Skip to content
Snippets Groups Projects
Commit ea938b99 authored by Bob Mottram's avatar Bob Mottram
Browse files

Add zap

parent c9844da8
No related branches found
No related tags found
No related merge requests found
......@@ -51,6 +51,7 @@
| [[./help_syncthing.html][Syncthing]] - Synchronise files across all of your devices. |
| [[./help_turtl.html][Turtl]] - Privately create and share notes and images. |
| [[./help_xmpp.html][XMPP]] - Chat server. |
| [[./help_zap.html][Zap]] - Nomadic social network server |
#+END_CENTER
* Apps available via ssh
......
img/android-app/zap.png

22.5 KiB

#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Zap application
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim social'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
NOT_ON_ONION=1
ZAP_DOMAIN_NAME=
ZAP_CODE=
ZAP_ONION_PORT=8193
ZAP_REPO="https://framagit.org/macgirvin/osada"
ZAP_COMMIT='20f7479b83da8d3735a32ffd2d2e19cb4087bf6a'
ZAP_ADDONS_REPO="https://framagit.org/macgirvin/osada-addons"
ZAP_ADDONS_COMMIT='21099cbb65cc7a58e9ab1e7c2dba05ed510d1e86'
ZAP_ADMIN_PASSWORD=
ZAP_SHORT_DESCRIPTION=$'Nomadic social network server'
ZAP_DESCRIPTION=$'Zap is a full featured social network application running under the Zot6 protocol. It provides enhanced privacy modes and identity/content mirroring across multiple servers ("nomadic identity").'
ZAP_MOBILE_APP_URL='https://f-droid.org/en/packages/com.dfa.hubzilla_android/'
zap_variables=(ONION_ONLY
ZAP_DOMAIN_NAME
ZAP_CODE
DDNS_PROVIDER
MY_USERNAME)
function logging_on_zap {
echo -n ''
}
function logging_off_zap {
echo -n ''
}
function remove_user_zap {
remove_username="$1"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp zap
}
function add_user_zap {
if [[ $(app_is_installed zap) == "0" ]]; then
echo '0'
return
fi
new_username="$1"
new_user_password="$2"
"${PROJECT_NAME}-pass" -u "$new_username" -a zap -p "$new_user_password"
echo '0'
}
function install_interactive_zap {
if [[ "$ONION_ONLY" != "no" ]]; then
return
fi
function_check interactive_site_details
interactive_site_details zap
APP_INSTALLED=1
}
function change_password_zap {
# ZAP_USERNAME="$1"
ZAP_PASSWORD="$2"
if [ ${#ZAP_PASSWORD} -lt 8 ]; then
echo $'Hubzilla password is too short'
return
fi
# TODO: This doesn't actually change the password
#${PROJECT_NAME}-pass -u $ZAP_USERNAME -a zap -p "$ZAP_PASSWORD"
}
function zap_create_database {
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
ZAP_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
fi
if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
ZAP_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a zap -p "$ZAP_ADMIN_PASSWORD"
if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database zap "$ZAP_ADMIN_PASSWORD"
}
function reconfigure_zap {
echo -n ''
}
function upgrade_zap {
CURR_ZAP_COMMIT=$(get_completion_param "zap commit")
if [[ "$CURR_ZAP_COMMIT" == "$ZAP_COMMIT" ]]; then
return
fi
ZAP_PATH=/var/www/$ZAP_DOMAIN_NAME/htdocs
function_check set_repo_commit
set_repo_commit "$ZAP_PATH" "zap commit" "$ZAP_COMMIT" $ZAP_REPO
set_repo_commit "$ZAP_PATH/addon" "zap addons commit" "$ZAP_ADDONS_COMMIT" $ZAP_ADDONS_REPO
}
function backup_local_zap {
zap_path=/var/www/${ZAP_DOMAIN_NAME}/htdocs
if [ -d "$zap_path" ]; then
function_check backup_database_to_usb
backup_database_to_usb zap
backup_directory_to_usb "$zap_path" zap
fi
}
function restore_local_zap {
temp_restore_dir=/root/tempzap
zap_dir=/var/www/${ZAP_DOMAIN_NAME}/htdocs
function_check zap_create_database
zap_create_database
restore_database zap "${ZAP_DOMAIN_NAME}"
