-
Bob Mottram authoredBob Mottram authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-app-radicale 21.21 KiB
#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Radicale calendar system
#
# Configuration based upon:
# https://gigacog.com/blog/2016/01/radicale-and-uwsgi-on-nginx-with-systemd
#
# License
# =======
#
# Copyright (C) 2016-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS=''
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
RADICALE_DOWNLOAD_URL='https://files.pythonhosted.org/packages/source/R/Radicale/Radicale-'
RADICALE_VERSION='1.1.2'
RADICALE_HASH='ebe22afb7fdcac45a5722a5b3037cc4bf261fc059beba31af7863894d2b840bc'
RADICALE_PASSWORD=
RADICALE_ONION_PORT=8106
RADICALE_PORT=5232
RADICALE_DIRECTORY='/etc/radicale'
RADICALE_USERS=/var/www/radicale/users
radicale_variables=(ONION_ONLY
MY_USERNAME
RADICALE_PASSWORD
DEFAULT_DOMAIN_NAME)
function logging_on_radicale {
echo -n ''
}
function logging_off_radicale {
echo -n ''
}
function remove_user_radicale {
remove_username="$1"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale
if grep -q "${remove_username}:" ${RADICALE_USERS}; then
sed -i "/${remove_username}:/d" ${RADICALE_USERS}
if [ -d "/var/www/radicale/collections/${remove_username}" ]; then
rm -rf "/var/www/radicale/collections/${remove_username}"
fi
if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then
rm "/var/www/radicale/collections/${remove_username}.props"
fi
systemctl restart radicale
fi
}
function add_user_radicale {
new_username="$1"
new_user_password="$2"
"${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password"
if [ ! -f ${RADICALE_USERS} ]; then
touch ${RADICALE_USERS}
fi
if ! grep -q "$new_username:" ${RADICALE_USERS}; then
htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password"
echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props"
mkdir "/var/www/radicale/collections/${new_username}"
echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props"
{ echo 'BEGIN:VCALENDAR';
echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN';
echo 'VERSION:2.0';
echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar"
chown -R www-data:www-data /var/www/radicale
chmod -R 755 /var/www/radicale/*
systemctl restart radicale
fi
echo '0'
}
function change_password_radicale {
existing_username="$1"
new_user_password="$2"
"${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password"
if grep -q "${existing_username}:" ${RADICALE_USERS}; then
sed -i "/${existing_username}:/d" ${RADICALE_USERS}
htpasswd -bd ${RADICALE_USERS} "$existing_username" "$new_user_password"
systemctl reload radicale
fi
}
function install_interactive_radicale {
echo -n ''
APP_INSTALLED=1
}
function reconfigure_radicale {
rm $RADICALE_USERS
rm -rf /var/www/radicale/collections/*
rm -rf /var/log/radicale/*
# create an admin password
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
touch /var/log/radicale/radicale.log
chown -R www-data:www-data /var/log/radicale
}
function upgrade_radicale {
if [ ! -f /usr/local/bin/radicale ]; then
return
fi
if ! grep -q "radicale version:" "$COMPLETION_FILE"; then
return
fi
CURR_RADICALE_VERSION=$(get_completion_param "radicale version")
if [[ "${CURR_RADICALE_VERSION}" == "${RADICALE_VERSION}" ]]; then
return
fi
# get the source
cd /var/www/radicale || exit 62784628468
wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
# check the hash
hash=$(sha256sum Radicale-${RADICALE_VERSION}.tar.gz | awk -F ' ' '{print $1}')
if [[ "$hash" != "$RADICALE_HASH" ]]; then
echo $'radicale hash does not match'
exit 638532
fi
tar -xzf Radicale-${RADICALE_VERSION}.tar.gz
if [ ! -d Radicale-${RADICALE_VERSION} ]; then
exit 73529
fi
rm Radicale-${RADICALE_VERSION}.tar.gz
cd "Radicale-${RADICALE_VERSION}" || exit 264824684
# move the old command
mv /usr/local/bin/radicale /usr/local/bin/radicale_previous
# do the install
python setup.py install
# check for install success
if [ ! -f /usr/local/bin/radicale ]; then
mv /usr/local/bin/radicale_previous /usr/local/bin/radicale
echo $'Radicale did not upgrade'
exit 692353
fi
# remove the old source
rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282
sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}"
chown -R www-data:www-data /var/www/radicale
systemctl restart radicale
systemctl restart nginx
}
function backup_local_radicale {
source_directory=${RADICALE_DIRECTORY}
if [ -d $source_directory ]; then
dest_directory=radicale
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
fi
source_directory=/var/www/radicale
if [ -d $source_directory ]; then
dest_directory=radicalewww
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
fi
}
function restore_local_radicale {
if [ -d ${RADICALE_DIRECTORY} ]; then
temp_restore_dir=/root/tempradicale
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir radicale
if [ -d $temp_restore_dir${RADICALE_DIRECTORY} ]; then
cp -r $temp_restore_dir${RADICALE_DIRECTORY}/* ${RADICALE_DIRECTORY}
else
cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
exit 46872
fi
rm -rf $temp_restore_dir
temp_restore_dir=/root/tempradicalewww
restore_directory_from_usb $temp_restore_dir radicalewww
if [ -d $temp_restore_dir/var/www/radicale ]; then
cp -r $temp_restore_dir/var/www/radicale/* /var/www/radicale
else
cp -r $temp_restore_dir/* /var/www/radicale/*
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
exit 367363
fi
rm -rf $temp_restore_dir
chown -R www-data:www-data /var/www/radicale
systemctl restart radicale
fi
}
function backup_remote_radicale {
if [ -d ${RADICALE_DIRECTORY} ]; then
echo $"Backing up the radicale settings"
backup_directory_to_friend ${RADICALE_DIRECTORY} radicale
backup_directory_to_friend /var/www/radicale radicalewww
echo $"Backup of radicale settings complete"
fi
}
function restore_remote_radicale {
if [ -d ${RADICALE_DIRECTORY} ]; then
temp_restore_dir=/root/tempradicale
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir radicale
if [ -d $temp_restore_dir${RADICALE_DIRECTORY} ]; then
cp -r $temp_restore_dir${RADICALE_DIRECTORY}/* ${RADICALE_DIRECTORY}
else
cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 236746
fi
rm -rf $temp_restore_dir
temp_restore_dir=/root/tempradicalewww
restore_directory_from_friend $temp_restore_dir radicalewww
if [ -d $temp_restore_dir/var/www/radicale ]; then
cp -r $temp_restore_dir/var/www/radicale/* /var/www/radicale
else
cp -r $temp_restore_dir/* /var/www/radicale
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 3674284
fi
rm -rf $temp_restore_dir
chown -R www-data:www-data /var/www/radicale
systemctl restart radicale
fi
}
function remove_radicale {
nginx_dissite radicale
systemctl stop radicale
systemctl stop uwsgi_rundir
systemctl disable radicale
systemctl disable uwsgi_rundir
if [ -f /etc/systemd/system/uwsgi_rundir.service ]; then
rm /etc/systemd/system/uwsgi_rundir.service
fi
if [ -f /etc/systemd/system/radicale.service ]; then
rm /etc/systemd/system/radicale.service
fi
systemctl daemon-reload
if [ -f /etc/nginx/sites-available/radicale ]; then
rm /etc/nginx/sites-available/radicale
fi
if [ -f /usr/local/bin/uwsgi_rundir.sh ]; then
rm /usr/local/bin/uwsgi_rundir.sh
fi
firewall_remove ${RADICALE_PORT} tcp
groupdel -f radicale
userdel -r radicale
function_check remove_onion_service
remove_onion_service radicale ${RADICALE_ONION_PORT}
$REMOVE_PACKAGES_PURGE radicale python-radicale
if [ -d ${RADICALE_DIRECTORY} ]; then
rm -rf ${RADICALE_DIRECTORY}
fi
if [ -d /var/www/radicale ]; then
rm -rf /var/www/radicale
fi
if [ -f /var/log/radicale/radicale.log ]; then
rm -rf /var/log/radicale
fi
if [ -d /var/log/radicale ]; then
rm -rf /var/log/radicale
fi
if [ -d /var/lib/radicale ]; then
