WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Compare commits

base: WEBLIB.RE:master_upstream
Branches Tags
WEBLIB.RE:master WEBLIB.RE:master_upstream WEBLIB.RE:master_myfork WEBLIB.RE:testing WEBLIB.RE:develop WEBLIB.RE:fix-get-date-without-ntpd-port WEBLIB.RE:fix-1016-vpn-firewall-residual
WEBLIB.RE:v1.4.2 WEBLIB.RE:1.4.1 WEBLIB.RE:1.4.0 WEBLIB.RE:1.3.0 WEBLIB.RE:1.0.1 WEBLIB.RE:1.0.0
..
compare: WEBLIB.RE:fix-1016-vpn-firewall-residual
Branches Tags
WEBLIB.RE:master WEBLIB.RE:master_upstream WEBLIB.RE:master_myfork WEBLIB.RE:testing WEBLIB.RE:develop WEBLIB.RE:fix-get-date-without-ntpd-port WEBLIB.RE:fix-1016-vpn-firewall-residual
WEBLIB.RE:v1.4.2 WEBLIB.RE:1.4.1 WEBLIB.RE:1.4.0 WEBLIB.RE:1.3.0 WEBLIB.RE:1.0.1 WEBLIB.RE:1.0.0

9 Commits
master_ups ... fix-1016-v

Author SHA1 Message Date
ljf (zamentur)
19e83122f5 [fix] Let VPN mount 2018-05-12 02:26:58 +02:00
agentcobra
05878ea230 Merge pull request #34 from keomabrun/master 
using new helpers and script formatting
 2018-04-25 20:18:55 +02:00
Keoma Brun
809dc19c80 using new helpers and script formatting 2018-04-09 16:11:08 +02:00
ljf (zamentur)
35f38ec86c [enh] Update version number 2018-04-08 13:55:09 +02:00
ljf (zamentur)
a642a01029 [fix] Add fake-hwclock to avoid RTC 1970 date 
A20 Allwinner seems to have a RTC but i think this one can't work when the board is shutdown (during several minutes/hours/days ?).  This package register the last date and set it early in the boot process.
 2018-04-08 13:55:09 +02:00
ljf (zamentur)
5654b6d0b2 [fix] ntpd blocked cause firewall to strict 2018-04-08 13:54:28 +02:00
agentcobra
b34644c729 Update upgrade 
quick fix for ci building failling
 2018-04-06 13:09:02 +02:00
Sebastien Badia
c9d7537387 cr: Update notifications settings 2018-03-23 10:29:24 +01:00
agentcobra
8aab3c7dd2 Package improvement (#31) 
* fix manifest

* fix tabs

* add Services section in manifest

* Fix invalid JSON
open an issue https://dev.yunohost.org/issues/1097

* fix "Impossible de satisfaire les pré-requis pour vpnclient : Paquet «
yunohost-moulinette » inconnu"

* finalisation manifest.json et harmonisation avec
https://yunohost.org/#/packaging_apps_manifest_fr

* ajout de du CI avec .travis.yml

* Update README.md

* lifting manifest.json

* remove exit 0 from scrits and add .gitignore

* fix lint error with exit

* fix #31

* refix #31
 2018-03-23 09:23:57 +01:00
21 changed files with 514 additions and 1128 deletions
Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
# Created from https://github.com/YunoHost/example_ynh/blob/master/.gitignore
*~
*.sw[op]

13
.travis.yml Normal file
View File

@@ -0,0 +1,13 @@
language: php
before_script:
- git clone --depth 1 git://github.com/YunoHost/package_linter ../package_linter && cd ../package_linter
- mv ../vpnclient_ynh vpnclient_ynh
script:
- ./package_linter.py vpnclient_ynh
notifications:
email: false
irc:
on_success: always
on_failure: always
channels:
- "irc.geeknode.org#labriqueinter.net-dev"

48
CHANGES.md
View File

@@ -1,48 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is (partially) based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## Unreleasead
## 1.4.1 - 2020-04-04
- [fix] ynh-vpnclient-loadcubefile.sh broken with ssowat 3.7.x (#60)
## 1.4.0 - 2019-03-18
- refactoring scripts
## 1.3.1 - 2018-12-19
- [mod] Bug fixes and code cleaning
## 1.3.0 - 2018-12-02
- [fix] Create a dedicated system user with proper sudo permissions. (#41)
- [fix] CSRF vulnerability (#43)
## 1.2.1 - 2018-09-10
- [fix] user/group = www-data in php-fpm config.
## 1.2.0 - 2018-09-06
- [fix] upgrade script is now functional
- [mod] lots of refactoring to apply app packaging best-practices
## 1.1.1 - 2018-04-06
- [fix] Sync the date with http if ntp can't (#37)
## 0.0.0 - 2016-05-14
First release

18
README.md
View File

@@ -1,8 +1,5 @@
# VPN Client [![Build Status](https://travis-ci.org/labriqueinternet/vpnclient_ynh.svg?branch=master)](https://travis-ci.org/labriqueinternet/vpnclient_ynh) [![Integration level](https://dash.yunohost.org/integration/vpnclient.svg)](https://dash.yunohost.org/appci/app/vpnclient)
[![Install LaBriqueInterNet VPNclient with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=vpnclient)
This YunoHost app is a part of the "[La Brique Internet](http://labriqueinter.net)" project but can be used independently.
# VPN Client
[![Build Status](https://travis-ci.org/labriqueinternet/vpnclient_ynh.svg?branch=master)](https://travis-ci.org/labriqueinternet/vpnclient_ynh)
## Overview
VPN Client app for [YunoHost](http://yunohost.org/).
@@ -13,6 +10,8 @@ VPN Client app for [YunoHost](http://yunohost.org/).
* Useful to easily move your server anywhere.
* With the [Hotspot app for YunoHost](https://github.com/labriqueinternet/hotspot_ynh), you can broadcast your VPN access by wifi to use a clean internet connection (depending on your VPN provider) on your laptop (or those of your friends) without having to configure it.
This YunoHost app is a part of the "[La Brique Internet](http://labriqueinter.net)" project but can be used independently.
## Features
* Authentication based on certificates or login (or both), with or without shared-secret (*ta.key*)
@@ -24,9 +23,12 @@ VPN Client app for [YunoHost](http://yunohost.org/).
* Strong firewalling (internet access and self-hosted services only available through the VPN)
* Advanced mode for editing the default OpenVPN configuration
* Auto-configuration mode, with [dot cube files](http://internetcu.be/dotcubefiles.html)
* Web interface
* Web interface ([screenshot](https://raw.githubusercontent.com/labriqueinternet/vpnclient_ynh/master/screenshot.png))
## Screenshot
## Prerequisites
![Screenshot of the web interface](https://raw.githubusercontent.com/labriqueinternet/vpnclient_ynh/master/screenshot.png)
* Debian Jessie
* YunoHost >= 2.2.0
* Yunohost-Moulinette >= 2.4.0 (firewalling)
**[BUG REPORTS SHOULD BE OPEN HERE](https://dev.yunohost.org)**

33
check_process
View File

@@ -1,33 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld" (DOMAIN)
path="/vpnconfig" (PATH)
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=0
upgrade=1
upgrade=1 from_commit=623d8a30453a26ee21aa2ce1142674a2ffdb85b9
upgrade=1 from_commit=73aa672346e40fc1857aef7441c449f0bd322082
backup_restore=1
multi_instance=0
incorrect_path=1
port_already_use=0
change_url=0
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
Level 4=na
Level 5=auto
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
;;; Options
Email=pitchum@gramaton.org
Notification=down

22
conf/nginx.conf → conf/nginx_vpnadmin.conf
View File

@@ -1,41 +1,34 @@
# VPN Client app for YunoHost
# VPN Client app for YunoHost
# Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
# Contribute at https://github.com/labriqueinternet/vpnclient_ynh
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
location <TPL:NGINX_LOCATION> {
alias <TPL:NGINX_REALPATH>;
# Path to source
alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
client_max_body_size 10G;
index index.php;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php5-fpm-<TPL:PHP_NAME>.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 600;
@@ -44,6 +37,5 @@ location __PATH__/ {
fastcgi_param SCRIPT_FILENAME $request_filename;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

24
conf/php-fpm.conf → conf/phpfpm_vpnadmin.conf
View File

@@ -1,24 +1,24 @@
; VPN Client app for YunoHost
; VPN Client app for YunoHost
; Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
; Contribute at https://github.com/labriqueinternet/vpnclient_ynh
;
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU Affero General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU Affero General Public License for more details.
;
;
; You should have received a copy of the GNU Affero General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
; Start a new pool named 'www'.
; Start a new pool named '<TPL:PHP_NAME>'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
[<TPL:PHP_NAME>]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
@@ -28,7 +28,7 @@
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
listen = /var/run/php5-fpm-<TPL:PHP_NAME>.sock
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
@@ -42,8 +42,8 @@ listen.mode = 0600
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = __USER__
group = __USER__
user = <TPL:PHP_USER>
group = <TPL:PHP_GROUP>
; Choose how the process manager will control the number of child processes.
; Possible Values:
@@ -157,7 +157,7 @@ request_slowlog_timeout = 0
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/[__NAMETOCHANGE__].slow.log
slowlog = /var/log/nginx/<TPL:PHP_NAME>.slow.log
; Set open file descriptor rlimit.
; Default Value: system defined value
@@ -171,7 +171,7 @@ rlimit_core = 0
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = __FINALPATH__
chdir = <TPL:NGINX_REALPATH>
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.

13
conf/sudoers.conf
View File

@@ -1,13 +0,0 @@
Cmnd_Alias VPNCLIENTTASKS = /bin/systemctl stop ynh-vpnclient, \
/bin/systemctl start ynh-vpnclient, \
/usr/local/bin/ynh-vpnclient *
Cmnd_Alias YUNOHOST = /usr/bin/yunohost app setting vpnclient *,\
/usr/bin/yunohost app info hotspot *
Cmnd_Alias HOTSPOT = /bin/systemctl stop ynh-hotspot,\
/bin/systemctl start ynh-hotspot,\
/usr/bin/yunohost app setting hotspot *
__VPNCLIENT_SYSUSER__ ALL = NOPASSWD: /bin/grep, VPNCLIENTTASKS, YUNOHOST, HOTSPOT

