WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Compare commits

base: WEBLIB.RE:master
Branches Tags
WEBLIB.RE:master WEBLIB.RE:master_upstream WEBLIB.RE:master_myfork WEBLIB.RE:testing WEBLIB.RE:develop WEBLIB.RE:fix-get-date-without-ntpd-port WEBLIB.RE:fix-1016-vpn-firewall-residual
WEBLIB.RE:v1.4.2 WEBLIB.RE:1.4.1 WEBLIB.RE:1.4.0 WEBLIB.RE:1.3.0 WEBLIB.RE:1.0.1 WEBLIB.RE:1.0.0
..
compare: WEBLIB.RE:master_myfork
Branches Tags
WEBLIB.RE:master WEBLIB.RE:master_upstream WEBLIB.RE:master_myfork WEBLIB.RE:testing WEBLIB.RE:develop WEBLIB.RE:fix-get-date-without-ntpd-port WEBLIB.RE:fix-1016-vpn-firewall-residual
WEBLIB.RE:v1.4.2 WEBLIB.RE:1.4.1 WEBLIB.RE:1.4.0 WEBLIB.RE:1.3.0 WEBLIB.RE:1.0.1 WEBLIB.RE:1.0.0

36 Commits
master ... master_myf

Author SHA1 Message Date
pitchum
0a4403f595 [enh] Purge apt dependencies on remove. 2018-10-12 08:13:42 +02:00
pitchum
d274323de8 [fix] Create a dedicated system user with proper sudo permissions. 
Ref. #41.
 2018-10-12 08:13:31 +02:00
pitchum
cbf0f5a78a [wip] Disabling backup and restore scripts (temporarily). 2018-09-14 07:02:08 +02:00
pitchum
dd8bdad9fa [mod] Release v1.2.1 2018-09-10 15:41:33 +02:00
pitchum
274aa4bd91 [fix] user/group = www-data in php-fpm config. 2018-09-10 15:40:07 +02:00
pitchum
f055b7c69a [mod] Release v1.2.0 2018-09-10 14:16:03 +02:00
pitchum
3b37a0a4aa [fix] upgrade script sets 'final_path' setting. 2018-08-31 10:21:58 +02:00
pitchum
c8496ebd12 Removed hard-coded "vpnadmin" string. 2018-08-31 10:21:58 +02:00
pitchum
2e75787914 Rewriting packages scripts. backup (WIP). 2018-08-31 10:21:58 +02:00
pitchum
f5afd835fc Moar experimental helpers needed. 2018-08-31 10:21:58 +02:00
pitchum
b24e0b2244 Bugfix: revert changes not compatible with stable yunohost. 2018-08-31 10:21:58 +02:00
pitchum
dd26146dc1 Add missing helpers. 
- read_json
- read_manifest
- abort_if_up_to_date
 2018-08-31 10:21:58 +02:00
pitchum
db03e844c1 [mod] upgrade, disable auto-backup/restore 2018-08-31 10:21:58 +02:00
pitchum
590f04c82d [fix] Do not start vpnclient service on first install. 2018-08-31 10:21:58 +02:00
pitchum
51ef23df46 [mod] install and upgrade scripts share some common code. 2018-08-31 10:21:58 +02:00
pitchum
681fe2b58c [mod] backup script rewritten (inspired and adpated from example_ynh). 
Currently neither backup nor restore are useful but are safe enough to
not break the upgrade script. That's what matters for now.
 2018-08-31 10:21:58 +02:00
pitchum
76eacf55fa [fix] upgrade script renames paths to comply with the new ones. 2018-08-31 10:21:58 +02:00
pitchum
6af9492d59 [mod] upgrade script simplified: does nothing except a backup. 2018-08-31 10:21:58 +02:00
pitchum
53c4d6c0dc [mod] Hard-coded occurrences of "vpnadmin" replaced with ${app} (where appropriate). 2018-08-31 10:21:58 +02:00
pitchum
aa7bbd6a4c [mod] Created file check_process for driving CI builds. 2018-08-29 10:40:12 +02:00
pitchum
7800953960 [fix] upgrade script requires some helpers. 
```
Warning: Upgrading app vpnclient...
Warning: ./upgrade: line 35: ynh_abort_if_up_to_date: command not found
Warning: !!
Warning:   vpnclient's script has encountered an error. Its execution was cancelled.
Warning: !!
Warning:
Error: Unable to upgrade vpnclient
```
 2018-08-25 19:24:31 +02:00
ljf (zamentur)
1fc4581106 [fix] Sync the date with http if ntp can't (#37) 
* [fix] Sync the date with http if ntp can't
 2018-06-13 11:30:43 +02:00
ljf (zamentur)
081447008c [fix] Let VPN mount (#38) 2018-05-22 09:43:35 +02:00
Bastien
24ff5a8687 travis improvement 
with manifest check JSON
 2018-05-13 12:33:59 +02:00
agentcobra
a55574ac9b Update README.md 
add integration from jenkins
 2018-05-13 11:48:07 +02:00
Sebastien Badia
9c736b4804 doc: s/NextCloud/LaBriqueInterNet VPNclient/ thx agentcorba 2018-05-13 11:38:27 +02:00
Sebastien Badia
3efa16e19e doc: Update syntax (badges) 2018-05-13 11:25:37 +02:00
Sebastien Badia
c4d2bab59c doc: Added install badge 2018-05-13 11:22:56 +02:00
agentcobra
05878ea230 Merge pull request #34 from keomabrun/master 
using new helpers and script formatting
 2018-04-25 20:18:55 +02:00
Keoma Brun
809dc19c80 using new helpers and script formatting 2018-04-09 16:11:08 +02:00
ljf (zamentur)
35f38ec86c [enh] Update version number 2018-04-08 13:55:09 +02:00
ljf (zamentur)
a642a01029 [fix] Add fake-hwclock to avoid RTC 1970 date 
A20 Allwinner seems to have a RTC but i think this one can't work when the board is shutdown (during several minutes/hours/days ?).  This package register the last date and set it early in the boot process.
 2018-04-08 13:55:09 +02:00
ljf (zamentur)
5654b6d0b2 [fix] ntpd blocked cause firewall to strict 2018-04-08 13:54:28 +02:00
agentcobra
b34644c729 Update upgrade 
quick fix for ci building failling
 2018-04-06 13:09:02 +02:00
Sebastien Badia
c9d7537387 cr: Update notifications settings 2018-03-23 10:29:24 +01:00
agentcobra
8aab3c7dd2 Package improvement (#31) 
* fix manifest

* fix tabs

* add Services section in manifest

* Fix invalid JSON
open an issue https://dev.yunohost.org/issues/1097

* fix "Impossible de satisfaire les pré-requis pour vpnclient : Paquet «
yunohost-moulinette » inconnu"

* finalisation manifest.json et harmonisation avec
https://yunohost.org/#/packaging_apps_manifest_fr

* ajout de du CI avec .travis.yml

* Update README.md

* lifting manifest.json

* remove exit 0 from scrits and add .gitignore

* fix lint error with exit

* fix #31

* refix #31
 2018-03-23 09:23:57 +01:00
21 changed files with 562 additions and 900 deletions
Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
# Created from https://github.com/YunoHost/example_ynh/blob/master/.gitignore
*~
*.sw[op]

14
.travis.yml Normal file
View File

@@ -0,0 +1,14 @@
language: python
before_script:
- git clone --depth 1 git://github.com/YunoHost/package_linter ../package_linter && cd ../package_linter
- mv ../vpnclient_ynh vpnclient_ynh
script:
- python -m json.tool vpnclient_ynh/manifest.json
- ./package_linter.py vpnclient_ynh
notifications:
email: false
irc:
on_success: always
on_failure: always
channels:
- "irc.geeknode.org#labriqueinter.net-dev"

