-
Bob Mottram authoredBob Mottram authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-app-lychee 15.93 KiB
#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Lychee photo album
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS="full full-vim writer"
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
LYCHEE_DOMAIN_NAME=
LYCHEE_CODE=
LYCHEE_ONION_PORT=8105
LYCHEE_REPO="https://github.com/electerious/Lychee"
LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9'
LYCHEE_SHORT_DESCRIPTION=$'Lychee photos'
LYCHEE_DESCRIPTION=$'Lychee photos'
LYCHEE_MOBILE_APP_URL=
lychee_variables=(LYCHEE_REPO
LYCHEE_DOMAIN_NAME
LYCHEE_CODE
ONION_ONLY
DDNS_PROVIDER
MY_USERNAME)
function logging_on_lychee {
echo -n ''
}
function logging_off_lychee {
echo -n ''
}
function lychee_create_database {
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database lychee "$LYCHEE_ADMIN_PASSWORD"
}
function remove_user_lychee {
remove_username="$1"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
}
function add_user_lychee {
if [[ $(app_is_installed lychee) == "0" ]]; then
echo '0'
return
fi
new_username="$1"
new_user_password="$2"
"${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"
echo '0'
}
function install_interactive_lychee {
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
LYCHEE_DOMAIN_NAME='lychee.local'
write_config_param "LYCHEE_DOMAIN_NAME" "$LYCHEE_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details "lychee" "LYCHEE_DOMAIN_NAME" "LYCHEE_CODE"
fi
APP_INSTALLED=1
}
function configure_interactive_lychee {
function_check get_mariadb_password
get_mariadb_password
dialog --title $"Lychee Configuration" \
--msgbox $"\\nYou can initially install the system with:\\n\\n Username: root\\n Password: $MARIADB_PASSWORD" 10 70
}
function change_password_lychee {
# LYCHEE_USERNAME="$1"
LYCHEE_PASSWORD="$2"
if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
echo $'Lychee password is too short'
return
fi
# TODO: This doesn't actually change the password
#${PROJECT_NAME}-pass -u $LYCHEE_USERNAME -a lychee -p "$LYCHEE_PASSWORD"
}
function reconfigure_lychee {
echo -n ''
}
function upgrade_lychee {
CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit")
if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then
return
fi
read_config_param "LYCHEE_DOMAIN_NAME"
function_check set_repo_commit
set_repo_commit /var/www/$LYCHEE_DOMAIN_NAME/htdocs "lychee commit" "$LYCHEE_COMMIT" $LYCHEE_REPO
}
function backup_local_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
if [ -d "$lychee_path" ]; then
function_check backup_database_to_usb
backup_database_to_usb lychee
backup_directory_to_usb "$lychee_path" lychee
restart_site
fi
}
function restore_local_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
if [ "$LYCHEE_DOMAIN_NAME" ]; then
suspend_site "${LYCHEE_DOMAIN_NAME}"
function_check lychee_create_database
lychee_create_database
function_check restore_database
restore_database lychee "${LYCHEE_DOMAIN_NAME}"
if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
fi
}
function backup_remote_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
if [ -d "$temp_backup_dir" ]; then
suspend_site "${LYCHEE_DOMAIN_NAME}"
backup_database_to_friend lychee
backup_directory_to_friend "$temp_backup_dir" lychee
restart_site
else
echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
exit 2578
fi
}
function restore_remote_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
suspend_site "${LYCHEE_DOMAIN_NAME}"
function_check restore_database_from_friend
function_check lychee_create_database
lychee_create_database
restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"
if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
}
function remove_lychee {
if [ ${#LYCHEE_DOMAIN_NAME} -eq 0 ]; then
return
fi
read_config_param "LYCHEE_DOMAIN_NAME"
nginx_dissite "$LYCHEE_DOMAIN_NAME"
remove_certs "${LYCHEE_DOMAIN_NAME}"
drop_database lychee
remove_backup_database_local lychee
if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
fi
if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
fi
remove_config_param LYCHEE_DOMAIN_NAME
remove_config_param LYCHEE_CODE
function_check remove_onion_service
remove_onion_service lychee "${LYCHEE_ONION_PORT}"
remove_completion_param "install_lychee"
sed -i '/Lychee/d' "$COMPLETION_FILE"
sed -i '/lychee/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
}
function install_lychee_website {
function_check nginx_http_redirect
nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
echo " server_name $LYCHEE_DOMAIN_NAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.html;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$LYCHEE_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$LYCHEE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$LYCHEE_DOMAIN_NAME"
{ echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {';
echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.html;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.html;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
}
function install_lychee_website_onion {
{ echo 'server {';
echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
echo " server_name $LYCHEE_ONION_HOSTNAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.html;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$LYCHEE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$LYCHEE_DOMAIN_NAME"
{ echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$LYCHEE_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.html;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.html;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
}
function install_lychee_from_repo {
if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
fi
cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246
if [ -d /repos/lychee ]; then
mkdir htdocs
cp -r -p /repos/lychee/. htdocs
cd htdocs || exit 963756345
git pull
else
git_clone "$LYCHEE_REPO" htdocs
fi
cd htdocs || exit 1437534858
git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
set_completion_param "lychee commit" "$LYCHEE_COMMIT"
}
function install_lychee {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
echo $'The lychee domain name was not specified'
exit 543672
fi
# for the avatar changing command
apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl
function_check install_lychee_from_repo
install_lychee_from_repo
if [[ $ONION_ONLY == "no" ]]; then
function_check install_lychee_website
install_lychee_website
else
echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
fi
LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})
function_check install_lychee_website_onion
install_lychee_website_onion
function_check create_site_certificate
create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'
function_check configure_php
configure_php
chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"
function_check nginx_ensite
nginx_ensite "$LYCHEE_DOMAIN_NAME"
function_check install_mariadb
install_mariadb
function_check get_mariadb_password
get_mariadb_password
function_check lychee_create_database
lychee_create_database
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
function_check add_ddns_domain
add_ddns_domain "$LYCHEE_DOMAIN_NAME"
set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0