573
conf/ynh-vpnclient
View File

@@ -17,44 +17,8 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
###################################################################################
# Logging helpers #
###################################################################################
LOGFILE="/var/log/ynh-vpnclient.log"
touch $LOGFILE
chown root:root $LOGFILE
chmod 600 $LOGFILE
function success()
{
echo "[ OK ] $1" | tee -a $LOGFILE
}
function info()
{
echo "[INFO] $1" | tee -a $LOGFILE
}
function warn()
{
echo "[WARN] $1" | tee -a $LOGFILE >&2
}
function error()
{
echo "[FAIL] $1" | tee -a $LOGFILE >&2
}
function critical()
{
echo "[CRIT] $1" | tee -a $LOGFILE >&2
exit 1
}
###################################################################################
# IPv6 and route config stuff #
###################################################################################
# Functions
## State functions
has_nativeip6() {
ip -6 route | grep -q default\ via
@@ -64,58 +28,6 @@ has_ip6delegatedprefix() {
[ "${ynh_ip6_addr}" != none ]
}
is_ip6addr_set() {
ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
}
set_ip6addr() {
info "Adding IPv6 from VPN configuration"
ip address add "${ynh_ip6_addr}/128" dev tun0
}
unset_ip6addr() {
info "Removing IPv6 from VPN configuration"
ip address delete "${ynh_ip6_addr}/128" dev tun0
}
#
# Server IPv6 route
#
is_serverip6route_set() {
server_ip6=${1}
if [ -z "${server_ip6}" ]; then
false
else
ip -6 route | grep -q "${server_ip6}/"
fi
}
set_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
info "Adding IPv6 server route"
ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
unset_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
info "Removing IPv6 server route"
ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
###################################################################################
# Hotspot app #
###################################################################################
has_hotspot_app() {
[ -e /tmp/.ynh-hotspot-started ]
}
@@ -126,21 +38,72 @@ is_hotspot_knowme() {
[ "${hotspot_vpnclient}" == yes ]
}
###################################################################################
# DNS rules #
###################################################################################
is_firewall_set() {
wired_device=${1}
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"\
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
}
is_ip6addr_set() {
ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
}
is_serverip6route_set() {
server_ip6=${1}
if [ -z "${server_ip6}" ]; then
false
else
ip -6 route | grep -q "${server_ip6}/"
fi
}
is_dns_set() {
# FIXME : having the ynh_dns0 in the resolv.dnsmasq.conf is not necessarily good enough
# We want it to be the only one (with ynh_dns1) but nowadays for example ARN's resolver is
# in the default list from yunohost...
[ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]\
&& ( grep -q ${ynh_dns0} /etc/resolv.conf || grep -q ${ynh_dns0} /etc/resolv.dnsmasq.conf )
}
set_dns() {
info "Enforcing custom DNS resolvers from vpnclient"
is_openvpn_running() {
systemctl is-active openvpn@client.service &> /dev/null
}
is_running() {
((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
&& ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\
&& is_dns_set && is_firewall_set && is_openvpn_running
}
## Setters
set_ip6addr() {
ip address add "${ynh_ip6_addr}/128" dev tun0
}
set_firewall() {
wired_device=${1}
cp /etc/yunohost/hooks.d/{90-vpnclient.tpl,post_iptable_rules/90-vpnclient}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
yunohost firewall reload
}
set_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
set_dns() {
resolvconf=/etc/resolv.conf
[ -e /etc/resolv.dnsmasq.conf ] && resolvconf=/etc/resolv.dnsmasq.conf
@@ -154,92 +117,7 @@ EOF
bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
}
unset_dns() {
resolvconf=/etc/resolv.conf
[ -e /etc/resolv.dnsmasq.conf ] && resolvconf=/etc/resolv.dnsmasq.conf
info "Removing custom DNS resolvers from vpnclient"
rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
mv "${resolvconf}.ynh" "${resolvconf}"
# FIXME : this situation happened to a user ...
# We could try to force regen the dns conf
# (though for now it's tightly coupled to dnsmasq)
grep -q "^nameserver" "${resolvconf}" || error "${resolvconf} does not have any nameserver line !?"
}
###################################################################################
# Firewall rules management #
###################################################################################
is_firewall_set() {
wired_device=${1}
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"\
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
}
set_firewall() {
info "Adding vpnclient custom rules to the firewall"
wired_device=${1}
cp /etc/yunohost/hooks.d/{90-vpnclient.tpl,post_iptable_rules/90-vpnclient}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
info "Restarting yunohost firewall..."
yunohost firewall reload && success "Firewall restarted!"
}
unset_firewall() {
info "Cleaning vpnclient custom rules from the firewall"
rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
info "Restarting yunohost firewall..."
yunohost firewall reload && success "Firewall restarted!"
}
###################################################################################
# Time sync #
###################################################################################
sync_time() {
info "Now synchronizing time using ntp..."
systemctl stop ntp
timeout 20 ntpd -qg &> /dev/null
# Some networks drop ntp port (udp 123).
# Try to get the date with an http request on the internetcube web site
if [ $? -ne 0 ]; then
info "ntp synchronization failed, falling back to curl method"
http_date=`curl -sD - labriqueinter.net | grep '^Date:' | cut -d' ' -f3-6`
http_date_seconds=`date -d "${http_date}" +%s`
curr_date_seconds=`date +%s`
# Set the new date if it's greater than the current date
# So it does if 1970 year or if old fake-hwclock date is used
if [ $http_date_seconds -ge $curr_date_seconds ]; then
date -s "${http_date}"
fi
fi
systemctl start ntp
}
###################################################################################
# OpenVPN client start/stop procedures #
###################################################################################
is_openvpn_running() {
systemctl is-active openvpn@client.service &> /dev/null
}
start_openvpn() {
ip6_gw=${1}
server_ip6=${2}
@@ -254,10 +132,9 @@ start_openvpn() {
# Unset firewall to let DNS and NTP resolution works
# Firewall is reset after vpn is mounted (more details on #1016)
unset_firewall
sync_time
info "Preparing openvpn configuration..."
cp /etc/openvpn/client.conf{.tpl,}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/openvpn/client.conf
@@ -288,51 +165,47 @@ start_openvpn() {
sed 's|^<TPL:LOGIN_COMMENT>||' -i /etc/openvpn/client.conf
fi
info "Now actually starting OpenVPN client..."
systemctl start openvpn@client.service
}
if [ ! $? -eq 0 ]
then
tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
critical "Failed to start OpenVPN :/"
else
info "OpenVPN client started ... waiting for tun0 interface to show up"
fi
## Unsetters
for attempt in $(seq 0 20)
do
sleep 1
if ip link show dev tun0 &> /dev/null
then
success "tun0 interface is up!"
return 0
fi
done
error "Tun0 interface did not show up ... most likely an issue happening in OpenVPN client ... below is an extract of the log that might be relevant to pinpoint the issue"
tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
stop_openvpn
critical "Failed to start OpenVPN client : tun0 interface did not show up"
unset_ip6addr() {
ip address delete "${ynh_ip6_addr}/128" dev tun0
}
unset_firewall() {
rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
yunohost firewall reload
}
unset_serverip6route() {
server_ip6=${1}
ip6_gw=${2}
wired_device=${3}
ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
unset_dns() {
resolvconf=/etc/resolv.conf
[ -e /etc/resolv.dnsmasq.conf ] && resolvconf=/etc/resolv.dnsmasq.conf
rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
mv "${resolvconf}.ynh" "${resolvconf}"
}
stop_openvpn() {
# FIXME : isn't openvpn@client ? (idk)
info "Stopping OpenVPN service"
systemctl stop openvpn.service
for attempt in $(seq 0 20)
do
if ip link show dev tun0 &> /dev/null
then
info "(Waiting for tun0 to disappear if it was up)"
sleep 1
fi
done
}
###################################################################################
# Yunohost settings interface #
###################################################################################
## Tools
sync_time() {
systemctl stop ntp
timeout 20 ntpd -qg &> /dev/null
systemctl start ntp
}
ynh_setting_get() {
app=${1}
@@ -349,41 +222,36 @@ ynh_setting_set() {
yunohost app setting "${app}" "${setting}" -v "${value}"
}
###################################################################################
# The actual ynh vpnclient management thing #
###################################################################################