48
CHANGES.md
View File

@@ -1,48 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is (partially) based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## Unreleasead
## 1.4.1 - 2020-04-04
- [fix] ynh-vpnclient-loadcubefile.sh broken with ssowat 3.7.x (#60)
## 1.4.0 - 2019-03-18
- refactoring scripts
## 1.3.1 - 2018-12-19
- [mod] Bug fixes and code cleaning
## 1.3.0 - 2018-12-02
- [fix] Create a dedicated system user with proper sudo permissions. (#41)
- [fix] CSRF vulnerability (#43)
## 1.2.1 - 2018-09-10
- [fix] user/group = www-data in php-fpm config.
## 1.2.0 - 2018-09-06
- [fix] upgrade script is now functional
- [mod] lots of refactoring to apply app packaging best-practices
## 1.1.1 - 2018-04-06
- [fix] Sync the date with http if ntp can't (#37)
## 0.0.0 - 2016-05-14
First release

15
README.md
View File

@@ -1,8 +1,6 @@
# VPN Client [![Build Status](https://travis-ci.org/labriqueinternet/vpnclient_ynh.svg?branch=master)](https://travis-ci.org/labriqueinternet/vpnclient_ynh) [![Integration level](https://dash.yunohost.org/integration/vpnclient.svg)](https://dash.yunohost.org/appci/app/vpnclient)
# VPN Client [![Build Status](https://travis-ci.org/labriqueinternet/vpnclient_ynh.svg?branch=master)](https://travis-ci.org/labriqueinternet/vpnclient_ynh) [![Integration level](https://dash.yunohost.org/integration/vpnclient.svg)](https://ci-apps.yunohost.org/jenkins/job/vpnclient%20%28Community%29/lastBuild/consoleFull)
[![Install LaBriqueInterNet VPNclient with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=vpnclient)
This YunoHost app is a part of the "[La Brique Internet](http://labriqueinter.net)" project but can be used independently.
## Overview
VPN Client app for [YunoHost](http://yunohost.org/).
@@ -13,6 +11,8 @@ VPN Client app for [YunoHost](http://yunohost.org/).
* Useful to easily move your server anywhere.
* With the [Hotspot app for YunoHost](https://github.com/labriqueinternet/hotspot_ynh), you can broadcast your VPN access by wifi to use a clean internet connection (depending on your VPN provider) on your laptop (or those of your friends) without having to configure it.
This YunoHost app is a part of the "[La Brique Internet](http://labriqueinter.net)" project but can be used independently.
## Features
* Authentication based on certificates or login (or both), with or without shared-secret (*ta.key*)
@@ -24,9 +24,12 @@ VPN Client app for [YunoHost](http://yunohost.org/).
* Strong firewalling (internet access and self-hosted services only available through the VPN)
* Advanced mode for editing the default OpenVPN configuration
* Auto-configuration mode, with [dot cube files](http://internetcu.be/dotcubefiles.html)
* Web interface
* Web interface ([screenshot](https://raw.githubusercontent.com/labriqueinternet/vpnclient_ynh/master/screenshot.png))
## Screenshot
## Prerequisites
![Screenshot of the web interface](https://raw.githubusercontent.com/labriqueinternet/vpnclient_ynh/master/screenshot.png)
* Debian Jessie
* YunoHost >= 2.2.0
* Yunohost-Moulinette >= 2.4.0 (firewalling)
**[BUG REPORTS SHOULD BE OPEN HERE](https://dev.yunohost.org)**

65
check_process
View File

@@ -1,33 +1,40 @@
;; Test complet
; Manifest
domain="domain.tld" (DOMAIN)
path="/vpnconfig" (PATH)
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=0
upgrade=1
upgrade=1 from_commit=623d8a30453a26ee21aa2ce1142674a2ffdb85b9
upgrade=1 from_commit=73aa672346e40fc1857aef7441c449f0bd322082
backup_restore=1
multi_instance=0
incorrect_path=1
port_already_use=0
change_url=0
; pre-install
echo -n "Si j'avais des commandes à exécuter ce serait ici "
; Manifest
domain="domain.tld" (DOMAIN)
path="/vpnconfig" (PATH)
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=0
setup_nourl=0
setup_private=1
setup_public=0
upgrade=1
upgrade=1 from_commit=355b24ea0cd3467d7ba1390ab7d34dd4b2500229
upgrade=1 from_commit=1fc458110660ce775f7613091cde3c5fdcfbe4e6
backup_restore=1
multi_instance=0
incorrect_path=1
port_already_use=0
change_url=0
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
Level 4=na
Level 5=auto
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
Level 1=auto
Level 2=auto
Level 3=auto
Level 4=0
Level 5=auto
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
;;; Options
Email=pitchum@gramaton.org
Notification=down
Notification=down
#;;; Upgrade options
# ; commit=65c382d138596fcb32b4c97c39398815a1dcd4e8
# name=Name of this previous version
# manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&is_public=1&
#

22
conf/nginx.conf → conf/nginx_vpnadmin.conf
View File

@@ -1,41 +1,34 @@
# VPN Client app for YunoHost
# VPN Client app for YunoHost
# Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
# Contribute at https://github.com/labriqueinternet/vpnclient_ynh
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
location <TPL:NGINX_LOCATION> {
alias <TPL:NGINX_REALPATH>;
# Path to source
alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
client_max_body_size 10G;
index index.php;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php5-fpm-<TPL:PHP_NAME>.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 600;
@@ -44,6 +37,5 @@ location __PATH__/ {
fastcgi_param SCRIPT_FILENAME $request_filename;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

3
conf/openvpn_client.conf.tpl
View File

@@ -40,6 +40,3 @@ log-append /var/log/openvpn-client.log
# Routing
route-ipv6 2000::/3
redirect-gateway def1 bypass-dhcp
# Cipher
cipher AES-256-CBC

24
conf/php-fpm.conf → conf/phpfpm_vpnadmin.conf
View File

@@ -1,24 +1,24 @@
; VPN Client app for YunoHost
; VPN Client app for YunoHost
; Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
; Contribute at https://github.com/labriqueinternet/vpnclient_ynh
;
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU Affero General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU Affero General Public License for more details.
;
;
; You should have received a copy of the GNU Affero General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
; Start a new pool named 'www'.
; Start a new pool named '<TPL:PHP_NAME>'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
[<TPL:PHP_NAME>]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
@@ -28,7 +28,7 @@
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
listen = /var/run/php5-fpm-<TPL:PHP_NAME>.sock
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
@@ -42,8 +42,8 @@ listen.mode = 0600
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = __USER__
group = __USER__
user = <TPL:PHP_USER>
group = <TPL:PHP_GROUP>
; Choose how the process manager will control the number of child processes.
; Possible Values:
@@ -157,7 +157,7 @@ request_slowlog_timeout = 0
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/[__NAMETOCHANGE__].slow.log
slowlog = /var/log/nginx/<TPL:PHP_NAME>.slow.log
; Set open file descriptor rlimit.
; Default Value: system defined value
@@ -171,7 +171,7 @@ rlimit_core = 0
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = __FINALPATH__
chdir = <TPL:NGINX_REALPATH>
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.

