127 lines
4.4 KiB
Bash
127 lines
4.4 KiB
Bash
#!/bin/bash
|
|
|
|
# Retrieve arguments
|
|
domain=$1
|
|
url_path=$2
|
|
server_name=$3
|
|
crt_client_path=$4
|
|
crt_client_key_path=$5
|
|
crt_server_ca_path=$6
|
|
ip6_net=$7
|
|
|
|
# Check arguments
|
|
# TODO
|
|
|
|
# Check domain/path availability
|
|
sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
|
|
if [[ ! $? -eq 0 ]]; then
|
|
exit 1
|
|
fi
|
|
|
|
# Install packages
|
|
sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
|
|
|
|
# Install extra packages
|
|
sudo apt-get --assume-yes --force-yes install sipcalc
|
|
|
|
# Compute extra arguments
|
|
wired_device=$(ip r | awk '/default via/ { print $NF; }')
|
|
ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }')
|
|
ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }')
|
|
ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1")
|
|
ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
|
|
server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')
|
|
|
|
if [ -z "${server_ip6}" ]; then
|
|
server_ip6=$(host ${server_name} 80.67.188.188 | awk '/IPv6/ { print $NF; }')
|
|
fi
|
|
|
|
# Save arguments for future upgrades
|
|
sudo yunohost app setting vpnclient wired_device -v ${wired_device}
|
|
sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr}
|
|
sudo yunohost app setting vpnclient ip6_net -v ${ip6_net}
|
|
sudo yunohost app setting vpnclient server_name -v ${server_name}
|
|
sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}
|
|
|
|
# Copy confs
|
|
sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
|
|
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
|
|
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
|
|
|
|
# Copy web sources
|
|
sudo mkdir -pm 0755 /var/www/vpnadmin/
|
|
|
|
sudo cp -a ../sources/* /var/www/vpnadmin/
|
|
|
|
sudo chown -R root: /var/www/vpnadmin/
|
|
sudo chmod -R 0644 /var/www/vpnadmin/*
|
|
sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
|
|
|
|
# Copy certificates
|
|
sudo mkdir -pm 0700 /etc/openvpn/keys/
|
|
sudo chown root: /etc/openvpn/keys/
|
|
|
|
sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt
|
|
sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key
|
|
sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt
|
|
|
|
sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path}
|
|
|
|
# Create user for the web admin
|
|
sudo useradd -MUr vpnadmin
|
|
|
|
# Fix confs
|
|
## openvpn
|
|
sudo sed "s|<TPL:SERVER_NAME>|${server_name}|g" -i /etc/openvpn/client.conf.tpl
|
|
|
|
## nginx
|
|
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
|
|
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
|
|
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
|
|
|
|
# php-fpm
|
|
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
|
|
sudo sed 's|<TPL:PHP_USER>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
|
|
sudo sed 's|<TPL:PHP_GROUP>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
|
|
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
|
|
|
|
# Copy init script
|
|
sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
|
|
|
|
# Fix init script
|
|
## ynh-vpnclient
|
|
sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient
|
|
sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
|
|
sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient
|
|
|
|
# Set default inits
|
|
# The openvpn configuration is modified before the start, so the service is disabled by default
|
|
# and the ynh-vpnclient service handles it.
|
|
# All services are registred by yunohost in order to prevent conflicts after the uninstall.
|
|
sudo yunohost service add openvpn
|
|
sudo yunohost service stop openvpn
|
|
sudo yunohost service disable openvpn
|
|
|
|
sudo yunohost service add php5-fpm
|
|
sudo yunohost service enable php5-fpm
|
|
sudo yunohost service stop php5-fpm
|
|
sudo yunohost service start php5-fpm
|
|
|
|
sudo yunohost service add ynh-vpnclient
|
|
sudo yunohost service enable ynh-vpnclient
|
|
sudo yunohost service start ynh-vpnclient
|
|
|
|
sudo service nginx reload
|
|
|
|
# Update SSO for vpnadmin
|
|
sudo yunohost app ssowatconf
|
|
|
|
# Restart hotspot service if installed to change NAT configuration (now on tun0)
|
|
sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
|
|
if [ "$?" -eq 0 ]; then
|
|
sudo yunohost service stop ynh-hotspot
|
|
sudo yunohost service start ynh-hotspot
|
|
fi
|
|
|
|
exit 0
|