is_running() {
((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
&& ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\
&& is_dns_set && is_firewall_set && is_openvpn_running
}
if [ "$1" != restart ]; then
# Restart php-fpm at the first start (it needs to be restarted after the slapd start)
# Restart php5-fpm at the first start (it needs to be restarted after the slapd start)
if [ ! -e /tmp/.ynh-vpnclient-boot ]; then
touch /tmp/.ynh-vpnclient-boot
systemctl restart php7.0-fpm
systemctl restart php5-fpm
fi
# Check configuration consistency
if [[ ! "${1}" =~ stop ]]; then
exitcode=0
if [ ! -e /etc/openvpn/keys/ca-server.crt ]; then
critical "You need a CA server (you can add it through the web admin)"
echo "[WARN] You need a CA server (you can add it through the web admin)"
exitcode=1
fi
empty=$(find /etc/openvpn/keys/ -empty -name credentials &> /dev/null | wc -l)
if [ "${empty}" -gt 0 -a ! -e /etc/openvpn/keys/user.key ]; then
critical "You need either a client certificate, either a username, or both (you can add one through the web admin)"
echo "[WARN] You need either a client certificate, either a username, or both (you can add one through the web admin)"
exitcode=1
fi
[ "${exitcode}" -ne 0 ] && exit ${exitcode}
fi
# Variables
info "Retrieving Yunohost settings... "
echo -n "Retrieving Yunohost settings... "
ynh_service_enabled=$(ynh_setting_get vpnclient service_enabled)
ynh_server_name=$(ynh_setting_get vpnclient server_name)
@@ -403,210 +271,201 @@ if [ "$1" != restart ]; then
new_server_ip6=$(host "${ynh_server_name}" 2> /dev/null | awk '/IPv6/ { print $NF; }')
if [ -z "${new_server_ip6}" ]; then
# FIXME wtf is this hardcoded IP ...
new_server_ip6=$(host "${ynh_server_name}" 80.67.188.188 2> /dev/null | awk '/IPv6/ { print $NF; }')
fi
success "Settings retrieved"
echo "OK"
fi
###################################################################################
# Start / stop / restart / status handling #
###################################################################################
# Script
case "${1}" in
# ########## #
# Starting #
# ########## #
start)
if is_running; then
info "Service is already running"
exit 0
echo "Already started"
elif [ "${ynh_service_enabled}" -eq 0 ]; then
warn "Service is disabled, not starting it"
exit 0
fi
info "[vpnclient] Starting..."
touch /tmp/.ynh-vpnclient-started
# Run openvpn
if is_openvpn_running;
then
info "(openvpn is already running)"
echo "Disabled service"
else
start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
echo "[vpnclient] Starting..."
touch /tmp/.ynh-vpnclient-started
# Run openvpn
if ! is_openvpn_running; then
echo "Run openvpn"
start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
if [ ! $? -eq 0 ]; then
exit 1
fi
i=0; false || while [ $? -ne 0 ]; do
sleep 1 && (( i++ ))
[ ${i} -gt 20 ] && stop_openvpn
[ ${i} -gt 20 ] && exit 1
ip link show dev tun0 &> /dev/null
done
fi
# Check old state of the server ipv6 route
if [ ! -z "${old_server_ip6}" -a ! -z "${old_ip6_gw}" -a ! -z "${old_wired_device}"\
-a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
-o "${new_wired_device}" != "${old_wired_device}" \) ]\
&& is_serverip6route_set "${old_server_ip6}"; then
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
# Set the new server ipv6 route
if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"; then
echo "Set IPv6 server route"
set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
fi
# Set the ipv6 address
if ! has_hotspot_app && has_ip6delegatedprefix && ! is_ip6addr_set; then
echo "Set IPv6 address"
set_ip6addr
fi
# Set host DNS resolvers
if ! is_dns_set; then
echo "Set host DNS resolvers"
set_dns
fi
# Set ipv6/ipv4 firewall
if ! is_firewall_set "${new_wired_device}"; then
echo "Set IPv6/IPv4 firewall"
set_firewall "${new_wired_device}"
fi
# Update dynamic settings
ynh_setting_set vpnclient server_ip6 "${new_server_ip6}"
ynh_setting_set vpnclient ip6_gw "${new_ip6_gw}"
ynh_setting_set vpnclient wired_device "${new_wired_device}"
# Fix configuration
if has_hotspot_app && ! is_hotspot_knowme; then
ynh-hotspot start
fi
fi
# Check old state of the server ipv6 route
if [ ! -z "${old_server_ip6}" -a ! -z "${old_ip6_gw}" -a ! -z "${old_wired_device}"\
-a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
-o "${new_wired_device}" != "${old_wired_device}" \) ]\
&& is_serverip6route_set "${old_server_ip6}"
then
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
# Set the new server ipv6 route
if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"
then
set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
fi
# Set the ipv6 address
if ! has_hotspot_app && has_ip6delegatedprefix && ! is_ip6addr_set
then
set_ip6addr
fi
# Set host DNS resolvers
if ! is_dns_set
then
set_dns
fi
# Set ipv6/ipv4 firewall
if ! is_firewall_set "${new_wired_device}"
then
set_firewall "${new_wired_device}"
fi
# Update dynamic settings
info "Saving settings..."
ynh_setting_set vpnclient server_ip6 "${new_server_ip6}"
ynh_setting_set vpnclient ip6_gw "${new_ip6_gw}"
ynh_setting_set vpnclient wired_device "${new_wired_device}"
# Fix configuration
if has_hotspot_app && ! is_hotspot_knowme; then
info "Now starting the hotspot"
ynh-hotspot start
fi
success "YunoHost VPN client started!"
;;
# ########## #
# Stopping #
# ########## #
stop)
info "[vpnclient] Stopping..."
echo "[vpnclient] Stopping..."
rm -f /tmp/.ynh-vpnclient-started
if ! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set; then
echo "Unset IPv6 address"
unset_ip6addr
fi
if is_serverip6route_set "${old_server_ip6}"; then
echo "Unset IPv6 server route"
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
is_firewall_set "${old_wired_device}" && unset_firewall
if is_firewall_set "${old_wired_device}"; then
echo "Unset IPv6/IPv4 firewall"
unset_firewall
fi
is_dns_set && unset_dns
if is_dns_set; then
echo "Unset forced host DNS resolvers"
unset_dns
fi
is_openvpn_running && stop_openvpn
if is_openvpn_running; then
echo "Stop openvpn"
stop_openvpn
i=0; true && while [ $? -eq 0 ]; do
sleep 1 && (( i++ ))
[ ${i} -gt 20 ] && exit 1
ip link show dev tun0 &> /dev/null
done
fi
# Fix configuration
if has_hotspot_app && is_hotspot_knowme; then
info "Now starting the hotspot"
ynh-hotspot start
fi
;;
# ########## #
# Restart #
# ########## #
restart)
$0 stop
$0 start
;;
# ########## #
# Status #
# ########## #
status)
exitcode=0
if [ "${ynh_service_enabled}" -eq 0 ]; then
error "VPN Client Service disabled"
echo "[ERR] VPN Client Service disabled"
exitcode=1
fi
info "Autodetected internet interface: ${new_wired_device} (last start: ${old_wired_device})"
info "Autodetected IPv6 address for the VPN server: ${new_server_ip6} (last start: ${old_server_ip6})"
echo "[INFO] Autodetected internet interface: ${new_wired_device} (last start: ${old_wired_device})"
echo "[INFO] Autodetected IPv6 address for the VPN server: ${new_server_ip6} (last start: ${old_server_ip6})"
if has_ip6delegatedprefix; then
info "IPv6 delegated prefix found"
info "IPv6 address computed from the delegated prefix: ${ynh_ip6_addr}"
echo "[INFO] IPv6 delegated prefix found"
echo "[INFO] IPv6 address computed from the delegated prefix: ${ynh_ip6_addr}"
if ! has_hotspot_app; then
info "No Hotspot app detected"
echo "[INFO] No Hotspot app detected"
if is_ip6addr_set; then
success "IPv6 address correctly set"
echo "[OK] IPv6 address correctly set"
else
error "No IPv6 address set"
echo "[ERR] No IPv6 address set"
exitcode=1
fi
else
info "Hotspot app detected"
info "No IPv6 address to set"
echo "[INFO] Hotspot app detected"
echo "[INFO] No IPv6 address to set"
fi
else
info "No IPv6 delegated prefix found"
echo "[INFO] No IPv6 delegated prefix found"
fi
if has_nativeip6; then
info "Native IPv6 detected"
info "Autodetected native IPv6 gateway: ${new_ip6_gw} (last start: ${old_ip6_gw})"
echo "[INFO] Native IPv6 detected"
echo "[INFO] Autodetected native IPv6 gateway: ${new_ip6_gw} (last start: ${old_ip6_gw})"
if is_serverip6route_set "${new_server_ip6}"; then
success "IPv6 server route correctly set"
echo "[OK] IPv6 server route correctly set"
else
error "No IPv6 server route set"
echo "[ERR] No IPv6 server route set"
exitcode=1
fi
else
info "No native IPv6 detected"
info "No IPv6 server route to set"
echo "[INFO] No native IPv6 detected"
echo "[INFO] No IPv6 server route to set"
fi
if is_firewall_set "${new_wired_device}"; then
success "IPv6/IPv4 firewall set"
echo "[OK] IPv6/IPv4 firewall set"
else
info "No IPv6/IPv4 firewall set"
echo "[ERR] No IPv6/IPv4 firewall set"
exitcode=1
fi
if is_dns_set; then
success "Host DNS correctly set"
echo "[OK] Host DNS correctly set"
else
error "No host DNS set"
echo "[ERR] No host DNS set"
exitcode=1
fi
if is_openvpn_running; then
success "Openvpn is running"
echo "[OK] Openvpn is running"
else
error "Openvpn is not running"
echo "[ERR] Openvpn is not running"
exitcode=1
fi
exit ${exitcode}
;;
# ########## #
# Halp #
# ########## #
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1