587
conf/ynh-vpnclient
View File

@@ -17,44 +17,8 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
###################################################################################
# Logging helpers #
###################################################################################
LOGFILE="/var/log/ynh-vpnclient.log"
touch $LOGFILE
chown root:root $LOGFILE
chmod 600 $LOGFILE
function success()
{
echo "[ OK ] $1" | tee -a $LOGFILE
}
function info()
{
echo "[INFO] $1" | tee -a $LOGFILE
}
function warn()
{
echo "[WARN] $1" | tee -a $LOGFILE >&2
}
function error()
{
echo "[FAIL] $1" | tee -a $LOGFILE >&2
}
function critical()
{
echo "[CRIT] $1" | tee -a $LOGFILE >&2
exit 1
}
###################################################################################
# IPv6 and route config stuff #
###################################################################################
# Functions
## State functions
has_nativeip6() {
ip -6 route | grep -q default\ via
@@ -64,58 +28,6 @@ has_ip6delegatedprefix() {
[ "${ynh_ip6_addr}" != none ]
}
is_ip6addr_set() {
ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
}
set_ip6addr() {
info "Adding IPv6 from VPN configuration"
ip address add "${ynh_ip6_addr}/128" dev tun0
}
unset_ip6addr() {
info "Removing IPv6 from VPN configuration"
ip address delete "${ynh_ip6_addr}/128" dev tun0
}
#
# Server IPv6 route
#
is_serverip6route_set() {
server_ip6=${1}
if [ -z "${server_ip6}" ]; then
false
else
ip -6 route | grep -q "${server_ip6}/"
fi
}
set_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
info "Adding IPv6 server route"
ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
unset_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
info "Removing IPv6 server route"
ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
###################################################################################
# Hotspot app #
###################################################################################
has_hotspot_app() {
[ -e /tmp/.ynh-hotspot-started ]
}
@@ -126,21 +38,72 @@ is_hotspot_knowme() {
[ "${hotspot_vpnclient}" == yes ]
}
###################################################################################
# DNS rules #
###################################################################################
is_firewall_set() {
wired_device=${1}
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"\
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
}
is_ip6addr_set() {
ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
}
is_serverip6route_set() {
server_ip6=${1}
if [ -z "${server_ip6}" ]; then
false
else
ip -6 route | grep -q "${server_ip6}/"
fi
}
is_dns_set() {
# FIXME : having the ynh_dns0 in the resolv.dnsmasq.conf is not necessarily good enough
# We want it to be the only one (with ynh_dns1) but nowadays for example ARN's resolver is
# in the default list from yunohost...
[ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]\
&& ( grep -q ${ynh_dns0} /etc/resolv.conf || grep -q ${ynh_dns0} /etc/resolv.dnsmasq.conf )
}
set_dns() {
info "Enforcing custom DNS resolvers from vpnclient"
is_openvpn_running() {
systemctl is-active openvpn@client.service &> /dev/null
}
is_running() {
((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
&& ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\
&& is_dns_set && is_firewall_set && is_openvpn_running
}
## Setters
set_ip6addr() {
ip address add "${ynh_ip6_addr}/128" dev tun0
}
set_firewall() {
wired_device=${1}
cp /etc/yunohost/hooks.d/{90-vpnclient.tpl,post_iptable_rules/90-vpnclient}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
yunohost firewall reload
}
set_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
set_dns() {
resolvconf=/etc/resolv.conf
[ -e /etc/resolv.dnsmasq.conf ] && resolvconf=/etc/resolv.dnsmasq.conf
@@ -154,92 +117,7 @@ EOF
bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
}
unset_dns() {
resolvconf=/etc/resolv.conf
[ -e /etc/resolv.dnsmasq.conf ] && resolvconf=/etc/resolv.dnsmasq.conf
info "Removing custom DNS resolvers from vpnclient"
rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
mv "${resolvconf}.ynh" "${resolvconf}"
# FIXME : this situation happened to a user ...
# We could try to force regen the dns conf
# (though for now it's tightly coupled to dnsmasq)
grep -q "^nameserver" "${resolvconf}" || error "${resolvconf} does not have any nameserver line !?"
}
###################################################################################
# Firewall rules management #
###################################################################################
is_firewall_set() {
wired_device=${1}
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"\
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
}
set_firewall() {
info "Adding vpnclient custom rules to the firewall"
wired_device=${1}
cp /etc/yunohost/hooks.d/{90-vpnclient.tpl,post_iptable_rules/90-vpnclient}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
info "Restarting yunohost firewall..."
yunohost firewall reload && success "Firewall restarted!"
}
unset_firewall() {
info "Cleaning vpnclient custom rules from the firewall"
rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
info "Restarting yunohost firewall..."
yunohost firewall reload && success "Firewall restarted!"
}
###################################################################################
# Time sync #
###################################################################################
sync_time() {
info "Now synchronizing time using ntp..."
systemctl stop ntp
timeout 20 ntpd -qg &> /dev/null
# Some networks drop ntp port (udp 123).
# Try to get the date with an http request on the internetcube web site
if [ $? -ne 0 ]; then
info "ntp synchronization failed, falling back to curl method"
http_date=`curl -sD - labriqueinter.net | grep '^Date:' | cut -d' ' -f3-6`
http_date_seconds=`date -d "${http_date}" +%s`
curr_date_seconds=`date +%s`
# Set the new date if it's greater than the current date
# So it does if 1970 year or if old fake-hwclock date is used
if [ $http_date_seconds -ge $curr_date_seconds ]; then
date -s "${http_date}"
fi
fi
systemctl start ntp
}
###################################################################################
# OpenVPN client start/stop procedures #
###################################################################################
is_openvpn_running() {
systemctl is-active openvpn@client.service &> /dev/null
}
start_openvpn() {
ip6_gw=${1}
server_ip6=${2}
@@ -254,10 +132,9 @@ start_openvpn() {
# Unset firewall to let DNS and NTP resolution works
# Firewall is reset after vpn is mounted (more details on #1016)
unset_firewall
sync_time
info "Preparing openvpn configuration..."
cp /etc/openvpn/client.conf{.tpl,}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/openvpn/client.conf
@@ -288,51 +165,61 @@ start_openvpn() {
sed 's|^<TPL:LOGIN_COMMENT>||' -i /etc/openvpn/client.conf
fi
info "Now actually starting OpenVPN client..."
systemctl start openvpn@client.service
}
if [ ! $? -eq 0 ]
then
tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
critical "Failed to start OpenVPN :/"
else
info "OpenVPN client started ... waiting for tun0 interface to show up"
fi
## Unsetters
for attempt in $(seq 0 20)
do
sleep 1
if ip link show dev tun0 &> /dev/null
then
success "tun0 interface is up!"
return 0
fi
done
error "Tun0 interface did not show up ... most likely an issue happening in OpenVPN client ... below is an extract of the log that might be relevant to pinpoint the issue"
tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
stop_openvpn
critical "Failed to start OpenVPN client : tun0 interface did not show up"
unset_ip6addr() {
ip address delete "${ynh_ip6_addr}/128" dev tun0
}
unset_firewall() {
rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
yunohost firewall reload
}
unset_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
unset_dns() {
resolvconf=/etc/resolv.conf
[ -e /etc/resolv.dnsmasq.conf ] && resolvconf=/etc/resolv.dnsmasq.conf
rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
mv "${resolvconf}.ynh" "${resolvconf}"
}
stop_openvpn() {
# FIXME : isn't openvpn@client ? (idk)
info "Stopping OpenVPN service"
systemctl stop openvpn.service
for attempt in $(seq 0 20)
do
if ip link show dev tun0 &> /dev/null
then
info "(Waiting for tun0 to disappear if it was up)"
sleep 1
fi
done
}
###################################################################################
# Yunohost settings interface #
###################################################################################
## Tools
sync_time() {
systemctl stop ntp
timeout 20 ntpd -qg &> /dev/null
# Some networks drop ntp port (udp 123).
# Try to get the date with an http request on the internetcube web site
if [ $? -ne 0 ]; then
http_date=`curl -sD - labriqueinter.net | grep '^Date:' | cut -d' ' -f3-6`
http_date_seconds=`date -d "${http_date}" +%s`
curr_date_seconds=`date +%s`
# Set the new date if it's greater than the current date
# So it does if 1970 year or if old fake-hwclock date is used
if [ $http_date_seconds -ge $curr_date_seconds ]; then
date -s "${http_date}"
fi
fi
systemctl start ntp
}
ynh_setting_get() {
app=${1}
@@ -349,41 +236,36 @@ ynh_setting_set() {
yunohost app setting "${app}" "${setting}" -v "${value}"
}
###################################################################################
# The actual ynh vpnclient management thing #
###################################################################################
is_running() {
((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
&& ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\
&& is_dns_set && is_firewall_set && is_openvpn_running
}
if [ "$1" != restart ]; then
# Restart php-fpm at the first start (it needs to be restarted after the slapd start)
# Restart php5-fpm at the first start (it needs to be restarted after the slapd start)
if [ ! -e /tmp/.ynh-vpnclient-boot ]; then
touch /tmp/.ynh-vpnclient-boot
systemctl restart php7.0-fpm
systemctl restart php5-fpm
fi
# Check configuration consistency
if [[ ! "${1}" =~ stop ]]; then
exitcode=0
if [ ! -e /etc/openvpn/keys/ca-server.crt ]; then
critical "You need a CA server (you can add it through the web admin)"
echo "[WARN] You need a CA server (you can add it through the web admin)"
exitcode=1
fi
empty=$(find /etc/openvpn/keys/ -empty -name credentials &> /dev/null | wc -l)
if [ "${empty}" -gt 0 -a ! -e /etc/openvpn/keys/user.key ]; then
critical "You need either a client certificate, either a username, or both (you can add one through the web admin)"
echo "[WARN] You need either a client certificate, either a username, or both (you can add one through the web admin)"
exitcode=1
fi
[ "${exitcode}" -ne 0 ] && exit ${exitcode}
fi
# Variables
info "Retrieving Yunohost settings... "
echo -n "Retrieving Yunohost settings... "
ynh_service_enabled=$(ynh_setting_get vpnclient service_enabled)
ynh_server_name=$(ynh_setting_get vpnclient server_name)
@@ -403,210 +285,201 @@ if [ "$1" != restart ]; then
new_server_ip6=$(host "${ynh_server_name}" 2> /dev/null | awk '/IPv6/ { print $NF; }')
if [ -z "${new_server_ip6}" ]; then
# FIXME wtf is this hardcoded IP ...
new_server_ip6=$(host "${ynh_server_name}" 80.67.188.188 2> /dev/null | awk '/IPv6/ { print $NF; }')
fi
success "Settings retrieved"
echo "OK"
fi
###################################################################################
# Start / stop / restart / status handling #
###################################################################################
# Script
case "${1}" in
# ########## #
# Starting #
# ########## #
start)
if is_running; then
info "Service is already running"
exit 0
echo "Already started"
elif [ "${ynh_service_enabled}" -eq 0 ]; then
warn "Service is disabled, not starting it"
exit 0
fi
info "[vpnclient] Starting..."
touch /tmp/.ynh-vpnclient-started
# Run openvpn
if is_openvpn_running;
then
info "(openvpn is already running)"
echo "Disabled service"
else
start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
echo "[vpnclient] Starting..."
touch /tmp/.ynh-vpnclient-started
# Run openvpn
if ! is_openvpn_running; then
echo "Run openvpn"
start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
if [ ! $? -eq 0 ]; then
exit 1
fi
i=0; false || while [ $? -ne 0 ]; do
sleep 1 && (( i++ ))
[ ${i} -gt 20 ] && stop_openvpn
[ ${i} -gt 20 ] && exit 1
ip link show dev tun0 &> /dev/null
done
fi
# Check old state of the server ipv6 route
if [ ! -z "${old_server_ip6}" -a ! -z "${old_ip6_gw}" -a ! -z "${old_wired_device}"\
-a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
-o "${new_wired_device}" != "${old_wired_device}" \) ]\
&& is_serverip6route_set "${old_server_ip6}"; then
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
# Set the new server ipv6 route
if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"; then
echo "Set IPv6 server route"
set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
fi
# Set the ipv6 address
if ! has_hotspot_app && has_ip6delegatedprefix && ! is_ip6addr_set; then
echo "Set IPv6 address"
set_ip6addr
fi
# Set host DNS resolvers
if ! is_dns_set; then
echo "Set host DNS resolvers"
set_dns
fi
# Set ipv6/ipv4 firewall
if ! is_firewall_set "${new_wired_device}"; then
echo "Set IPv6/IPv4 firewall"
set_firewall "${new_wired_device}"
fi
# Update dynamic settings
ynh_setting_set vpnclient server_ip6 "${new_server_ip6}"
ynh_setting_set vpnclient ip6_gw "${new_ip6_gw}"
ynh_setting_set vpnclient wired_device "${new_wired_device}"
# Fix configuration
if has_hotspot_app && ! is_hotspot_knowme; then
ynh-hotspot start
fi
fi
# Check old state of the server ipv6 route
if [ ! -z "${old_server_ip6}" -a ! -z "${old_ip6_gw}" -a ! -z "${old_wired_device}"\
-a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
-o "${new_wired_device}" != "${old_wired_device}" \) ]\
&& is_serverip6route_set "${old_server_ip6}"
then
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
# Set the new server ipv6 route
if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"
then
set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
fi
# Set the ipv6 address
if ! has_hotspot_app && has_ip6delegatedprefix && ! is_ip6addr_set
then
set_ip6addr
fi
# Set host DNS resolvers
if ! is_dns_set
then
set_dns
fi
# Set ipv6/ipv4 firewall
if ! is_firewall_set "${new_wired_device}"
then
set_firewall "${new_wired_device}"
fi
# Update dynamic settings
info "Saving settings..."
ynh_setting_set vpnclient server_ip6 "${new_server_ip6}"
ynh_setting_set vpnclient ip6_gw "${new_ip6_gw}"
ynh_setting_set vpnclient wired_device "${new_wired_device}"
# Fix configuration
if has_hotspot_app && ! is_hotspot_knowme; then
info "Now starting the hotspot"
ynh-hotspot start
fi
success "YunoHost VPN client started!"
;;
# ########## #
# Stopping #
# ########## #
stop)
info "[vpnclient] Stopping..."
echo "[vpnclient] Stopping..."
rm -f /tmp/.ynh-vpnclient-started
if ! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set; then
echo "Unset IPv6 address"
unset_ip6addr
fi
if is_serverip6route_set "${old_server_ip6}"; then
echo "Unset IPv6 server route"
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
is_firewall_set "${old_wired_device}" && unset_firewall
if is_firewall_set "${old_wired_device}"; then
echo "Unset IPv6/IPv4 firewall"
unset_firewall
fi
is_dns_set && unset_dns
if is_dns_set; then
echo "Unset forced host DNS resolvers"
unset_dns
fi
is_openvpn_running && stop_openvpn
if is_openvpn_running; then
echo "Stop openvpn"
stop_openvpn
i=0; true && while [ $? -eq 0 ]; do
sleep 1 && (( i++ ))
[ ${i} -gt 20 ] && exit 1
ip link show dev tun0 &> /dev/null
done
fi
# Fix configuration
if has_hotspot_app && is_hotspot_knowme; then
info "Now starting the hotspot"
ynh-hotspot start
fi
;;
# ########## #
# Restart #
# ########## #
restart)
$0 stop
$0 start
;;
# ########## #
# Status #
# ########## #
status)
exitcode=0
if [ "${ynh_service_enabled}" -eq 0 ]; then
error "VPN Client Service disabled"
echo "[ERR] VPN Client Service disabled"
exitcode=1
fi
info "Autodetected internet interface: ${new_wired_device} (last start: ${old_wired_device})"
info "Autodetected IPv6 address for the VPN server: ${new_server_ip6} (last start: ${old_server_ip6})"
echo "[INFO] Autodetected internet interface: ${new_wired_device} (last start: ${old_wired_device})"
echo "[INFO] Autodetected IPv6 address for the VPN server: ${new_server_ip6} (last start: ${old_server_ip6})"
if has_ip6delegatedprefix; then
info "IPv6 delegated prefix found"
info "IPv6 address computed from the delegated prefix: ${ynh_ip6_addr}"
echo "[INFO] IPv6 delegated prefix found"
echo "[INFO] IPv6 address computed from the delegated prefix: ${ynh_ip6_addr}"
if ! has_hotspot_app; then
info "No Hotspot app detected"
echo "[INFO] No Hotspot app detected"
if is_ip6addr_set; then
success "IPv6 address correctly set"
echo "[OK] IPv6 address correctly set"
else
error "No IPv6 address set"
echo "[ERR] No IPv6 address set"
exitcode=1
fi
else
info "Hotspot app detected"
info "No IPv6 address to set"
echo "[INFO] Hotspot app detected"
echo "[INFO] No IPv6 address to set"
fi
else
info "No IPv6 delegated prefix found"
echo "[INFO] No IPv6 delegated prefix found"
fi
if has_nativeip6; then
info "Native IPv6 detected"
info "Autodetected native IPv6 gateway: ${new_ip6_gw} (last start: ${old_ip6_gw})"
echo "[INFO] Native IPv6 detected"
echo "[INFO] Autodetected native IPv6 gateway: ${new_ip6_gw} (last start: ${old_ip6_gw})"
if is_serverip6route_set "${new_server_ip6}"; then
success "IPv6 server route correctly set"
echo "[OK] IPv6 server route correctly set"
else
error "No IPv6 server route set"
echo "[ERR] No IPv6 server route set"
exitcode=1
fi
else
info "No native IPv6 detected"
info "No IPv6 server route to set"
echo "[INFO] No native IPv6 detected"
echo "[INFO] No IPv6 server route to set"
fi
if is_firewall_set "${new_wired_device}"; then
success "IPv6/IPv4 firewall set"
echo "[OK] IPv6/IPv4 firewall set"
else
info "No IPv6/IPv4 firewall set"
echo "[ERR] No IPv6/IPv4 firewall set"
exitcode=1
fi
if is_dns_set; then
success "Host DNS correctly set"
echo "[OK] Host DNS correctly set"
else
error "No host DNS set"
echo "[ERR] No host DNS set"
exitcode=1
fi
if is_openvpn_running; then
success "Openvpn is running"
echo "[OK] Openvpn is running"
else
error "Openvpn is not running"
echo "[ERR] Openvpn is not running"
exitcode=1
fi
exit ${exitcode}
;;
# ########## #
# Halp #
# ########## #
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1