if [ -d "$USB_MOUNT/backup/zap" ]; then
if [ ! -d "$zap_dir/store/[data]/smarty3" ]; then
mkdir -p "$zap_dir/store/[data]/smarty3"
fi
chmod 1777 "$zap_dir/store/[data]/smarty3"
chown -R www-data:www-data "$zap_dir/"*
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$ZAP_PATH/.htconfig.php"
MARIADB_PASSWORD=
fi
}
function backup_remote_zap {
echo -n ''
}
function restore_remote_zap {
echo -n ''
}
function remove_zap {
if [ ${#ZAP_DOMAIN_NAME} -eq 0 ]; then
return
fi
nginx_dissite "$ZAP_DOMAIN_NAME"
remove_certs "${ZAP_DOMAIN_NAME}"
if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
rm -rf "/var/www/$ZAP_DOMAIN_NAME"
fi
if [ -f "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
fi
function_check drop_database
drop_database zap
function_check remove_onion_service
remove_onion_service zap ${ZAP_ONION_PORT}
sed -i '/zap/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain "$ZAP_DOMAIN_NAME"
}
function install_zap {
if [ ! "$ZAP_DOMAIN_NAME" ]; then
return
fi
if [[ "$ONION_ONLY" != "no" ]]; then
echo $"Hubzilla won't work on an onion address"
exit 529925
fi
ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
function_check install_mariadb
install_mariadb
if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
remove_zap
fi
function_check get_mariadb_password
get_mariadb_password
function_check repair_databases_script
repair_databases_script
$INSTALL_PACKAGES php-common php-cli php-curl php-gd php-mysql php-mcrypt git
$INSTALL_PACKAGES php-dev imagemagick php-imagick libfcgi0ldbl
$INSTALL_PACKAGES php-memcached memcached
if [ ! -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
mkdir "/var/www/$ZAP_DOMAIN_NAME"
fi
if [ ! -d "$ZAP_PATH" ]; then
mkdir -p "$ZAP_PATH"
fi
if [ ! -f "$ZAP_PATH/index.php" ]; then
if [ -d /repos/zap ]; then
mkdir -p "$ZAP_PATH"
cp -r -p /repos/zap/. "$ZAP_PATH"
cd "$ZAP_PATH" || exit 245672478
git pull
else
function_check git_clone
git_clone "$ZAP_REPO" "$ZAP_PATH"
fi
git checkout "$ZAP_COMMIT" -b "$ZAP_COMMIT"
set_completion_param "zap commit" "$ZAP_COMMIT"
if [ -d /repos/zap-addons ]; then
mkdir -p "$ZAP_PATH/addon"
cp -r -p /repos/zap-addons/. "$ZAP_PATH/addon"
cd "$ZAP_PATH/addon" || exit 24682464
git pull
else
git_clone "$ZAP_ADDONS_REPO" "$ZAP_PATH/addon"
fi
cd "$ZAP_PATH/addon" || exit 24982468
git checkout "$ZAP_ADDONS_COMMIT" -b "$ZAP_ADDONS_COMMIT"
set_completion_param "zap addons commit" "$ZAP_ADDONS_COMMIT"
chown -R www-data:www-data "$ZAP_PATH"
fi
if [ ! -f "$ZAP_PATH/install/schema_mysql.sql" ]; then
echo $'No database schema found for zap'
exit 252782
fi
ZAP_ONION_HOSTNAME=
if [[ $ONION_ONLY != "no" ]]; then
ZAP_ONION_HOSTNAME=$(add_onion_service zap 80 ${ZAP_ONION_PORT})
fi
zap_create_database
function_check add_ddns_domain
add_ddns_domain "$ZAP_DOMAIN_NAME"
if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect "$ZAP_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root $ZAP_PATH;";
echo " server_name $ZAP_DOMAIN_NAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$ZAP_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$ZAP_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$ZAP_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$ZAP_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;';
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
else
{ echo 'server {';
echo " listen 127.0.0.1:${ZAP_ONION_PORT} default_server;";
echo ' port_in_redirect off;';
echo " root $ZAP_PATH;";
echo " server_name $ZAP_ONION_HOSTNAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } > "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
