From 70b0430bc54d55d172914af3b26a019872dec390 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 12 Dec 2017 16:35:14 +0000
Subject: [PATCH] Enable web user interface for git ssb via scuttlebot app

---
 src/freedombone-app-scuttlebot | 99 +++++++++++++++++++++++++++++++++-
 src/freedombone-mesh-batman    |  4 ++
 2 files changed, 102 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-app-scuttlebot b/src/freedombone-app-scuttlebot
index cdfe64408..03b1e4214 100755
--- a/src/freedombone-app-scuttlebot
+++ b/src/freedombone-app-scuttlebot
@@ -35,8 +35,13 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
 SHOW_ICANN_ADDRESS_ON_ABOUT=0
 
+SCUTTLEBOT_DOMAIN_NAME=
+SCUTTLEBOT_CODE=
 SCUTTLEBOT_VERSION='10.4.6'
 SCUTTLEBOT_PORT=8010
+SCUTTLEBOT_ONION_PORT=8623
+GIT_SSB_PORT=7718
+NGINX_GIT_SSB_PORT=7719
 
 scuttlebot_variables=(MY_USERNAME
                       DEFAULT_DOMAIN_NAME
@@ -91,7 +96,13 @@ function add_user_scuttlebot {
 }
 
 function install_interactive_scuttlebot {
-    echo -n ''
+    if [[ $ONION_ONLY != "no" ]]; then
+        SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
+        write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
+    else
+        function_check interactive_site_details
+        interactive_site_details scuttlebot
+    fi
     APP_INSTALLED=1
 }
 
@@ -180,6 +191,10 @@ function restore_remote_scuttlebot {
 
 function remove_scuttlebot {
     firewall_remove ${SCUTTLEBOT_PORT}
+    firewall_remove ${GIT_SSB_PORT}
+
+    nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
+    rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
 
     systemctl stop scuttlebot
     systemctl disable scuttlebot
@@ -196,7 +211,81 @@ function remove_scuttlebot {
     sed -i '/scuttlebot /d' $COMPLETION_FILE
 }
 
+function scuttlebot_git_setup {
+    if [[ "$1" == "mesh" ]]; then
+        git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
+        echo 'server {' > $git_ssb_nginx_site
+        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
+        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
+        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
+        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
+        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+    else
+        git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
+        function_check nginx_http_redirect
+        nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
+        echo 'server {' >> $git_ssb_nginx_site
+        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
+        echo '  listen [::]:443 ssl;' >> $git_ssb_nginx_site
+        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        function_check nginx_compress
+        nginx_compress $SCUTTLEBOT_DOMAIN_NAME
+        echo '' >> $git_ssb_nginx_site
+        echo '  # Security' >> $git_ssb_nginx_site
+        function_check nginx_ssl
+        nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
+
+        function_check nginx_disable_sniffing
+        nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
+    fi
+
+    echo '' >> $git_ssb_nginx_site
+    echo '  location = / {' >> $git_ssb_nginx_site
+    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
+    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
+    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
+    echo '  }' >> $git_ssb_nginx_site
+    echo '}' >> $git_ssb_nginx_site
+
+    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
+        echo '' >> $git_ssb_nginx_site
+        echo 'server {' >> $git_ssb_nginx_site
+        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
+        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
+        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
+        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
+        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  location = / {' >> $git_ssb_nginx_site
+        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
+        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
+        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
+        echo '  }' >> $git_ssb_nginx_site
+        echo '}' >> $git_ssb_nginx_site
+    fi
+    nginx_ensite git_ssb
+}
+
 function mesh_install_scuttlebot {
+    SCUTTLEBOT_ONION_HOSTNAME=
+
     get_npm_arch
 
     cat <<EOF > $rootdir/usr/bin/install_scuttlebot
@@ -238,6 +327,8 @@ EOF
     echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
     echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
     echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
+
+    scuttlebot_git_setup mesh
 }
 
 function install_scuttlebot {
@@ -316,6 +407,12 @@ function install_scuttlebot {
     systemctl restart scuttlebot.service
 
     firewall_add scuttlebot ${SCUTTLEBOT_PORT}
+    firewall_add git_ssb ${GIT_SSB_PORT}
+
+
+    SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
+    scuttlebot_git_setup
+    systemctl restart nginx
 
     if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
         echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index e44d58e76..63015531f 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -71,6 +71,8 @@ TOX_PORT=33445
 TRACKER_PORT=6969
 LIBREVAULT_PORT=42345
 TAHOELAFS_PORT=50213
+GIT_SSB_PORT=7718
+NGINX_GIT_SSB_PORT=7719
 
 # Ethernet bridge definition (bridged to bat0)
 BRIDGE=br-mesh
@@ -178,6 +180,7 @@ function stop {
     iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
     iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
     # SSB/Scuttlebot/Patchwork
+    iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
     iptables -D INPUT -p udp --dport 8008 -j ACCEPT
     iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@@ -450,6 +453,7 @@ function start {
     iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
     iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
     # SSB/Scuttlebot/Patchwork
+    iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
     iptables -A INPUT -p udp --dport 8008 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
-- 
GitLab