4
conf/ynh-vpnclient-loadcubefile.sh
View File

@@ -86,7 +86,7 @@ ynh_service_enabled=$(ynh_setting vpnclient service_enabled)
# SSO login
curl -D - -skLe "https://${ynh_domain}/yunohost/sso/" --data-urlencode "user=${ynh_user}" --data-urlencode "password=${ynh_password}" "https://${ynh_domain}/yunohost/sso/" --resolve "${ynh_domain}:443:127.0.0.1" -o /dev/null -c "${tmpdir}/cookies" 2> /dev/null | grep -q "set-cookie: SSOwAuthUser=${ynh_user}"
curl -kLe "https://${ynh_domain}/yunohost/sso/" --data-urlencode "user=${ynh_user}" --data-urlencode "password=${ynh_password}" "https://${ynh_domain}/yunohost/sso/" --resolve "${ynh_domain}:443:127.0.0.1" -c "${tmpdir}/cookies" 2> /dev/null | grep -q Logout
if [ $? -ne 0 ]; then
echo "[ERROR] SSO login failed" >&2
@@ -96,7 +96,7 @@ fi
# Upload cube file
output=$(curl -kL -H "X-Requested-With: yunohost-config" -F "service_enabled=${ynh_service_enabled}" -F _method=put -F "cubefile=@${cubefile_path}" "https://${ynh_domain}/${ynh_path}/?/settings" --resolve "${ynh_domain}:443:127.0.0.1" -b "${tmpdir}/cookies" 2> /dev/null | grep RETURN_MSG | sed 's/<!-- RETURN_MSG -->//' | sed 's/<\/?[^>]\+>//g' | sed 's/^ \+//g')
output=$(curl -kL -F "service_enabled=${ynh_service_enabled}" -F _method=put -F "cubefile=@${cubefile_path}" "https://${ynh_domain}/${ynh_path}/?/settings" --resolve "${ynh_domain}:443:127.0.0.1" -b "${tmpdir}/cookies" 2> /dev/null | grep RETURN_MSG | sed 's/<!-- RETURN_MSG -->//' | sed 's/<\/?[^>]\+>//g' | sed 's/^ \+//g')
# Configure IPv6 Delegated Prefix on Hotspot

16
manifest.json
View File

@@ -1,25 +1,27 @@
{
"name": "VPN Client",
"id": "vpnclient",
"version": "1.2.1",
"packaging_format": 1,
"version": "1.4.1",
"description": {
"en": "Tunnel the internet traffic through a VPN",
"fr": "Fais passer le traffic internet à travers un VPN"
"en": "VPN Client",
"fr": "Client VPN"
},
"url": "https://labriqueinter.net",
"url": "https://github.com/labriqueinternet/vpnclient_ynh",
"license": "AGPL-3.0",
"maintainer": {
"name": "pitchum",
"email": "pitchum@users.noreply.github.com"
},
"multi_instance": false,
"requirements": {
"yunohost": ">= 3.2.0"
"yunohost": ">= 2.2.0",
"moulinette": ">= 2.4.0"
},
"multi_instance": false,
"services": [
"nginx",
"php7.0-fpm"
"php5-fpm",
"ynh-vpnclient"
],
"arguments": {
"install": [

