WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
vpnclient_ynh/scripts/install
Sebastien Badia 0b1ecb41e1 doc: Fix Contribute link (update namespace)
2015-07-22 23:52:09 +02:00

202 lines
7.0 KiB
Bash
Raw Blame History

#!/bin/bash
# VPN Client app for YunoHost
# Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
# Contribute at https://github.com/labriqueinternet/vpnclient_ynh
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Retrieve arguments
domain=${1}
url_path=${2}
server_name=${3}
##
## These arguments are optional but YunoHost is not yet able to handle them with the web installer
## See manifest.json.options
##
#
#crt_client_path=${4}
#crt_client_key_path=${5}
#crt_server_ca_path=${6}
#login_user=${7}
#login_passphrase=${8}
# Check arguments
if [ -z "${server_name}" ]; then
echo "ERROR: You need a VPN server name" >&2
exit 1
fi
#if [ \( -z "${crt_client_path}" -a ! -z "${crt_client_key_path}" \)\
# -o \( ! -z "${crt_client_path}" -a -z "${crt_client_key_path}" \) ]; then
#
# echo "ERROR: A client certificate is needed when you suggest a key (or vice versa)" >&2
# exit 1
#fi
#
#if [ ! -z "${crt_client_key_path}" -a -z "${crt_server_ca_path}" ]; then
# echo "ERROR: If you can suggest a local path for the client certificates, you probably can suggest one other for the (mandatory) CA server" >&2
# exit 1
#fi
#
#if [ \( -z "${login_user}" -a ! -z "${login_passphrase}" \)\
# -o \( ! -z "${login_user}" -a -z "${login_passphrase}" \) ]; then
#
# echo "ERROR: A login password is needed when you suggest a login user (or vice versa)" >&2
# exit 1
#fi
#
#if [ ! -z "${crt_client_path}" -a ! -f "${crt_client_path}" ]; then
# echo "ERROR: The local path <${crt_client_path}> does not exist" >&2
# exit 1
#fi
#
#if [ ! -z "${crt_client_key_path}" -a ! -f "${crt_client_key_path}" ]; then
# echo "ERROR: The local path <${crt_client_key_path}> does not exist" >&2
# exit 1
#fi
#
#if [ ! -z "${crt_server_ca_path}" -a ! -f "${crt_server_ca_path}" ]; then
# echo "ERROR: The local path <${crt_server_ca_path}> does not exist" >&2
# exit 1
#fi
# Check domain/path availability
sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
if [ ! $? -eq 0 ]; then
exit 1
fi
# Install packages
packages='php5-fpm sipcalc openvpn'
export DEBIAN_FRONTEND=noninteractive
sudo apt-get --assume-yes --force-yes install ${packages}
if [ $? -ne 0 ]; then
sudo apt-get update
sudo apt-get --assume-yes --force-yes install ${packages}
fi
# Save arguments
sudo yunohost app setting vpnclient service_enabled -v 1
sudo yunohost app setting vpnclient server_name -v "${server_name}"
sudo yunohost app setting vpnclient server_port -v 1194
sudo yunohost app setting vpnclient server_proto -v udp
sudo yunohost app setting vpnclient ip6_addr -v none
sudo yunohost app setting vpnclient ip6_net -v none
sudo yunohost app setting vpnclient login_user -v "${login_user}"
sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}"
# Install IPv6 scripts
sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
# Copy confs
sudo mkdir -pm 0755 /var/log/nginx/
sudo chown root:admins /etc/openvpn/
sudo chmod 775 /etc/openvpn/
sudo install -b -o root -g admins -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
# Copy web sources
sudo mkdir -pm 0755 /var/www/vpnadmin/
sudo cp -a ../sources/* /var/www/vpnadmin/
sudo chown -R root: /var/www/vpnadmin/
sudo chmod -R 0644 /var/www/vpnadmin/*
sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
# Copy certificates
sudo mkdir -pm 0770 /etc/openvpn/keys/
sudo chown root:admins /etc/openvpn/keys/
#[ ! -z "${crt_client_path}" ] &&\
# sudo install -b -o root -g admins -m 0660 "${crt_client_path}" /etc/openvpn/keys/user.crt
#
#[ ! -z "${crt_client_key_path}" ] &&\
# sudo install -b -o root -g admins -m 0660 "${crt_client_key_path}" /etc/openvpn/keys/user.key
#
#[ ! -z "${crt_server_ca_path}" ] &&\
# sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
#
#sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
# Credentials file for (optional) login
#sudo cat << EOF > /etc/openvpn/keys/credentials
#${login_user}
#${login_passphrase}
#EOF
#
#sudo chown -R root:admins /etc/openvpn/keys/credentials
#sudo chmod 0460 /etc/openvpn/keys/credentials
# Fix confs
## nginx
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
## php-fpm
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
# Fix sources
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
# Copy init script
sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/
# Set default inits
# The boot order of these services are important, so they are disabled by default
# and the ynh-vpnclient service handles them.
sudo systemctl disable openvpn
sudo systemctl stop openvpn
sudo systemctl enable php5-fpm
sudo systemctl restart php5-fpm
sudo systemctl reload nginx
sudo systemctl enable ynh-vpnclient
sudo systemctl start ynh-vpnclient
# Update SSO for vpnadmin
sudo yunohost app ssowatconf
# Restart hotspot service if installed (and started) to change NAT configuration (now on tun0)
# A new start will fix the interface without unsetting all stuff
#if [ -e /tmp/.ynh-hotspot-started ]; then
# sudo ynh-hotspot start
#fi
# Check configuration consistency
if [ -z "${crt_server_ca_path}" ]; then
echo "WARNING: VPN Client is not started because you need to define a server CA through the web admin" >&2
fi
if [ -z "${crt_client_key_path}" -a -z "${login_user}" ]; then
echo "WARNING: VPN Client is not started because you need either a client certificate, either a username (or both)" >&2
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink