-
Bob Mottram authored
Some apps may require others to already be installed
Bob Mottram authoredSome apps may require others to already be installed
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-app-fedwiki 18.17 KiB
#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Federated wiki
#
# The wiki itself looks ok, but there is no straightforward way for a
# user to authenticate which isn't proprietary
#
# License
# =======
#
# Copyright (C) 2017-2019 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
APP_CATEGORY=publishing
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
REQUIRES_APP=
FEDWIKI_DOMAIN_NAME=
FEDWIKI_CODE=
FEDWIKI_VERSION='0.15.0'
FEDWIKI_ONION_PORT=8131
FEDWIKI_PORT=3053
FEDWIKI_DATA=/var/lib/fedwiki
FEDWIKI_COOKIE=
FEDWIKI_SHORT_DESCRIPTION=$'Federated wiki'
FEDWIKI_DESCRIPTION=$'Federated wiki'
FEDWIKI_MOBILE_APP_URL=
fedwiki_variables=(FEDWIKI_DOMAIN_NAME
FEDWIKI_CODE
FEDWIKI_COOKIE
FEDWIKI_ADMIN_PASSWORD
ONION_ONLY
DDNS_PROVIDER
MY_USERNAME
MY_EMAIL_ADDRESS)
function fedwiki_setting_password {
# change the password via the web UI
new_password="$1"
if [ ${#new_password} -lt 8 ]; then
return
fi
if [[ "$new_password" == *' '* || "$new_password" == *'"'* ]]; then
return
fi
MY_USERNAME=$(grep 'MY_USERNAME=' "/root/${PROJECT_NAME}.cfg" | awk -F '=' '{print $2}')
sed -i "s|--cookieSecret .*|--cookieSecret '${new_password}'|g" /etc/systemd/system/fedwiki.service
fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
{ echo '{';
echo " \"name\": \"${MY_USERNAME}\",";
echo ' "friend": {';
echo " \"secret\": \"${new_password}\"";
echo ' }';
echo '}'; } > $fedwiki_auth_file
chown fedwiki:fedwiki $fedwiki_auth_file
systemctl daemon-reload
systemctl restart fedwiki
}
function fedwiki_setting_favicon {
# change the favicon via the web UI
image_url="$1"
if [[ "$image_url" != 'http'* ]]; then
return
fi
if [ ${#image_url} -gt 256 ]; then
return
fi
image_extension=
if [[ "$image_url" == *'.jpg' || "$image_url" == *'.jpeg' ]]; then
image_extension='jpg'
fi
if [[ "$image_url" == *'.gif' ]]; then
image_extension='gif'
fi
if [[ "$image_url" == *'.png' ]]; then
image_extension='png'
fi
if [ ! $image_extension ]; then
echo $'Invalid image type'
return
fi
image_filename=$FEDWIKI_DATA/status/favicon.${image_extension}
if [ -f "$image_filename" ]; then
mv "$image_filename" "${image_filename}.prev"
fi
wget "$image_url" -O "$image_filename"
if [ ! -f "$image_filename" ]; then
if [ -f "${image_filename}.prev" ]; then
mv "${image_filename}.prev" "${image_filename}"
fi
return
fi
rm "${image_filename}.prev"
if [[ "$image_url" == *'.jpg' || "$image_url" == *'.jpeg' || "$image_url" == *'.gif' ]]; then
convert "$image_filename" -resize "32x32" "$FEDWIKI_DATA/status/favicon.png"
if [ ! -f "$FEDWIKI_DATA/status/favicon.png" ]; then
return
fi
# remove the original
rm "$image_filename"
image_extension='png'
image_filename="$FEDWIKI_DATA/status/favicon.png"
else
convert "$image_filename" -resize "32x32" "$image_filename"
fi
chown fedwiki:fedwiki "$image_filename"
}
function fedwiki_remove_bad_links {
if [[ $ONION_ONLY == 'no' ]]; then
sed -i "s|maxcdn.bootstrapcdn.com|${FEDWIKI_DOMAIN_NAME}|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
else
sed -i "s|https://maxcdn.bootstrapcdn.com|http://${FEDWIKI_ONION_HOSTNAME}|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
fi
if [ -f /var/lib/wiki/node_modules/localforage/docs/theme/style.css ]; then
sed -i '/googleapi/d' /var/lib/wiki/node_modules/localforage/docs/theme/style.css
fi
if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then
sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html
fi
if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then
sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html
fi
if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then
sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html
fi
if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then
sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html
fi
if [ -d /var/lib/wiki/node_modules/passport-google-oauth20 ]; then
rm -rf /var/lib/wiki/node_modules/passport-google-oauth20
fi
if [ -d /var/lib/wiki/node_modules/passport-oauth2 ]; then
rm -rf /var/lib/wiki/node_modules/passport-oauth2
fi
if [ -d /var/lib/wiki/node_modules/passport-twitter ]; then
rm -rf /var/lib/wiki/node_modules/passport-twitter
fi
if [ -d /var/lib/wiki/node_modules/passport-github ]; then
rm -rf /var/lib/wiki/node_modules/passport-github
fi
}
function logging_on_fedwiki {
echo -n ''
}
function logging_off_fedwiki {
echo -n ''
}
function remove_user_fedwiki {
remove_username="$1"
}
function add_user_fedwiki {
if [[ $(app_is_installed fedwiki) == "0" ]]; then
echo '0'
return
fi
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_fedwiki {
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
FEDWIKI_DOMAIN_NAME='fedwiki.local'
write_config_param "FEDWIKI_DOMAIN_NAME" "$FEDWIKI_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details "fedwiki" "FEDWIKI_DOMAIN_NAME" "FEDWIKI_CODE"
fi
APP_INSTALLED=1
}
function change_password_fedwiki {
FEDWIKI_USERNAME="$1"
FEDWIKI_PASSWORD="$2"
if [ ${#FEDWIKI_PASSWORD} -lt 8 ]; then
echo $'Fedwiki password is too short'
return
fi
"${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
systemctl daemon-reload
systemctl restart fedwiki
write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
}
function reconfigure_fedwiki {
echo -n ''
}
function upgrade_fedwiki {
CURR_FEDWIKI_VERSION=$(get_completion_param "fedwiki version")
if [[ "$CURR_FEDWIKI_VERSION" == "$FEDWIKI_VERSION" ]]; then
return
fi
systemctl stop fedwiki
npm upgrade -g wiki@$FEDWIKI_VERSION
cp -r /root/.npm-global/lib/node_modules/wiki/* /var/lib/wiki/
cp /root/.npm-global/bin/wiki /var/lib/wiki/wiki
chown -R fedwiki:fedwiki /var/lib/wiki
fedwiki_remove_bad_links
chown -R fedwiki:fedwiki $FEDWIKI_DATA
systemctl start fedwiki
set_completion_param "fedwiki version" "$FEDWIKI_VERSION"
}
function backup_local_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi
systemctl stop fedwiki
suspend_site "${FEDWIKI_DOMAIN_NAME}"
fedwiki_path=$FEDWIKI_DATA
if [ -d $fedwiki_path ]; then
backup_directory_to_usb $fedwiki_path fedwiki
fi
restart_site
systemctl start fedwiki
}
function restore_local_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi
if [ "$FEDWIKI_DOMAIN_NAME" ]; then
suspend_site "${FEDWIKI_DOMAIN_NAME}"
systemctl stop fedwiki
temp_restore_dir=/root/tempfedwiki
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir fedwiki
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$FEDWIKI_DATA ]; then
cp -r $temp_restore_dir$FEDWIKI_DATA/* $FEDWIKI_DATA/
else
cp -r $temp_restore_dir/* $FEDWIKI_DATA/
fi
chown -R fedwiki:fedwiki $FEDWIKI_DATA
rm -rf $temp_restore_dir
fi
FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
"${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
systemctl daemon-reload
systemctl start fedwiki
restart_site
fi
}
function backup_remote_fedwiki {
echo -n ''
}
function restore_remote_fedwiki {
echo -n ''
}
function remove_fedwiki {
if [ ${#FEDWIKI_DOMAIN_NAME} -eq 0 ]; then
return
fi
systemctl stop fedwiki
systemctl disable fedwiki
rm /etc/systemd/system/fedwiki.service
systemctl daemon-reload
npm uninstall -g wiki-security-friends
npm uninstall -g wiki
function_check remove_nodejs
remove_nodejs fedwiki
read_config_param "FEDWIKI_DOMAIN_NAME"
nginx_dissite "$FEDWIKI_DOMAIN_NAME"
remove_certs "${FEDWIKI_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
fi
if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
fi
if [ -d /var/lib/wiki ]; then
rm -rf /var/lib/wiki
fi
remove_config_param FEDWIKI_DOMAIN_NAME
remove_config_param FEDWIKI_CODE
function_check remove_onion_service
remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
remove_completion_param "install_fedwiki"
sed -i '/fedwiki/d' "$COMPLETION_FILE"
groupdel -f fedwiki
userdel -r fedwiki
if [ -d $FEDWIKI_DATA ]; then
rm -rf $FEDWIKI_DATA
fi
function_check remove_ddns_domain
remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
}
function fedwiki_setup_web {
fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
if [[ "$ONION_ONLY" == "no" ]]; then
{ echo 'server {';
echo ' listen 80;';
echo ' listen [::]:80;';
echo " server_name $FEDWIKI_DOMAIN_NAME;";
echo " rewrite ^ https://\$server_name\$request_uri? permanent;";
echo '}';
echo '';
echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $FEDWIKI_DOMAIN_NAME;";
echo ''; } > "$fedwiki_nginx_file"
function_check nginx_ssl
nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
{ echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;';
echo ' }';
echo '';
echo ' location / {';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo " proxy_pass http://localhost:${FEDWIKI_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' client_max_body_size 1M;';
echo ' }';
echo '}';
echo ''; } >> "$fedwiki_nginx_file"
else
echo -n '' > "$fedwiki_nginx_file"
fi
{ echo 'server {';
echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
echo ' port_in_redirect off;';
echo " server_name $FEDWIKI_ONION_HOSTNAME;";
echo '';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Download-Options noopen;';
echo '';
echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;';
echo ' }';
echo '';
echo ' location / {';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo " proxy_pass http://localhost:${FEDWIKI_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' client_max_body_size 1M;';
echo ' }';
echo '}'; } >> "$fedwiki_nginx_file"
sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
function_check create_site_certificate
create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
function_check nginx_ensite
nginx_ensite "$FEDWIKI_DOMAIN_NAME"
}
function install_fedwiki {
# shellcheck disable=SC2153
if [[ "$VARIANT" == "mesh"* ]]; then
return
fi
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
echo $'The fedwiki domain name was not specified'
exit 89
fi
increment_app_install_progress
if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
fi
if [ ! -d $FEDWIKI_DATA ]; then
mkdir -p $FEDWIKI_DATA
fi
increment_app_install_progress
groupadd fedwiki
useradd -c "Fedwiki system account" -d $FEDWIKI_DATA -m -r -g fedwiki fedwiki
if [ -d $FEDWIKI_DATA/Maildir ]; then
rm -rf $FEDWIKI_DATA/Maildir
fi
increment_app_install_progress
function_check install_nodejs
install_nodejs fedwiki
increment_app_install_progress
$INSTALL_PACKAGES fonts-font-awesome
increment_app_install_progress
if ! npm install -g wiki@$FEDWIKI_VERSION; then
echo $'Failed to install fedwiki'
exit 62
fi
increment_app_install_progress
if ! npm install -g wiki-security-friends@0.1.0; then
echo $'Failed to install wiki-security-friends'
exit 78
fi
increment_app_install_progress
if [ ! -f /root/.npm-global/bin/wiki ]; then
echo $'wiki was not installed'
exit 52
fi
increment_app_install_progress
if [ ! -d /root/.npm-global/lib/node_modules/wiki ]; then
echo $'wiki directory not found /root/.npm-global/lib/node_modules/wiki'
exit 62
fi
increment_app_install_progress
FEDWIKI_ONION_HOSTNAME=$(add_onion_service fedwiki 80 ${FEDWIKI_ONION_PORT})
increment_app_install_progress
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
FEDWIKI_COOKIE="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! "$FEDWIKI_COOKIE" ]; then
FEDWIKI_COOKIE="$(create_password 20)"
fi
fi
cp -r /root/.npm-global/lib/node_modules/wiki /var/lib
cp /root/.npm-global/bin/wiki /var/lib/wiki
chown -R fedwiki:fedwiki /var/lib/wiki
increment_app_install_progress
{ echo '[Unit]';
echo 'Description=Fedwiki federated wiki';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=fedwiki';
echo 'Group=fedwiki';
echo "WorkingDirectory=/var/lib/wiki";
echo "ExecStart=/var/lib/wiki/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
echo 'StandardOutput=syslog';
echo 'StandardError=syslog';
echo 'SyslogIdentifier=fedwiki';
echo 'Restart=always';
echo "Environment=NODE_ENV=production";
echo 'PrivateTmp=true';
echo 'PrivateDevices=false';
echo 'NoNewPrivileges=true';
echo 'CapabilityBoundingSet=~CAP_SYS_ADMIN';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service
if [ ! -d ${FEDWIKI_DATA}/status ]; then
mkdir -p ${FEDWIKI_DATA}/status
fi
fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
{ echo '{';
echo " \"name\": \"${MY_USERNAME}\",";
echo ' "friend": {';
echo " \"secret\": \"${FEDWIKI_COOKIE}\"";
echo ' }';
echo '}'; } > $fedwiki_auth_file
chown -R fedwiki:fedwiki $FEDWIKI_DATA
fedwiki_setup_web
increment_app_install_progress
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"
function_check add_ddns_domain
add_ddns_domain "$FEDWIKI_DOMAIN_NAME"
fedwiki_remove_bad_links
increment_app_install_progress
systemctl enable fedwiki
increment_app_install_progress
systemctl daemon-reload
increment_app_install_progress
systemctl start fedwiki
increment_app_install_progress
systemctl restart nginx
set_completion_param "fedwiki domain" "$FEDWIKI_DOMAIN_NAME"
set_completion_param "fedwiki version" "$FEDWIKI_VERSION"
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0