179
scripts/_common.sh
View File

@@ -3,11 +3,23 @@
# Common variables and helpers
#
pkg_dependencies="php7.0-fpm sipcalc dnsutils openvpn curl fake-hwclock"
pkg_dependencies="php5-fpm sipcalc dnsutils openvpn curl fake-hwclock"
service_name="ynh-vpnclient"
service_checker_name=$service_name"-checker"
log() {
echo "${1}"
}
info() {
log "[INFO] ${1}"
}
warn() {
log "[WARN] ${1}"
}
err() {
log "[ERR] ${1}"
}
to_logs() {
# When yunohost --verbose or bash -x
@@ -21,7 +33,7 @@ to_logs() {
# Experimental helpers
# Cf. https://github.com/YunoHost-Apps/Experimental_helpers/blob/72b0bc77c68d4a4a2bf4e95663dbc05e4a762a0a/ynh_read_manifest/ynh_read_manifest
read_json () {
python3 -c "import sys, json;print(json.load(open('$1'))['$2'])"
sudo python3 -c "import sys, json;print(json.load(open('$1'))['$2'])"
}
# Experimental helper
@@ -40,20 +52,55 @@ ynh_abort_if_up_to_date () {
version=$(read_json "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" 'version' 2> /dev/null || echo '20160501-7')
last_version=$(read_manifest 'version')
if [ "${version}" = "${last_version}" ]; then
ynh_print_info "Up-to-date, nothing to do"
info "Up-to-date, nothing to do"
ynh_die "" 0
fi
}
# Helper to start/stop/.. a systemd service from a yunohost context,
# *and* the systemd service itself needs to be able to run yunohost
# commands.
#
# Hence the need to release the lock during the operation
#
# usage : ynh_systemctl yolo restart
#
function ynh_systemctl()
{
local ACTION="$1"
local SERVICE="$2"
local LOCKFILE="/var/run/moulinette_yunohost.lock"
# Launch the action
sudo systemctl "$ACTION" "$SERVICE" &
local SYSCTLACTION=$!
# Save and release the lock...
cp $LOCKFILE $LOCKFILE.bkp.$$
rm $LOCKFILE
# Wait for the end of the action
wait $SYSCTLACTION
# Make sure the lock is released...
while [ -f $LOCKFILE ]
do
sleep 0.1
done
# Restore the old lock
mv $LOCKFILE.bkp.$$ $LOCKFILE
}
# Read the value of a key in a ynh manifest file
#
# usage: ynh_read_manifest manifest key
# | arg: manifest - Path of the manifest to read
# | arg: key - Name of the key to find
ynh_read_manifest () {
manifest="$1"
key="$2"
python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])"
manifest="$1"
key="$2"
python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])"
}
# Read the upstream version from the manifest
@@ -66,7 +113,7 @@ ynh_read_manifest () {
ynh_app_upstream_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/~ynh*/}"
@@ -82,7 +129,7 @@ ynh_app_upstream_version () {
ynh_app_package_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/*~ynh/}"
@@ -95,28 +142,28 @@ ynh_app_package_version () {
#
# To force an upgrade, even if the package is up to date,
# you have to set the variable YNH_FORCE_UPGRADE before.
# example: YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
# example: sudo YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
#
# usage: ynh_abort_if_up_to_date
ynh_abort_if_up_to_date () {
local force_upgrade=${YNH_FORCE_UPGRADE:-0}
local package_check=${PACKAGE_CHECK_EXEC:-0}
local force_upgrade=${YNH_FORCE_UPGRADE:-0}
local package_check=${PACKAGE_CHECK_EXEC:-0}
local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0)
local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0)
if [ "$version" = "$last_version" ]
then
if [ "$force_upgrade" != "0" ]
then
echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2
unset YNH_FORCE_UPGRADE
elif [ "$package_check" != "0" ]
then
echo "Upgrade forced for package check." >&2
else
ynh_die "Up-to-date, nothing to do" 0
fi
fi
local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0)
local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0)
if [ "$version" = "$last_version" ]
then
if [ "$force_upgrade" != "0" ]
then
echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2
unset YNH_FORCE_UPGRADE
elif [ "$package_check" != "0" ]
then
echo "Upgrade forced for package check." >&2
else
ynh_die "Up-to-date, nothing to do" 0
fi
fi
}
# Operations needed by both 'install' and 'upgrade' scripts
@@ -124,9 +171,7 @@ function vpnclient_deploy_files_and_services()
{
local domain=$1
local app=$2
local service_name=$3
local sysuser="${app}"
local service_checker_name="$service_name-checker"
# Ensure vpnclient_ynh has its own system user
if ! ynh_system_user_exists ${sysuser}
@@ -134,72 +179,70 @@ function vpnclient_deploy_files_and_services()
ynh_system_user_create ${sysuser}
fi
# Ensure the system user has enough permissions
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
# Ensure the system user has enough sudo permissions
sudo install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
ynh_replace_string "__VPNCLIENT_SYSUSER__" "${sysuser}" /etc/sudoers.d/${app}_ynh
# Install IPv6 scripts
install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
# Install command-line cube file loader
install -o root -g root -m 0755 ../conf/$service_name-loadcubefile.sh /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient-loadcubefile.sh /usr/local/bin/
# Copy confs
mkdir -pm 0755 /var/log/nginx/
chown root:${sysuser} /etc/openvpn/
chmod 775 /etc/openvpn/
mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
sudo mkdir -pm 0755 /var/log/nginx/
sudo chown root:${sysuser} /etc/openvpn/
sudo chmod 775 /etc/openvpn/
sudo mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
sudo install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf
sudo install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
sudo install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
# Copy web sources
mkdir -pm 0755 /var/www/${app}/
cp -a ../sources/* /var/www/${app}/
sudo mkdir -pm 0755 /var/www/${app}/
sudo cp -a ../sources/* /var/www/${app}/
chown -R root: /var/www/${app}/
chmod -R 0644 /var/www/${app}/*
find /var/www/${app}/ -type d -exec chmod +x {} \;
sudo chown -R root: /var/www/${app}/
sudo chmod -R 0644 /var/www/${app}/*
sudo find /var/www/${app}/ -type d -exec chmod +x {} \;
# Create certificates directory
mkdir -pm 0770 /etc/openvpn/keys/
chown root:${sysuser} /etc/openvpn/keys/
sudo mkdir -pm 0770 /etc/openvpn/keys/
sudo chown root:${sysuser} /etc/openvpn/keys/
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Configuring nginx web server..."
ynh_add_nginx_config
sudo sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
sudo sed "s|<TPL:NGINX_REALPATH>|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
sudo sed "s|<TPL:PHP_NAME>|${app}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Configuring php-fpm..."
ynh_add_fpm_config
#=================================================
sudo sed "s|<TPL:PHP_NAME>|${app}|g" -i /etc/php5/fpm/pool.d/${app}.conf
sudo sed "s|<TPL:PHP_USER>|${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf
sudo sed "s|<TPL:PHP_GROUP>|${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf
sudo sed "s|<TPL:NGINX_REALPATH>|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/${app}.conf
# Fix sources
ynh_replace_string "__PATH__" "${path_url}" "/var/www/${app}/config.php"
sudo sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i /var/www/${app}/config.php
# Copy init script
install -o root -g root -m 0755 ../conf/$service_name /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/
# Copy checker timer
install -o root -g root -m 0755 ../conf/$service_checker_name.sh /usr/local/bin/
install -o root -g root -m 0644 ../conf/$service_checker_name.timer /etc/systemd/system/
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient-checker.sh /usr/local/bin/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.service /etc/systemd/system/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.timer /etc/systemd/system/
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info "Configuring a systemd service..."
ynh_add_systemd_config $service_name "$service_name.service"
ynh_add_systemd_config $service_checker_name "$service_checker_name.service"
sudo systemctl daemon-reload
}

61
scripts/backup
View File

@@ -1,12 +1,20 @@
#!/bin/bash
echo "backup script is not implemented"
exit 0
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@@ -19,7 +27,20 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME
@@ -31,53 +52,29 @@ domain=$(ynh_app_setting_get $app domain)
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info "Backing up the main app directory..."
ynh_backup "$final_path"
ynh_backup "/etc/sudoers.d/${app}_ynh"
ynh_backup "/usr/local/bin/ipv6_expanded"
ynh_backup "/usr/local/bin/ipv6_compressed"
ynh_backup "/usr/local/bin/$service_name-loadcubefile.sh"
ynh_backup "/etc/yunohost/hooks.d/90-vpnclient.tpl"
ynh_backup "/etc/openvpn/client.conf.tpl"
ynh_backup "/etc/openvpn/client.conf.tpl.restore"
ynh_backup "/etc/openvpn/keys/"
ynh_backup "/usr/local/bin/$service_name"
ynh_backup "/usr/local/bin/$service_checker_name.sh"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info "Backing up nginx web server configuration..."
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/$domain.d/${app}.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Backing up php-fpm configuration..."
ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_print_info "Backing up systemd configuration..."
ynh_backup "/etc/systemd/system/$service_name.service"
ynh_backup "/etc/systemd/system/$service_checker_name.service"
ynh_backup "/etc/systemd/system/$service_checker_name.timer"
ynh_backup "/etc/systemd/system/openvpn@.service"
ynh_backup "/etc/systemd/system/ynh-vpnclient.service"
ynh_backup "/etc/systemd/system/ynh-vpnclient-checker.service"
ynh_backup "/etc/systemd/system/ynh-vpnclient-checker.timer"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
ynh_backup "/etc/cron.d/$app"