rm -rf /var/lib/radicale
fi
remove_completion_param install_radicale
sed -i '/radicale/d' "$COMPLETION_FILE"
sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
systemctl restart nginx
}
function install_radicale {
if [[ $ONION_ONLY == 'no' ]]; then
# obtain a cert for the default domain
if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
echo $'Obtaining certificate for the main domain'
create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
fi
fi
$REMOVE_PACKAGES_PURGE radicale python-radicale
useradd -c "Radicale system account" -d /var/www/radicale -m -r -g radicale radicale
usermod -a -G www-data radicale
groupadd radicale
# create directories
if [ ! -d /var/log/radicale ]; then
mkdir /var/log/radicale
fi
if [ ! -f /var/log/radicale/radicale.log ]; then
touch /var/log/radicale/radicale.log
fi
chown -R www-data:www-data /var/log/radicale
$INSTALL_PACKAGES python-setuptools apache2-utils
if [ ! -d /var/www/radicale ]; then
mkdir -p /var/www/radicale
fi
# get the source
cd /var/www/radicale || exit 462874628
wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
# check the hash
hash=$(sha256sum Radicale-${RADICALE_VERSION}.tar.gz | awk -F ' ' '{print $1}')
if [[ "$hash" != "$RADICALE_HASH" ]]; then
echo $'radicale hash does not match'
exit 638532
fi
tar -xzf Radicale-${RADICALE_VERSION}.tar.gz
if [ ! -d Radicale-${RADICALE_VERSION} ]; then
exit 623252
fi
rm Radicale-${RADICALE_VERSION}.tar.gz
cd "Radicale-${RADICALE_VERSION}" || exit 872462842
python setup.py install
if [ ! -f /usr/local/bin/radicale ]; then
echo $'Radicale did not install'
exit 7283554
fi
if [ ! -d ${RADICALE_DIRECTORY} ]; then
mkdir ${RADICALE_DIRECTORY}
fi
if [ ! -d /var/www/radicale/collections ]; then
mkdir -p /var/www/radicale/collections
fi
# create the configuration
{ echo '[server]';
echo 'hosts=localhost:52322';
echo 'ssl = False';
echo 'daemon = False';
echo 'base_prefix=/radicale/';
echo '';
echo '[storage]';
echo 'type = filesystem';
echo "filesystem_folder = /var/www/radicale/collections";
echo '';
echo '[well-known]';
echo "caldav = '/%(user)s/caldav/'";
echo "carddav = '/%(user)s/carddav/'";
echo '';
echo '#[auth]';
echo '#imap_hostname = localhost';
echo '#imap_port = 143';
echo '#imap_ssl = False';
echo '';
echo '[logging]';
echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config"
# create an admin password
if [ ${#RADICALE_PASSWORD} -lt 8 ]; then
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
{ echo '[Unit]';
echo 'Description=Radicale CalDAV Server';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=www-data';
echo 'Group=www-data';
echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config";
echo 'Restart=on-failure';
echo 'RestartSec=10';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service
addresses_str=$"Addresses"
echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props
touch /var/www/radicale/collections/addresses
if [ ! -d /var/lib/radicale ]; then
mkdir /var/lib/radicale
fi
chown radicale:radicale /var/lib/radicale
chown -R www-data:www-data /var/www/radicale
chmod -R 755 /var/www/radicale
chown -R www-data:www-data ${RADICALE_DIRECTORY}
systemctl enable radicale
systemctl start radicale
if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
# create a new site config
RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT})
if [[ $ONION_ONLY == 'no' ]]; then
{ echo 'server {';
echo " listen 443 ssl;";
echo " #listen [::]:443 ssl;";
echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
function_check nginx_ssl
nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
function_check nginx_security_options
nginx_security_options "${DEFAULT_DOMAIN_NAME}"
{ echo '';
echo " server_name ${DEFAULT_DOMAIN_NAME};";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Start radicale';
echo ' location @radicale {';