4
conf/ynh-vpnclient-loadcubefile.sh
View File

@@ -86,7 +86,7 @@ ynh_service_enabled=$(ynh_setting vpnclient service_enabled)
# SSO login
curl -D - -skLe "https://${ynh_domain}/yunohost/sso/" --data-urlencode "user=${ynh_user}" --data-urlencode "password=${ynh_password}" "https://${ynh_domain}/yunohost/sso/" --resolve "${ynh_domain}:443:127.0.0.1" -o /dev/null -c "${tmpdir}/cookies" 2> /dev/null | grep -q "set-cookie: SSOwAuthUser=${ynh_user}"
curl -kLe "https://${ynh_domain}/yunohost/sso/" --data-urlencode "user=${ynh_user}" --data-urlencode "password=${ynh_password}" "https://${ynh_domain}/yunohost/sso/" --resolve "${ynh_domain}:443:127.0.0.1" -c "${tmpdir}/cookies" 2> /dev/null | grep -q Logout
if [ $? -ne 0 ]; then
echo "[ERROR] SSO login failed" >&2
@@ -96,7 +96,7 @@ fi
# Upload cube file
output=$(curl -kL -H "X-Requested-With: yunohost-config" -F "service_enabled=${ynh_service_enabled}" -F _method=put -F "cubefile=@${cubefile_path}" "https://${ynh_domain}/${ynh_path}/?/settings" --resolve "${ynh_domain}:443:127.0.0.1" -b "${tmpdir}/cookies" 2> /dev/null | grep RETURN_MSG | sed 's/<!-- RETURN_MSG -->//' | sed 's/<\/?[^>]\+>//g' | sed 's/^ \+//g')
output=$(curl -kL -F "service_enabled=${ynh_service_enabled}" -F _method=put -F "cubefile=@${cubefile_path}" "https://${ynh_domain}/${ynh_path}/?/settings" --resolve "${ynh_domain}:443:127.0.0.1" -b "${tmpdir}/cookies" 2> /dev/null | grep RETURN_MSG | sed 's/<!-- RETURN_MSG -->//' | sed 's/<\/?[^>]\+>//g' | sed 's/^ \+//g')
# Configure IPv6 Delegated Prefix on Hotspot

23
manifest.json
View File

@@ -2,24 +2,27 @@
"name": "VPN Client",
"id": "vpnclient",
"packaging_format": 1,
"version": "1.4.1",
"description": {
"en": "Tunnel the internet traffic through a VPN",
"fr": "Fais passer le traffic internet à travers un VPN"
"en": "VPN Client",
"fr": "Client VPN"
},
"url": "https://labriqueinter.net",
"url": "https://github.com/labriqueinternet/vpnclient_ynh",
"version": "1.1.0",
"license": "AGPL-3.0",
"maintainer": {
"name": "pitchum",
"email": "pitchum@users.noreply.github.com"
"name": "Julien Vaubourg",
"email": "julien@vaubourg.com",
"url": "http://julien.vaubourg.com"
},
"requirements": {
"yunohost": ">= 2.2.0",
"moulinette": ">= 2.4.0"
},
"multi_instance": false,
"requirements": {
"yunohost": ">= 3.2.0"
},
"services": [
"nginx",
"php7.0-fpm"
"php5-fpm",
"ynh-vpnclient"
],
"arguments": {
"install": [

216
scripts/_common.sh
View File

@@ -1,205 +1,43 @@
#!/bin/bash
#
# Common variables and helpers
# Common variables
#
pkg_dependencies="php7.0-fpm sipcalc dnsutils openvpn curl fake-hwclock"
pkg_dependencies="php5-fpm sipcalc dnsutils openvpn curl fake-hwclock"
service_name="ynh-vpnclient"
service_checker_name=$service_name"-checker"
to_logs() {
# When yunohost --verbose or bash -x
if $_ISVERBOSE; then
cat
else
cat > /dev/null
fi
}
# Experimental helpers
# Cf. https://github.com/YunoHost-Apps/Experimental_helpers/blob/72b0bc77c68d4a4a2bf4e95663dbc05e4a762a0a/ynh_read_manifest/ynh_read_manifest
read_json () {
python3 -c "import sys, json;print(json.load(open('$1'))['$2'])"
}
# Experimental helper
# Cf. https://github.com/YunoHost-Apps/Experimental_helpers/blob/72b0bc77c68d4a4a2bf4e95663dbc05e4a762a0a/ynh_read_manifest/ynh_read_manifest
read_manifest () {
if [ -f '../manifest.json' ] ; then
read_json '../manifest.json' "$1"
else
read_json '../settings/manifest.json' "$1"
fi
}
# Experimental helper
# cf. https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_abort_if_up_to_date/ynh_abort_if_up_to_date
ynh_abort_if_up_to_date () {
version=$(read_json "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" 'version' 2> /dev/null || echo '20160501-7')
last_version=$(read_manifest 'version')
if [ "${version}" = "${last_version}" ]; then
ynh_print_info "Up-to-date, nothing to do"
ynh_die "" 0
fi
}
# Read the value of a key in a ynh manifest file
# Helper to start/stop/.. a systemd service from a yunohost context,
# *and* the systemd service itself needs to be able to run yunohost
# commands.
#
# usage: ynh_read_manifest manifest key
# | arg: manifest - Path of the manifest to read
# | arg: key - Name of the key to find
ynh_read_manifest () {
manifest="$1"
key="$2"
python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])"
}
# Read the upstream version from the manifest
# The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
# For example : 4.3-2~ynh3
# This include the number before ~ynh
# In the last example it return 4.3-2
# Hence the need to release the lock during the operation
#
# usage: ynh_app_upstream_version
ynh_app_upstream_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/~ynh*/}"
}
# Read package version from the manifest
# The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
# For example : 4.3-2~ynh3
# This include the number after ~ynh
# In the last example it return 3
# usage : ynh_systemctl yolo restart
#
# usage: ynh_app_package_version
ynh_app_package_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/*~ynh/}"
}
# Exit without error if the package is up to date
#
# This helper should be used to avoid an upgrade of a package
# when it's not needed.
#
# To force an upgrade, even if the package is up to date,
# you have to set the variable YNH_FORCE_UPGRADE before.
# example: YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
#
# usage: ynh_abort_if_up_to_date
ynh_abort_if_up_to_date () {
local force_upgrade=${YNH_FORCE_UPGRADE:-0}
local package_check=${PACKAGE_CHECK_EXEC:-0}
local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0)
local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0)
if [ "$version" = "$last_version" ]
then
if [ "$force_upgrade" != "0" ]
then
echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2
unset YNH_FORCE_UPGRADE
elif [ "$package_check" != "0" ]
then
echo "Upgrade forced for package check." >&2
else
ynh_die "Up-to-date, nothing to do" 0
fi
fi
}
# Operations needed by both 'install' and 'upgrade' scripts
function vpnclient_deploy_files_and_services()
function ynh_systemctl()
{
local domain=$1
local app=$2
local service_name=$3
local sysuser="${app}"
local service_checker_name="$service_name-checker"
local ACTION="$1"
local SERVICE="$2"
local LOCKFILE="/var/run/moulinette_yunohost.lock"
# Ensure vpnclient_ynh has its own system user
if ! ynh_system_user_exists ${sysuser}
then
ynh_system_user_create ${sysuser}
fi
# Launch the action
sudo systemctl "$ACTION" "$SERVICE" &
local SYSCTLACTION=$!
# Ensure the system user has enough permissions
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
ynh_replace_string "__VPNCLIENT_SYSUSER__" "${sysuser}" /etc/sudoers.d/${app}_ynh
# Save and release the lock...
cp $LOCKFILE $LOCKFILE.bkp.$$
rm $LOCKFILE
# Install IPv6 scripts
install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
# Wait for the end of the action
wait $SYSCTLACTION
# Install command-line cube file loader
install -o root -g root -m 0755 ../conf/$service_name-loadcubefile.sh /usr/local/bin/
# Make sure the lock is released...
while [ -f $LOCKFILE ]
do
sleep 0.1
done
# Copy confs
mkdir -pm 0755 /var/log/nginx/
chown root:${sysuser} /etc/openvpn/
chmod 775 /etc/openvpn/
mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
# Copy web sources
mkdir -pm 0755 /var/www/${app}/
cp -a ../sources/* /var/www/${app}/
chown -R root: /var/www/${app}/
chmod -R 0644 /var/www/${app}/*
find /var/www/${app}/ -type d -exec chmod +x {} \;
# Create certificates directory
mkdir -pm 0770 /etc/openvpn/keys/
chown root:${sysuser} /etc/openvpn/keys/
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Configuring nginx web server..."
ynh_add_nginx_config
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Configuring php-fpm..."
ynh_add_fpm_config
#=================================================
# Fix sources
ynh_replace_string "__PATH__" "${path_url}" "/var/www/${app}/config.php"
# Copy init script
install -o root -g root -m 0755 ../conf/$service_name /usr/local/bin/
# Copy checker timer
install -o root -g root -m 0755 ../conf/$service_checker_name.sh /usr/local/bin/
install -o root -g root -m 0644 ../conf/$service_checker_name.timer /etc/systemd/system/
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info "Configuring a systemd service..."
ynh_add_systemd_config $service_name "$service_name.service"
ynh_add_systemd_config $service_checker_name "$service_checker_name.service"
# Restore the old lock
mv $LOCKFILE.bkp.$$ $LOCKFILE
}

