: ${CURR_SCUTTLEBOT_VERSION}"
echo "scuttlebot app version: ${SCUTTLEBOT_VERSION}"
if [[ "${CURR_SCUTTLEBOT_VERSION}" == "${SCUTTLEBOT_VERSION}" ]]; then
return
fi
if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
return
fi
sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
}
function backup_local_scuttlebot {
if [ -d /etc/scuttlebot/.ssb ]; then
systemctl stop scuttlebot
function_check backup_directory_to_usb
backup_directory_to_usb /etc/scuttlebot/.ssb scuttlebot
systemctl start scuttlebot
fi
}
function restore_local_scuttlebot {
if [ -d /etc/scuttlebot ]; then
systemctl stop scuttlebot
temp_restore_dir=/root/tempscuttlebot
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir scuttlebot
if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
else
cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
fi
systemctl start scuttlebot
rm -rf $temp_restore_dir
fi
}
function backup_remote_scuttlebot {
if [ -d /etc/scuttlebot/.ssb ]; then
systemctl stop scuttlebot
function_check backup_directory_to_friend
backup_directory_to_friend /etc/scuttlebot/.ssb scuttlebot
systemctl start scuttlebot
fi
}
function restore_remote_scuttlebot {
if [ -d /etc/scuttlebot ]; then
systemctl stop scuttlebot
temp_restore_dir=/root/tempscuttlebot
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir scuttlebot
if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
else
cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
fi
systemctl start scuttlebot
rm -rf $temp_restore_dir
fi
}
function remove_scuttlebot {
firewall_remove ${SCUTTLEBOT_PORT}
firewall_remove ${GIT_SSB_PORT}
if [ $SCUTTLEBOT_DOMAIN_NAME ]; then
nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
fi
systemctl stop git_ssb
systemctl stop scuttlebot
systemctl disable git_ssb
systemctl disable scuttlebot
rm /etc/systemd/system/git_ssb.service
rm /etc/systemd/system/scuttlebot.service
systemctl daemon-reload
userdel -r scuttlebot
if [ -d /etc/scuttlebot ]; then
rm -rf /etc/scuttlebot
fi
if [ -f /usr/bin/git-ssb-create ]; then
rm /usr/bin/git-ssb-create
fi
remove_completion_param install_scuttlebot
sed -i '/scuttlebot /d' "$COMPLETION_FILE"
}
function git_ssb_script {
if [[ "$1" == "mesh" ]]; then
# shellcheck disable=SC2154
git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
else
git_ssb_script_name=/usr/bin/git-ssb-create
git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
fi
{ echo '#!/bin/bash';
echo "reponame=\"\$1\"";
echo '';
echo "if [[ \"\$reponame\" != \"\" ]]; then";
echo " mkdir \$reponame";
echo " cd \$reponame";
echo ' git init';
echo " git ssb create ssb \$reponame";
echo ' git push --tags ssb master';
echo 'fi';
echo 'exit 0'; } > $git_ssb_script_name
chmod +x $git_ssb_script_name
{ echo '[Unit]';
echo 'Description=Git SSB (SSB git web interface)';
echo 'After=syslog.target';
echo 'After=network.target';
echo 'After=scuttlebot.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=scuttlebot';
echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot";
echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
echo 'Restart=always';
echo 'Environment="USER=scuttlebot"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
}
function scuttlebot_git_setup {
if [[ "$1" == "mesh" ]]; then
if [ ! -d "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
mkdir "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
fi
if [ ! -f "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
echo $'Could not find foundation.css'
exit 347687245
fi
cp "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
{ echo 'server {';
echo " listen $NGINX_GIT_SSB_PORT default_server;";
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
else
if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
exit 7357225
fi
if [ ! -d /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
mkdir /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
fi
if [ ! -f /root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
echo $'Could not find foundation.css'
exit 347687245
fi
cp /root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
function_check nginx_http_redirect
nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $SCUTTLEBOT_DOMAIN_NAME;";
echo ''; } >> $git_ssb_nginx_site
function_check nginx_compress
nginx_compress $SCUTTLEBOT_DOMAIN_NAME
echo '' >> "$git_ssb_nginx_site"
echo ' # Security' >> "$git_ssb_nginx_site"
function_check nginx_ssl
nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $SCUTTLEBOT_DOMAIN_NAME
fi
{ echo '';
echo ' root /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
echo '';
echo ' location = / {';
echo " proxy_pass http://localhost:${GIT_SSB_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '}'; } >> $git_ssb_nginx_site
if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
{ echo '';
echo 'server {';
echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo ' root /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
echo '';
echo ' location = / {';
echo " proxy_pass http://localhost:${GIT_SSB_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '}'; } >> $git_ssb_nginx_site