echo ' auth_basic "Radicale";';
echo ' auth_basic_user_file /var/www/radicale/users;';
echo ' proxy_pass http://localhost:52322;';
echo ' proxy_buffering off;';
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo " proxy_set_header X-Forwarded-Proto \$scheme;";
echo ' }';
echo '';
echo ' location /radicale {';
echo " try_files \$uri @radicale;";
echo ' }';
echo '';
echo ' location /.well-known/carddav {';
echo " try_files \$uri @radicale;";
echo ' }';
echo '';
echo ' location /.well-known/caldav {';
echo " try_files \$uri @radicale;";
echo ' }';
echo ' # End radicale';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
else
echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
fi
{ echo 'server {';
echo " listen localhost:${RADICALE_ONION_PORT} default_server;";
echo '';
echo " server_name ${RADICALE_ONION_HOSTNAME};";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Start radicale';
echo ' location @radicale {';
echo ' auth_basic "Radicale";';
echo ' auth_basic_user_file /var/www/radicale/users;';
echo ' proxy_pass http://localhost:52322;';
echo ' proxy_buffering off;';
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo " proxy_set_header X-Forwarded-Proto \$scheme;";
echo ' }';
echo '';
echo ' location /radicale {';
echo " try_files \$uri @radicale;";
echo ' }';
echo '';
echo ' location /.well-known/carddav {';
echo " try_files \$uri @radicale;";
echo ' }';
echo '';
echo ' location /.well-known/caldav {';
echo " try_files \$uri @radicale;";
echo ' }';
echo ' # End radicale';
echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
else
# alter the existing site config
if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
sed -i "/]:443/a # Start radicale\\n location @radicale {\\n auth_basic \"Radicale\";\\n auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n proxy_pass http:\\/\\/localhost:52322;\\n proxy_buffering off;\\n proxy_set_header Host \$host;\\n proxy_set_header X-Real-IP \$remote_addr;\\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n proxy_set_header X-Forwarded-Proto \$scheme;\\n }\\n\\n location \\/radicale {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/carddav {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/caldav {\\n try_files \$uri @radicale;\\n }\\n # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
sed -i "/listen localhost/a # Start radicale\\n location @radicale {\\n auth_basic \"Radicale\";\\n auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n proxy_pass http:\\/\\/localhost:52322;\\n proxy_buffering off;\\n proxy_set_header Host \$host;\\n proxy_set_header X-Real-IP \$remote_addr;\\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n proxy_set_header X-Forwarded-Proto \$scheme;\\n }\\n\\n location \\/radicale {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/carddav {\\n try_files \$uri @radicale;\\n }\\n\\n location \\/.well-known\\/caldav {\\n try_files \$uri @radicale;\\n }\\n # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
fi
fi
# create a certificate
if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
"${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}"
check_certificates "$DEFAULT_DOMAIN_NAME"
fi
fi
if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
fi
sed -i "s|radicale.key|${DEFAULT_DOMAIN_NAME}.key|g" /etc/nginx/sites-available/radicale
sed -i "s|radicale.dhparam|${DEFAULT_DOMAIN_NAME}.dhparam|g" /etc/nginx/sites-available/radicale
update_default_domain
systemctl restart nginx
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
# keep track of the version so we can check for upgrades
if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then
echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}"
else
sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}"
fi
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0