77
scripts/backup
View File

@@ -1,83 +1,16 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
ynh_abort_if_errors # Stop script if an error is detected
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
backup_dir="${1}/apps/vpnclient"
mkdir -p "${backup_dir}/"
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
sudo cp -a /etc/openvpn/keys/ "${backup_dir}/"
sudo cp -a /etc/openvpn/client.conf.tpl "${backup_dir}/"
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info "Backing up the main app directory..."
ynh_backup "$final_path"
ynh_backup "/etc/sudoers.d/${app}_ynh"
ynh_backup "/usr/local/bin/ipv6_expanded"
ynh_backup "/usr/local/bin/ipv6_compressed"
ynh_backup "/usr/local/bin/$service_name-loadcubefile.sh"
ynh_backup "/etc/yunohost/hooks.d/90-vpnclient.tpl"
ynh_backup "/etc/openvpn/client.conf.tpl"
ynh_backup "/etc/openvpn/client.conf.tpl.restore"
ynh_backup "/etc/openvpn/keys/"
ynh_backup "/usr/local/bin/$service_name"
ynh_backup "/usr/local/bin/$service_checker_name.sh"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info "Backing up nginx web server configuration..."
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Backing up php-fpm configuration..."
ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_print_info "Backing up systemd configuration..."
ynh_backup "/etc/systemd/system/$service_name.service"
ynh_backup "/etc/systemd/system/$service_checker_name.service"
ynh_backup "/etc/systemd/system/$service_checker_name.timer"
ynh_backup "/etc/systemd/system/openvpn@.service"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

143
scripts/install
View File

@@ -23,8 +23,8 @@
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
@@ -39,25 +39,29 @@ ynh_abort_if_errors
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$(ynh_normalize_url_path "$YNH_APP_ARG_PATH")
path_url=$YNH_APP_ARG_PATH
app=$YNH_APP_INSTANCE_NAME
final_path="/var/www/$app"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info "Validating installation parameters..."
# Check destination directory
test ! -e "$final_path" || ynh_die "Path is already in use: ${final_path}."
final_path="/var/www/$app"
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path "$path_url")
# Check web path availability
ynh_webpath_available "$domain" "$path_url"
# Register (book) web path
ynh_webpath_register "$app" "$domain" "$path_url"
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info "Storing installation settings..."
ynh_app_setting_set "$app" domain "$domain"
ynh_app_setting_set "$app" final_path "$final_path"
@@ -67,46 +71,125 @@ ynh_app_setting_set "$app" final_path "$final_path"
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# DEPLOY FILES FROM PACKAGE
# SPECIFIC SETUP
#=================================================
ynh_print_info "Deploy files from package..."
vpnclient_deploy_files_and_services "${domain}" "${app}" "${service_name}"
# This is an upgrade?
upgrade=$([ -z ${VPNCLIENT_UPGRADE+x} ] && echo true || echo false)
if ! $upgrade; then
# Save arguments
ynh_app_setting_set $app service_enabled 0
ynh_app_setting_set $app server_name none
ynh_app_setting_set $app server_port 1194
ynh_app_setting_set $app server_proto udp
ynh_app_setting_set $app ip6_addr none
ynh_app_setting_set $app ip6_net none
ynh_app_setting_set $app login_user "${login_user}"
ynh_app_setting_set $app login_passphrase "${login_passphrase}"
ynh_app_setting_set $app dns0 89.234.141.66
ynh_app_setting_set $app dns1 2001:913::8
fi
# Install IPv6 scripts
sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
# Install command-line cube file loader
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient-loadcubefile.sh /usr/local/bin/
# Copy confs
sudo mkdir -pm 0755 /var/log/nginx/
sudo chown root:admins /etc/openvpn/
sudo chmod 775 /etc/openvpn/
sudo mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
sudo install -b -o root -g admins -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
sudo install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
sudo install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
# Copy web sources
sudo mkdir -pm 0755 /var/www/vpnadmin/
sudo cp -a ../sources/* /var/www/vpnadmin/
sudo chown -R root: /var/www/vpnadmin/
sudo chmod -R 0644 /var/www/vpnadmin/*
sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
# Create certificates directory
sudo mkdir -pm 0770 /etc/openvpn/keys/
sudo chown root:admins /etc/openvpn/keys/
#=================================================
# RELOAD SERVICES
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Reloading services..."
sudo sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
# Fix sources
sudo sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i /var/www/vpnadmin/config.php
# Copy init script
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/
# Copy checker timer
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient-checker.sh /usr/local/bin/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.service /etc/systemd/system/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.timer /etc/systemd/system/
# Set default inits
# The boot order of these services are important, so they are disabled by default
# and the vpnclient service handles them.
systemctl disable openvpn
systemctl stop openvpn
# and the ynh-vpnclient service handles them.
sudo systemctl disable openvpn
sudo systemctl stop openvpn
systemctl restart php7.0-fpm
systemctl reload nginx
sudo systemctl enable php5-fpm
sudo systemctl restart php5-fpm
# main service
sudo systemctl reload nginx
yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock
yunohost service enable $service_name
sudo systemctl enable ynh-vpnclient
sudo yunohost service add ynh-vpnclient
# checker service
ynh_systemctl start ynh-vpnclient-checker.service
sudo systemctl enable ynh-vpnclient-checker.service
ynh_systemctl start ynh-vpnclient-checker.timer
sudo systemctl enable ynh-vpnclient-checker.timer
yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock
yunohost service start $service_checker_name
yunohost service enable $service_checker_name
systemctl start $service_checker_name.timer
systemctl enable $service_checker_name.timer
if ! $upgrade; then
ynh_systemctl start ynh-vpnclient
#=================================================
# END OF SCRIPT
#=================================================
# Check configuration consistency
if [ -z "${crt_server_ca_path}" ]; then
echo "WARNING: VPN Client is not started because you need to define a server CA through the web admin" >&2
fi
if [ -z "${crt_client_key_path}" -a -z "${login_user}" ]; then
echo "WARNING: VPN Client is not started because you need either a client certificate, either a username (or both)" >&2
fi
fi
sudo yunohost app ssowatconf
ynh_print_info "Installation of $app completed"