fi
if [[ "$1" != "mesh" ]]; then
nginx_ensite git_ssb
fi
}
function mesh_install_dat {
get_npm_arch
mesh_setup_npm
cat <<EOF > "$rootdir/usr/bin/install_dat"
#!/bin/bash
npm install --arch=$NPM_ARCH -g dat
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
chroot "$rootdir" /usr/bin/install_dat
rm "$rootdir/usr/bin/install_dat"
}
function install_dat {
npm install -g dat
}
function mesh_install_scuttlebot {
#shellcheck disable=SC2153
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
return
fi
SCUTTLEBOT_ONION_HOSTNAME=
mesh_install_dat
get_npm_arch
mesh_setup_npm
if [ ! -d "$rootdir/etc/scuttlebot" ]; then
mkdir -p "$rootdir/etc/scuttlebot"
fi
# an unprivileged user to install and run as
chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
chroot "$rootdir" chown -R scuttlebot:scuttlebot /etc/scuttlebot
cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
#!/bin/bash
cd /etc/scuttlebot || exit 1
if ! npm install --arch=$NPM_ARCH scuttlebot@${SCUTTLEBOT_VERSION}; then
exit 2
fi
exit 0
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
chroot "$rootdir" sudo -u scuttlebot /usr/bin/install_scuttlebot
rm "$rootdir/usr/bin/install_scuttlebot"
if [ ! -f "$rootdir/etc/scuttlebot/node_modules/.bin/sbot" ]; then
echo $'Scuttlebot was not installed'
exit 528253
fi
cat <<EOF > "$rootdir/usr/bin/install_git_ssb"
#!/bin/bash
npm config set prefix '~/.npm-global'
export PATH=~/.npm-global/bin:$PATH
export NPM_CONFIG_PREFIX=~/.npm-global
source ~/.profile
if ! npm install --arch=$NPM_ARCH -g git-ssb; then
exit 1
fi
if ! npm install --arch=$NPM_ARCH -g git-remote-ssb; then
exit 2
fi
exit 0
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_git_ssb
chroot "$rootdir" /usr/bin/install_git_ssb
rm "$rootdir/usr/bin/install_git_ssb"
# daemon
{ echo '[Unit]';
echo 'Description=Scuttlebot (messaging system)';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=scuttlebot';
echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot";
echo 'ExecStart=/etc/scuttlebot/node_modules/.bin/sbot server';
echo 'Restart=always';
echo 'Environment="USER=scuttlebot"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"
scuttlebot_git_setup mesh
git_ssb_script mesh
}
function install_scuttlebot {
function_check install_nodejs
install_nodejs scuttlebot
if [ ! -d /etc/scuttlebot ]; then
mkdir -p /etc/scuttlebot
fi
# an unprivileged user to install and run as
useradd -d /etc/scuttlebot/ scuttlebot
chown -R scuttlebot:scuttlebot /etc/scuttlebot
cat <<EOF > /usr/bin/install_scuttlebot
#!/bin/bash
cd /etc/scuttlebot || exit 1
if ! npm install scuttlebot@${SCUTTLEBOT_VERSION}; then
exit 2
fi
exit 0
EOF
chmod +x /usr/bin/install_scuttlebot
su -c '/usr/bin/install_scuttlebot' - scuttlebot
rm /usr/bin/install_scuttlebot
if [ ! -f /etc/scuttlebot/node_modules/.bin/sbot ]; then
echo $'Scuttlebot was not installed'
exit 528253
fi
install_dat
npm install -g git-ssb
npm install -g git-remote-ssb
# daemon
{ echo '[Unit]';
echo 'Description=Scuttlebot (messaging system)';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=scuttlebot';
echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot";
echo 'ExecStart=/etc/scuttlebot/node_modules/.bin/sbot server';
echo 'Restart=always';
echo 'Environment="USER=scuttlebot"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service
chown -R scuttlebot:scuttlebot /etc/scuttlebot
# files gw_name myhostname mdns4_minimal [NOTFOUND=return] dns
sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf
# start the daemon
systemctl enable scuttlebot.service
systemctl daemon-reload
systemctl start scuttlebot.service
sleep 3
if [ ! -d /etc/scuttlebot/.ssb ]; then
echo $'Scuttlebot config not generated'
exit 73528
fi
SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
if [[ "$ONION_ONLY" == 'no' ]]; then
{ echo '{';
echo " \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
echo ' "tor-only": false,'; } > /etc/scuttlebot/.ssb/config
else
{ echo '{';
echo " \"host\": \"${SCUTTLEBOT_ONION_HOSTNAME}\",";
echo ' "tor-only": true,'; } > /etc/scuttlebot/.ssb/config
fi
{ echo " \"port\": ${SCUTTLEBOT_PORT},";
echo ' "timeout": 30000,';
echo ' "pub": true,';
echo ' "local": true,';
echo ' "friends": {';
echo ' "dunbar": 150,';
echo ' "hops": 3';
echo ' },';
echo ' "gossip": {';
echo ' "connections": 2';
echo ' },';
echo ' "master": [],';
echo ' "logging": {';
echo ' "level": "error"';
echo ' }';
echo '}'; } >> /etc/scuttlebot/.ssb/config
chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot.service
firewall_add scuttlebot ${SCUTTLEBOT_PORT}
firewall_add git_ssb ${GIT_SSB_PORT}
scuttlebot_git_setup
git_ssb_script
systemctl enable git_ssb.service
systemctl daemon-reload
systemctl start git_ssb.service
function_check create_site_certificate
create_site_certificate ${SCUTTLEBOT_DOMAIN_NAME} 'yes'
systemctl restart nginx
if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
else
sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
fi
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0