55
scripts/install
View File

@@ -38,26 +38,30 @@ ynh_abort_if_errors
#=================================================
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$(ynh_normalize_url_path "$YNH_APP_ARG_PATH")
domain=$1
path_url=$2
app=$YNH_APP_INSTANCE_NAME
final_path="/var/www/$app"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info "Validating installation parameters..."
# Check destination directory
final_path="/var/www/$app"
test ! -e "$final_path" || ynh_die "Path is already in use: ${final_path}."
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path "$path_url")
# Check web path availability
ynh_webpath_available "$domain" "$path_url"
# Register (book) web path
ynh_webpath_register "$app" "$domain" "$path_url"
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info "Storing installation settings..."
ynh_app_setting_set "$app" domain "$domain"
ynh_app_setting_set "$app" final_path "$final_path"
@@ -67,46 +71,37 @@ ynh_app_setting_set "$app" final_path "$final_path"
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# DEPLOY FILES FROM PACKAGE
#=================================================
ynh_print_info "Deploy files from package..."
vpnclient_deploy_files_and_services "${domain}" "${app}" "${service_name}"
vpnclient_deploy_files_and_services "${domain}" "${app}"
ynh_app_setting_set $app final_path $final_path
#=================================================
# RELOAD SERVICES
#=================================================
ynh_print_info "Reloading services..."
# Set default inits
# The boot order of these services are important, so they are disabled by default
# and the vpnclient service handles them.
systemctl disable openvpn
systemctl stop openvpn
# and the ynh-vpnclient service handles them.
sudo systemctl disable openvpn
sudo systemctl stop openvpn
systemctl restart php7.0-fpm
systemctl reload nginx
sudo systemctl enable php5-fpm
sudo systemctl restart php5-fpm
# main service
sudo systemctl reload nginx
yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock
yunohost service enable $service_name
sudo systemctl enable ynh-vpnclient
sudo yunohost service add ynh-vpnclient
# checker service
ynh_systemctl start ynh-vpnclient-checker.service
sudo systemctl enable ynh-vpnclient-checker.service
ynh_systemctl start ynh-vpnclient-checker.timer
sudo systemctl enable ynh-vpnclient-checker.timer
yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock
yunohost service start $service_checker_name
yunohost service enable $service_checker_name
systemctl start $service_checker_name.timer
systemctl enable $service_checker_name.timer
#=================================================
# END OF SCRIPT
#=================================================
sudo yunohost app ssowatconf
ynh_print_info "Installation of $app completed"

104
scripts/remove
View File

@@ -29,96 +29,42 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
#=================================================
# STOP AND REMOVE SERVICES
#=================================================
ynh_print_info "Stopping and removing services"
# The End
ynh_systemctl stop ynh-vpnclient-checker.service
sudo systemctl disable ynh-vpnclient-checker.service
ynh_systemctl stop ynh-vpnclient-checker.timer && sleep 1
sudo systemctl disable ynh-vpnclient-checker.timer
ynh_systemctl stop ynh-vpnclient
sudo systemctl disable ynh-vpnclient
sudo yunohost service remove ynh-vpnclient
sudo rm -f /etc/systemd/system/ynh-vpnclient* /usr/local/bin/ynh-vpnclient*
sudo rm -f /tmp/.ynh-vpnclient-*
yunohost service stop $service_checker_name
yunohost service disable $service_checker_name
yunohost service remove $service_checker_name
systemctl stop $service_checker_name.timer && sleep 1
systemctl disable $service_checker_name.timer
# Remove confs
sudo rm -f /etc/openvpn/client.conf{.tpl,.tpl.restore,}
sudo rm -f /etc/nginx/conf.d/${domain}.d/${app}.conf
sudo rm -f /etc/php5/fpm/pool.d/${app}.conf
sudo rm -f /etc/yunohost/hooks.d/90-vpnclient.tpl
sudo rm -f /etc/systemd/system/openvpn@.service
yunohost service stop $service_name
yunohost service disable $service_name
yunohost service remove $service_name
# Remove certificates
sudo rm -rf /etc/openvpn/keys/
for FILE in $(ls /etc/systemd/system/$service_name* /usr/local/bin/ynh-vpnclient* /tmp/.ynh-vpnclient-*)
do
ynh_secure_remove "$FILE"
done
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info "Removing nginx web server configuration"
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Removing php-fpm configuration"
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# SPECIFIC REMOVE
#================================================
ynh_print_info "Removing openvpn configuration"
# Remove openvpn configurations
ynh_secure_remove /etc/openvpn/client.conf
ynh_secure_remove /etc/openvpn/client.conf.tpl
ynh_secure_remove /etc/openvpn/client.conf.tpl.restore
# Remove YunoHost hook
ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl
# Remove openvpn service
ynh_secure_remove /etc/systemd/system/openvpn@.service
# Remove openvpn certificates
ynh_secure_remove /etc/openvpn/keys
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info "Removing dependencies"
# Remove packages
ynh_remove_app_dependencies
# Remove sources
ynh_secure_remove "/var/www/${app}"
# Reload systemd configuration
systemctl daemon-reload
# Restart services
# (this must happen before deleting the user, otherwise the user is
# being used by one of the php pool process)
systemctl restart php7.0-fpm
systemctl reload nginx
sudo systemctl restart php5-fpm
sudo systemctl reload nginx
#=================================================
# REMOVE DEDICATED USER
#=================================================
# Remove sources
sudo rm -rf /var/www/${app}/
ynh_print_info "Removing the dedicated system user"
# Delete a system user
# Removed system user
ynh_system_user_delete ${app}
ynh_secure_remove "/etc/sudoers.d/${app}_ynh"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Removal of $app completed"

136
scripts/restore
View File

@@ -1,12 +1,17 @@
#!/bin/bash
#=================================================
# GENERIC START
echo "restore script is not implemented"
exit 0
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
if [ ! -e _common.sh ]; then
# Fetch helpers file if not in current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@@ -16,121 +21,24 @@ source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading settings..."
#sysuser="${app}"
sysuser="vpnclient" # XXX hard-coded variable
app=$YNH_APP_INSTANCE_NAME
backup_dir="${1}/apps/vpnclient"
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
sudo mkdir -p /etc/openvpn/
sudo cp -a "${backup_dir}/keys/" /etc/openvpn/
sudo cp -a "${backup_dir}/client.conf.tpl" /etc/openvpn/
sudo chown -R root:${sysuser} /etc/openvpn/keys/
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info "Validating restoration parameters..."
gitcommit=$(sudo grep revision /etc/yunohost/apps/vpnclient/status.json | sed 's/.*"revision": "\([^"]\+\)".*/\1/')
tmpdir=$(mktemp -dp /tmp/ vpnclient-restore-XXXXX)
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
git clone https://github.com/labriqueinternet/vpnclient_ynh.git "${tmpdir}/"
git --work-tree "${tmpdir}/" --git-dir "${tmpdir}/.git/" reset --hard "${gitcommit}"
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
cd "${tmpdir}/scripts/"
bash ./upgrade
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo rm -r "${tmpdir}/"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info "Restoring the app main directory..."
ynh_restore_file "$final_path"
ynh_restore_file "/etc/sudoers.d/${app}_ynh"
ynh_restore_file "/usr/local/bin/ipv6_expanded"
ynh_restore_file "/usr/local/bin/ipv6_compressed"
ynh_restore_file "/usr/local/bin/$service_name-loadcubefile.sh"
ynh_restore_file "/etc/yunohost/hooks.d/90-vpnclient.tpl"
ynh_restore_file "/etc/openvpn/client.conf.tpl"
ynh_restore_file "/etc/openvpn/client.conf.tpl.restore"
ynh_restore_file "/etc/openvpn/keys/"
ynh_restore_file "/usr/local/bin/$service_name"
ynh_restore_file "/usr/local/bin/$service_checker_name.sh"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R $app: $final_path
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_print_info "Reinstalling dependencies..."
# Define and install dependencies
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_print_info "Restoring the systemd configuration..."
ynh_restore_file "/etc/systemd/system/$service_name.service"
ynh_restore_file "/etc/systemd/system/$service_checker_name.service"
ynh_restore_file "/etc/systemd/system/$service_checker_name.timer"
ynh_restore_file "/etc/systemd/system/openvpn@.service"
systemctl daemon-reload
systemctl enable "$service_name.service"
systemctl enable "$service_checker_name.service"
systemctl enable "openvpn@.service"
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock
yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_print_info "Reloading nginx web server and php-fpm..."
systemctl restart php7.0-fpm
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Restoration completed for $app"

75
scripts/upgrade
View File

@@ -12,7 +12,6 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@@ -20,6 +19,7 @@ domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
server_name=$(ynh_app_setting_get $app server_name)
#=================================================
# SPECIAL UPGRADE FOR VERSIONS < 1.2.0
@@ -27,20 +27,16 @@ final_path=$(ynh_app_setting_get $app final_path)
# Apply renaming that occured in v1.2.0 ("vpnadmin" -> "${app}")
if [ -f /etc/nginx/conf.d/${domain}.d/vpnadmin.conf ]; then
ynh_replace_string "/var/www/vpnadmin/" "/var/www/${app}/" "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
ynh_replace_string "vpnadmin.sock" "${app}.sock" "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed "s|vpnadmin.sock|${app}.sock|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
mv /etc/nginx/conf.d/${domain}.d/vpnadmin.conf /etc/nginx/conf.d/${domain}.d/${app}.conf
fi
if [ -f /etc/php5/fpm/pool.d/vpnadmin.conf ]; then
ynh_replace_string "/var/www/vpnadmin/" "/var/www/${app}/" /etc/php5/fpm/pool.d/vpnadmin.conf
ynh_replace_string "vpnadmin.sock" "${app}.sock" /etc/php5/fpm/pool.d/vpnadmin.conf
mv /etc/php5/fpm/pool.d/vpnadmin.conf /etc/php/7.0/fpm/pool.d/${app}.conf
fi
if [ -d /var/www/vpnadmin ]; then
mv /var/www/vpnadmin /var/www/${app}
sudo sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed "s|vpnadmin.sock|${app}.sock|g" -i /etc/php5/fpm/pool.d/vpnadmin.conf
mv /etc/php5/fpm/pool.d/vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf
fi
test -d /var/www/vpnadmin && mv /var/www/vpnadmin /var/www/${app}
## Versions known to have a buggy backup script
#buggy_versions="1.0.0 1.0.1 1.1.0"
@@ -58,14 +54,13 @@ fi
# ynh_restore_upgradebackup
#}
## Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#ynh_abort_if_errors
#=================================================
# DO UPGRADE
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies "$pkg_dependencies"
@@ -75,60 +70,20 @@ ynh_install_app_dependencies "$pkg_dependencies"
# Keep a copy of existing config files before overwriting them
tmpdir=$(mktemp -d /tmp/vpnclient-upgrade-XXX)
cp -r /etc/openvpn/client* ${tmpdir}
sudo cp -r /etc/openvpn/client* ${tmpdir}
# Deploy files from package
vpnclient_deploy_files_and_services "${domain}" "${app}" "${service_name}"
vpnclient_deploy_files_and_services "${domain}" "${app}"
# Restore previously existing config files
cp -r ${tmpdir}/client* /etc/openvpn/
ynh_secure_remove ${tmpdir}
sudo cp -r ${tmpdir}/client* /etc/openvpn/
sudo rm -rf ${tmpdir}
#=================================================
# RELOAD RELEVANT SERVICES
#=================================================
ynh_print_info "Reload services..."
systemctl reload php7.0-fpm
systemctl reload nginx
ynh_systemctl reload php5-fpm
ynh_systemctl reload nginx
### Make sure that the yunohost services have a description and need-lock enabled
# main service
yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock
# checker service
yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock
# Reload systemd configuration
systemctl daemon-reload
### Restart services
# restart main service if needed
if systemctl is-active $service_name >/dev/null;
then
yunohost service restart $service_name
fi
# restart checker service if needed
if systemctl is-active $service_checker_name >/dev/null;
then
yunohost service restart $service_checker_name
fi
# restart checker service timer
if systemctl is-active $service_name.timer >/dev/null;
then
yunohost service restart $service_checker_name.timer
fi
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Upgrade of $app completed"
ynh_systemctl restart ynh-vpnclient

12
sources/config.php
View File

@@ -1,19 +1,19 @@
<?php
/* VPN Client app for YunoHost
/* VPN Client app for YunoHost
* Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
* Contribute at https://github.com/labriqueinternet/vpnclient_ynh
*
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -22,11 +22,11 @@
function configure() {
option('env', ENV_PRODUCTION);
option('debug', false);
option('base_uri', '__PATH__/');
option('base_uri', '<TPL:NGINX_LOCATION>/');
layout('layout.html.php');
define('PUBLIC_DIR', '__PATH__/public');
define('PUBLIC_DIR', '<TPL:NGINX_LOCATION>/public');
}
// Before routing

5
sources/controller.php
View File

@@ -117,11 +117,6 @@ dispatch('/', function() {
});
dispatch_put('/settings', function() {
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
throw new Exception('CSRF protection');
}
$service_enabled = isset($_POST['service_enabled']) ? 1 : 0;
if($service_enabled == 1) {

32
sources/public/js/custom.js
View File

@@ -28,7 +28,7 @@ function tabsClick() {
return false;
}
function ready() {
$(document).ready(function() {
$('.btn-group').button();
$('[data-toggle="tooltip"]').tooltip();
@@ -73,29 +73,11 @@ function ready() {
$(choosertxtid).val($(this).val().replace(/^.*[\/\\]/, ''));
});
$('#form').on("submit", function(event) {
event.preventDefault()
$('#save').prop('disabled', true);
$('#save').click(function() {
$(this).prop('disabled', true);
$('#save-loading').show();
$.ajax({
url: this.action,
type: this.method,
contentType: false,
processData: false,
cache: false,
data: new FormData(this),
headers: {
'X-Requested-With': 'jQuery',
},
timeout: 5000,
dataType: "html",
// success: function() {}, // XXX will never happen because the VPN connection will be restarted after the form is posted.
complete: function() {
console.log("Forcing page reload after a few seconds...");
setTimeout(function() {document.location.reload();}, 45000)
},
});
})
$('#form').submit();
});
$('#status .close').click(function() {
$(this).parent().hide();
@@ -128,6 +110,4 @@ function ready() {
$('.enabled').show('slow');
}
});
}
$(document).ready(ready)
});

2
sources/views/settings.html.php
View File

@@ -200,7 +200,7 @@
<div class="form-group">
<label for="login_passphrase" class="col-sm-3 control-label"><?= _('Password') ?></label>
<div class="col-sm-9">
<input type="password" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
<input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
</div>
</div>
</div>