105
scripts/remove
View File

@@ -29,96 +29,37 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
#=================================================
# STOP AND REMOVE SERVICES
#=================================================
ynh_print_info "Stopping and removing services"
# The End
ynh_systemctl stop ynh-vpnclient-checker.service
sudo systemctl disable ynh-vpnclient-checker.service
ynh_systemctl stop ynh-vpnclient-checker.timer && sleep 1
sudo systemctl disable ynh-vpnclient-checker.timer
ynh_systemctl stop ynh-vpnclient
sudo systemctl disable ynh-vpnclient
sudo yunohost service remove ynh-vpnclient
sudo rm -f /etc/systemd/system/ynh-vpnclient* /usr/local/bin/ynh-vpnclient*
sudo rm -f /tmp/.ynh-vpnclient-*
yunohost service stop $service_checker_name
yunohost service disable $service_checker_name
yunohost service remove $service_checker_name
systemctl stop $service_checker_name.timer && sleep 1
systemctl disable $service_checker_name.timer
# Remove confs
sudo rm -f /etc/openvpn/client.conf{.tpl,.tpl.restore,}
sudo rm -f /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
sudo rm -f /etc/php5/fpm/pool.d/vpnadmin.conf
sudo rm -f /etc/yunohost/hooks.d/90-vpnclient.tpl
sudo rm -f /etc/systemd/system/openvpn@.service
yunohost service stop $service_name
yunohost service disable $service_name
yunohost service remove $service_name
for FILE in $(ls /etc/systemd/system/$service_name* /usr/local/bin/ynh-vpnclient* /tmp/.ynh-vpnclient-*)
do
ynh_secure_remove "$FILE"
done
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info "Removing nginx web server configuration"
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Removing php-fpm configuration"
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# SPECIFIC REMOVE
#================================================
ynh_print_info "Removing openvpn configuration"
# Remove openvpn configurations
ynh_secure_remove /etc/openvpn/client.conf
ynh_secure_remove /etc/openvpn/client.conf.tpl
ynh_secure_remove /etc/openvpn/client.conf.tpl.restore
# Remove YunoHost hook
ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl
# Remove openvpn service
ynh_secure_remove /etc/systemd/system/openvpn@.service
# Remove openvpn certificates
ynh_secure_remove /etc/openvpn/keys
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info "Removing dependencies"
ynh_remove_app_dependencies
# Remove sources
ynh_secure_remove "/var/www/${app}"
# Reload systemd configuration
systemctl daemon-reload
# Remove certificates
sudo rm -rf /etc/openvpn/keys/
# Restart services
# (this must happen before deleting the user, otherwise the user is
# being used by one of the php pool process)
systemctl restart php7.0-fpm
systemctl reload nginx
sudo systemctl restart php5-fpm
sudo systemctl reload nginx
#=================================================
# REMOVE DEDICATED USER
#=================================================
# Remove sources
sudo rm -rf /var/www/vpnadmin/
ynh_print_info "Removing the dedicated system user"
# Delete a system user
ynh_system_user_delete ${app}
ynh_secure_remove "/etc/sudoers.d/${app}_ynh"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Removal of $app completed"

133
scripts/restore
View File

@@ -1,12 +1,15 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
if [ ! -e _common.sh ]; then
# Fetch helpers file if not in current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@@ -16,121 +19,21 @@ source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading settings..."
backup_dir="${1}/apps/vpnclient"
app=$YNH_APP_INSTANCE_NAME
sudo mkdir -p /etc/openvpn/
sudo cp -a "${backup_dir}/keys/" /etc/openvpn/
sudo cp -a "${backup_dir}/client.conf.tpl" /etc/openvpn/
sudo chown -R root:admins /etc/openvpn/keys/
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
gitcommit=$(sudo grep revision /etc/yunohost/apps/vpnclient/status.json | sed 's/.*"revision": "\([^"]\+\)".*/\1/')
tmpdir=$(mktemp -dp /tmp/ vpnclient-restore-XXXXX)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info "Validating restoration parameters..."
git clone https://github.com/labriqueinternet/vpnclient_ynh.git "${tmpdir}/"
git --work-tree "${tmpdir}/" --git-dir "${tmpdir}/.git/" reset --hard "${gitcommit}"
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
cd "${tmpdir}/scripts/"
bash ./upgrade
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
sudo rm -r "${tmpdir}/"
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info "Restoring the app main directory..."
ynh_restore_file "$final_path"
ynh_restore_file "/etc/sudoers.d/${app}_ynh"
ynh_restore_file "/usr/local/bin/ipv6_expanded"
ynh_restore_file "/usr/local/bin/ipv6_compressed"
ynh_restore_file "/usr/local/bin/$service_name-loadcubefile.sh"
ynh_restore_file "/etc/yunohost/hooks.d/90-vpnclient.tpl"
ynh_restore_file "/etc/openvpn/client.conf.tpl"
ynh_restore_file "/etc/openvpn/client.conf.tpl.restore"
ynh_restore_file "/etc/openvpn/keys/"
ynh_restore_file "/usr/local/bin/$service_name"
ynh_restore_file "/usr/local/bin/$service_checker_name.sh"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R $app: $final_path
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_print_info "Reinstalling dependencies..."
# Define and install dependencies
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_print_info "Restoring the systemd configuration..."
ynh_restore_file "/etc/systemd/system/$service_name.service"
ynh_restore_file "/etc/systemd/system/$service_checker_name.service"
ynh_restore_file "/etc/systemd/system/$service_checker_name.timer"
ynh_restore_file "/etc/systemd/system/openvpn@.service"
systemctl daemon-reload
systemctl enable "$service_name.service"
systemctl enable "$service_checker_name.service"
systemctl enable "openvpn@.service"
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock
yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_print_info "Reloading nginx web server and php-fpm..."
systemctl restart php7.0-fpm
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Restoration completed for $app"

143
scripts/upgrade
View File

@@ -9,10 +9,16 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@@ -20,115 +26,44 @@ domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
server_name=$(ynh_app_setting_get $app server_name)
#=================================================
# SPECIAL UPGRADE FOR VERSIONS < 1.2.0
# CHECK VERSION
#=================================================
# Apply renaming that occured in v1.2.0 ("vpnadmin" -> "${app}")
if [ -f /etc/nginx/conf.d/${domain}.d/vpnadmin.conf ]; then
ynh_replace_string "/var/www/vpnadmin/" "/var/www/${app}/" "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
ynh_replace_string "vpnadmin.sock" "${app}.sock" "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
mv /etc/nginx/conf.d/${domain}.d/vpnadmin.conf /etc/nginx/conf.d/${domain}.d/${app}.conf
ynh_abort_if_up_to_date
#=================================================
sudo mkdir -m 0700 -p /var/cache/labriqueinternet/vpnclient/
sudo tar czf "/var/cache/labriqueinternet/vpnclient/rollback_$(date +%Y-%m-%d-%H%M%S).tgz" /etc/openvpn/ /etc/yunohost/apps/vpnclient/ &> /dev/null
tmpdir=$(mktemp -dp /tmp/ vpnclient-upgrade-XXXXX)
sudo cp -a /etc/yunohost/apps/vpnclient/settings.yml "${tmpdir}/"
sudo cp -a /etc/openvpn/keys/ "${tmpdir}/"
if [ ! -e /etc/openvpn/client.conf.tpl.restore ] || ! cmp -s /etc/openvpn/client.conf.tpl{,.restore}; then
sudo cp -a /etc/openvpn/client.conf.tpl "${tmpdir}/"
fi
if [ -f /etc/php5/fpm/pool.d/vpnadmin.conf ]; then
ynh_replace_string "/var/www/vpnadmin/" "/var/www/${app}/" /etc/php5/fpm/pool.d/vpnadmin.conf
ynh_replace_string "vpnadmin.sock" "${app}.sock" /etc/php5/fpm/pool.d/vpnadmin.conf
mv /etc/php5/fpm/pool.d/vpnadmin.conf /etc/php/7.0/fpm/pool.d/${app}.conf
export VPNCLIENT_UPGRADE=1
sudo bash /etc/yunohost/apps/vpnclient/scripts/remove &> /dev/null
bash ./install "${domain}" "${path}" "${server_name}"
sudo rmdir /etc/openvpn/keys/
sudo cp -a "${tmpdir}/keys/" /etc/openvpn/keys/
sudo cp -a "${tmpdir}/settings.yml" /etc/yunohost/apps/vpnclient/
sudo cp -a "${tmpdir}/client.conf.tpl" /etc/openvpn/ 2> /dev/null
sudo rm -r "${tmpdir}/"
# Changes
if [ -z "$(ynh_setting vpnclient dns0)" ]; then
sudo yunohost app setting vpnclient dns0 -v 89.234.141.66
sudo yunohost app setting vpnclient dns1 -v 2001:913::8
fi
if [ -d /var/www/vpnadmin ]; then
mv /var/www/vpnadmin /var/www/${app}
fi
ynh_systemctl start ynh-vpnclient
## Versions known to have a buggy backup script
#buggy_versions="1.0.0 1.0.1 1.1.0"
#curr_version=$(read_manifest version)
#if echo $buggy_versions | grep -w $curr_version > /dev/null; then
# echo "Your current version of ${app} is very old: ${curr_version}. Please ignore the next warning." >&2
#fi
#
##=================================================
## BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
##=================================================
#
#ynh_backup_before_upgrade
#ynh_clean_setup () {
# ynh_restore_upgradebackup
#}
## Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# DO UPGRADE
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# DEPLOY FILES FROM PACKAGE
#=================================================
# Keep a copy of existing config files before overwriting them
tmpdir=$(mktemp -d /tmp/vpnclient-upgrade-XXX)
cp -r /etc/openvpn/client* ${tmpdir}
# Deploy files from package
vpnclient_deploy_files_and_services "${domain}" "${app}" "${service_name}"
# Restore previously existing config files
cp -r ${tmpdir}/client* /etc/openvpn/
ynh_secure_remove ${tmpdir}
#=================================================
# RELOAD RELEVANT SERVICES
#=================================================
ynh_print_info "Reload services..."
systemctl reload php7.0-fpm
systemctl reload nginx
### Make sure that the yunohost services have a description and need-lock enabled
# main service
yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock
# checker service
yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock
# Reload systemd configuration
systemctl daemon-reload
### Restart services
# restart main service if needed
if systemctl is-active $service_name >/dev/null;
then
yunohost service restart $service_name
fi
# restart checker service if needed
if systemctl is-active $service_checker_name >/dev/null;
then
yunohost service restart $service_checker_name
fi
# restart checker service timer
if systemctl is-active $service_name.timer >/dev/null;
then
yunohost service restart $service_checker_name.timer
fi
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Upgrade of $app completed"

12
sources/config.php
View File

@@ -1,19 +1,19 @@
<?php
/* VPN Client app for YunoHost
/* VPN Client app for YunoHost
* Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
* Contribute at https://github.com/labriqueinternet/vpnclient_ynh
*
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -22,11 +22,11 @@
function configure() {
option('env', ENV_PRODUCTION);
option('debug', false);
option('base_uri', '__PATH__/');
option('base_uri', '<TPL:NGINX_LOCATION>/');
layout('layout.html.php');
define('PUBLIC_DIR', '__PATH__/public');
define('PUBLIC_DIR', '<TPL:NGINX_LOCATION>/public');
}
// Before routing

5
sources/controller.php
View File

@@ -117,11 +117,6 @@ dispatch('/', function() {
});
dispatch_put('/settings', function() {
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
throw new Exception('CSRF protection');
}
$service_enabled = isset($_POST['service_enabled']) ? 1 : 0;
if($service_enabled == 1) {

32
sources/public/js/custom.js
View File

@@ -28,7 +28,7 @@ function tabsClick() {
return false;
}
function ready() {
$(document).ready(function() {
$('.btn-group').button();
$('[data-toggle="tooltip"]').tooltip();
@@ -73,29 +73,11 @@ function ready() {
$(choosertxtid).val($(this).val().replace(/^.*[\/\\]/, ''));
});
$('#form').on("submit", function(event) {
event.preventDefault()
$('#save').prop('disabled', true);
$('#save').click(function() {
$(this).prop('disabled', true);
$('#save-loading').show();
$.ajax({
url: this.action,
type: this.method,
contentType: false,
processData: false,
cache: false,
data: new FormData(this),
headers: {
'X-Requested-With': 'jQuery',
},
timeout: 5000,
dataType: "html",
// success: function() {}, // XXX will never happen because the VPN connection will be restarted after the form is posted.
complete: function() {
console.log("Forcing page reload after a few seconds...");
setTimeout(function() {document.location.reload();}, 45000)
},
});
})
$('#form').submit();
});
$('#status .close').click(function() {
$(this).parent().hide();
@@ -128,6 +110,4 @@ function ready() {
$('.enabled').show('slow');
}
});
}
$(document).ready(ready)
});

2
sources/views/settings.html.php
View File

@@ -200,7 +200,7 @@
<div class="form-group">
<label for="login_passphrase" class="col-sm-3 control-label"><?= _('Password') ?></label>
<div class="col-sm-9">
<input type="password" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
<input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
</div>
</div>
</div>