nginx_limits "$ZAP_DOMAIN_NAME"
nginx_security_options "$ZAP_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
nginx_limits "$ZAP_DOMAIN_NAME"
nginx_security_options "$ZAP_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;';
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
fi
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate "$ZAP_DOMAIN_NAME" 'yes'
if [ ! -d "$ZAP_PATH/view/tpl/smarty3" ]; then
mkdir "$ZAP_PATH/view/tpl/smarty3"
fi
if [ ! -d "$ZAP_PATH/store" ]; then
mkdir "$ZAP_PATH/store"
fi
if [ ! -d "$ZAP_PATH/store/[data]" ]; then
mkdir "$ZAP_PATH/store/[data]"
fi
if [ ! -d "$ZAP_PATH/store/[data]/smarty3" ]; then
mkdir "$ZAP_PATH/store/[data]/smarty3"
chmod 1777 "$ZAP_PATH/store/[data]/smarty3"
fi
chmod 1777 "$ZAP_PATH/view/tpl"
chown -R www-data:www-data "$ZAP_PATH/store"
chmod 1777 "$ZAP_PATH/view/tpl/smarty3"
# Ensure that the database gets backed up locally, if remote
# backups are not being used
function_check backup_databases_script_header
backup_databases_script_header
function_check backup_database_local
backup_database_local zap
chown -R www-data:www-data "$ZAP_PATH"
function_check nginx_ensite
nginx_ensite "$ZAP_DOMAIN_NAME"
function_check initialise_database
initialise_database zap "$ZAP_PATH/install/schema_mysql.sql"
# create the config file
{ echo '<?php';
echo "\$db_host = 'localhost';";
echo "\$db_port = '0';";
echo "\$db_user = 'root';";
echo "\$db_pass = '${MARIADB_PASSWORD}';";
echo "\$db_data = 'zap';";
echo "\$db_type = '0';";
echo "\$default_timezone = 'Europe/London';"; } > "$ZAP_PATH/.htconfig.php"
if [[ "$ONION_ONLY" == 'no' ]]; then
echo "\$a->config['system']['baseurl'] = 'https://${ZAP_DOMAIN_NAME}';" >> "$ZAP_PATH/.htconfig.php"
else
echo "\$a->config['system']['baseurl'] = 'http://${ZAP_ONION_HOSTNAME}';" >> "$ZAP_PATH/.htconfig.php"
fi
echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$ZAP_PATH/.htconfig.php"
ZAP_LOCATION_HASH="$(create_password 30)$(create_password 30)$(create_password 30)"
{ echo "\$a->config['system']['location_hash'] = '${ZAP_LOCATION_HASH}';";
echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
echo "\$a->config['system']['register_text'] = '';";
echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
echo "\$a->config['system']['verify_email'] = 1;";
echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
echo "\$a->config['system']['sellpage'] = '';";
echo "\$a->config['system']['max_import_size'] = 200000;";
echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;";
echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$ZAP_PATH/.htconfig.php"
chown www-data:www-data "$ZAP_PATH/.htconfig.php"
chmod 755 "$ZAP_PATH/.htconfig.php"
systemctl restart mariadb
# shellcheck disable=SC2086
systemctl restart php${PHP_VERSION}-fpm
systemctl restart nginx
systemctl restart cron
"${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$ZAP_DOMAIN_NAME" -g zap --public no
set_completion_param "zap domain" "${ZAP_DOMAIN_NAME}"
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"
......@@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Freedombone</title>
<!-- 2018-10-22 Mon 23:10 -->
<!-- 2018-10-25 Thu 12:45 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
......@@ -303,6 +303,10 @@ for the JavaScript code in this tag.
<tr>
<td class="left"><a href="./help_xmpp.html">XMPP</a> - Chat server.</td>
</tr>
<tr>
<td class="left"><a href="./help_zap.html">Zap</a> - Nomadic social network server</td>
</tr>
</tbody>
</table>
</div>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment