Update comments, apply best practices

This commit is contained in:
billz 2020-03-23 09:31:18 +00:00
parent e46929b505
commit aa497b46e4
3 changed files with 221 additions and 196 deletions

View file

@ -1,23 +1,34 @@
#!/bin/bash #!/bin/bash
# #
# RaspAP installation functions. # RaspAP installation functions
# author: @billz # Author: @billz <billzimmerman@gmail.com>
# license: GNU General Public License v3.0 # License: GNU General Public License v3.0
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
raspap_dir="/etc/raspap" # Exit on error
raspap_user="www-data" set -o errexit
raspap_sudoers="/etc/sudoers.d/090_raspap" # Exit on error inside functions
raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" set -o errtrace
raspap_sysctl="/etc/sysctl.d/90_raspap.conf" # Turn on traces, disabled by default
# set -o xtrace
# Set defaults
readonly raspap_dir="/etc/raspap"
readonly raspap_user="www-data"
readonly raspap_sudoers="/etc/sudoers.d/090_raspap"
readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf"
readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
webroot_dir="/var/www/html" webroot_dir="/var/www/html"
git_source_url="https://github.com/$repo" # $repo from install.raspap.com git_source_url="https://github.com/$repo" # $repo from install.raspap.com
# NOTE: all the below functions are overloadable for system-specific installs # NOTE: all the below functions are overloadable for system-specific installs
# Prompts user to set options for installation # Prompts user to set installation options
function config_installation() { function _config_installation() {
install_log "Configure installation" _install_log "Configure installation"
get_linux_distro _get_linux_distro
echo "Detected OS: ${DESC}" echo "Detected OS: ${DESC}"
echo "Using GitHub repository: ${repo} ${branch} branch" echo "Using GitHub repository: ${repo} ${branch} branch"
echo "Install directory: ${raspap_dir}" echo "Install directory: ${raspap_dir}"
@ -44,7 +55,7 @@ function config_installation() {
} }
# Determines host Linux distrubtion details # Determines host Linux distrubtion details
function get_linux_distro() { function _get_linux_distro() {
if type lsb_release >/dev/null 2>&1; then # linuxbase.org if type lsb_release >/dev/null 2>&1; then # linuxbase.org
OS=$(lsb_release -si) OS=$(lsb_release -si)
RELEASE=$(lsb_release -sr) RELEASE=$(lsb_release -sr)
@ -57,13 +68,12 @@ function get_linux_distro() {
CODENAME=$VERSION_CODENAME CODENAME=$VERSION_CODENAME
DESC=$PRETTY_NAME DESC=$PRETTY_NAME
else else
install_error "Unsupported Linux distribution" _install_error "Unsupported Linux distribution"
fi fi
} }
# Sets php package option based on Linux release version, # Sets php package option based on Linux version, abort if unsupported distro
# abort if unsupported distro function _set_php_package() {
function set_php_package() {
case $RELEASE in case $RELEASE in
"18.04") # Ubuntu 18.04 LTS "18.04") # Ubuntu 18.04 LTS
php_package="php7.4-cgi" php_package="php7.4-cgi"
@ -75,20 +85,20 @@ function set_php_package() {
php_package="php7.0-cgi" php_package="php7.0-cgi"
phpcgiconf="/etc/php/7.0/cgi/php.ini" ;; phpcgiconf="/etc/php/7.0/cgi/php.ini" ;;
"8") "8")
install_error "${DESC} and php5 are not supported. Please upgrade." ;; _install_error "${DESC} and php5 are not supported. Please upgrade." ;;
*) *)
install_error "${DESC} is unsupported. Please install on a supported distro." ;; _install_error "${DESC} is unsupported. Please install on a supported distro." ;;
esac esac
} }
# Runs a system software update to make sure we're using all fresh packages # Runs a system software update to make sure we're using all fresh packages
function install_dependencies() { function _install_dependencies() {
install_log "Installing required packages" _install_log "Installing required packages"
set_php_package _set_php_package
if [ "$php_package" = "php7.4-cgi" ]; then if [ "$php_package" = "php7.4-cgi" ]; then
echo "Adding apt-repository ppa:ondrej/php" echo "Adding apt-repository ppa:ondrej/php"
sudo apt-get install software-properties-common || install_error "Unable to install dependency" sudo apt-get install software-properties-common || _install_error "Unable to install dependency"
sudo add-apt-repository ppa:ondrej/php || install_error "Unable to add-apt-repository ppa:ondrej/php" sudo add-apt-repository ppa:ondrej/php || _install_error "Unable to add-apt-repository ppa:ondrej/php"
fi fi
if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then
dhcpcd_package="dhcpcd5" dhcpcd_package="dhcpcd5"
@ -96,129 +106,130 @@ function install_dependencies() {
# Set dconf-set-selections # Set dconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies" sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to install dependencies"
} }
# Enables PHP for lighttpd and restarts service for settings to take effect # Enables PHP for lighttpd and restarts service for settings to take effect
function enable_php_lighttpd() { function _enable_php_lighttpd() {
install_log "Enabling PHP for lighttpd" _install_log "Enabling PHP for lighttpd"
sudo lighttpd-enable-mod fastcgi-php sudo lighttpd-enable-mod fastcgi-php
sudo service lighttpd force-reload sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd" sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd"
} }
# Verifies existence and permissions of RaspAP directory # Verifies existence and permissions of RaspAP directory
function create_raspap_directories() { function _create_raspap_directories() {
install_log "Creating RaspAP directories" _install_log "Creating RaspAP directories"
if [ -d "$raspap_dir" ]; then if [ -d "$raspap_dir" ]; then
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way" sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_error "Unable to move old '$raspap_dir' out of the way"
fi fi
sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'" sudo mkdir -p "$raspap_dir" || _install_error "Unable to create directory '$raspap_dir'"
# Create a directory for existing file backups. # Create a directory for existing file backups.
sudo mkdir -p "$raspap_dir/backups" sudo mkdir -p "$raspap_dir/backups"
# Create a directory to store networking configs # Create a directory to store networking configs
echo "Creating $raspap_dir/networking"
sudo mkdir -p "$raspap_dir/networking" sudo mkdir -p "$raspap_dir/networking"
# Copy existing dhcpcd.conf to use as base config # Copy existing dhcpcd.conf to use as base config
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults echo "Adding /etc/dhcpcd.conf as base configuration"
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" echo "Changing file ownership of $raspap_dir"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
} }
# Generate hostapd logging and service control scripts # Generate hostapd logging and service control scripts
function create_hostapd_scripts() { function _create_hostapd_scripts() {
install_log "Creating hostapd logging & control scripts" _install_log "Creating hostapd logging & control scripts"
sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'" sudo mkdir $raspap_dir/hostapd || _install_error "Unable to create directory '$raspap_dir/hostapd'"
# Move logging shell scripts # Move logging shell scripts
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts" sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_error "Unable to move logging scripts"
# Move service control shell scripts # Move service control shell scripts
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts" sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_error "Unable to move service control scripts"
# Make enablelog.sh and disablelog.sh not writable by www-data group. # Make enablelog.sh and disablelog.sh not writable by www-data group.
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group" sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions" sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_error "Unable to change file permissions"
} }
# Generate lighttpd service control scripts # Generate lighttpd service control scripts
function create_lighttpd_scripts() { function _create_lighttpd_scripts() {
install_log "Creating lighttpd control scripts" _install_log "Creating lighttpd control scripts"
sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd" sudo mkdir $raspap_dir/lighttpd || _install_error "Unable to create directory '$raspap_dir/lighttpd"
# Move service control shell scripts # Move service control shell scripts
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts" sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_error "Unable to move service control scripts"
# Make configport.sh writable by www-data group # Make configport.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group" sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions" sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_error "Unable to change file permissions"
} }
# Prompt to install openvpn # Prompt to install openvpn
function prompt_install_openvpn() { function _prompt_install_openvpn() {
install_log "Setting up OpenVPN support (beta)" _install_log "Setting up OpenVPN support"
echo -n "Install OpenVPN and enable client configuration? [Y/n]: " echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e echo -e
else else
install_openvpn _install_openvpn
fi fi
elif [ "$ovpn_option" == 1 ]; then elif [ "$ovpn_option" == 1 ]; then
install_openvpn _install_openvpn
fi fi
} }
# Install openvpn and enable client configuration option # Install openvpn and enable client configuration option
function install_openvpn() { function _install_openvpn() {
install_log "Installing OpenVPN and enabling client configuration" _install_log "Installing OpenVPN and enabling client configuration"
sudo apt-get install -y openvpn || install_error "Unable to install openvpn" sudo apt-get install -y openvpn || _install_error "Unable to install openvpn"
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php" sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
echo "Enabling openvpn-client service on boot" echo "Enabling openvpn-client service on boot"
sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon" sudo systemctl enable openvpn-client@client || _install_error "Unable to enable openvpn-client daemon"
create_openvpn_scripts || install_error "Unable to create openvpn control scripts" _create_openvpn_scripts || _install_error "Unable to create openvpn control scripts"
} }
# Generate openvpn logging and auth control scripts # Generate openvpn logging and auth control scripts
function create_openvpn_scripts() { function _create_openvpn_scripts() {
install_log "Creating OpenVPN control scripts" _install_log "Creating OpenVPN control scripts"
sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'" sudo mkdir $raspap_dir/openvpn || _install_error "Unable to create directory '$raspap_dir/openvpn'"
# Move service auth control shell scripts # Move service auth control shell scripts
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script" sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_error "Unable to move auth control script"
# Make configauth.sh writable by www-data group # Make configauth.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group" sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions" sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_error "Unable to change file permissions"
} }
# Fetches latest files from github to webroot # Fetches latest files from github to webroot
function download_latest_files() { function _download_latest_files() {
if [ ! -d "$webroot_dir" ]; then if [ ! -d "$webroot_dir" ]; then
sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory" sudo mkdir -p $webroot_dir || _install_error "Unable to create new webroot directory"
fi fi
if [ -d "$webroot_dir" ]; then if [ -d "$webroot_dir" ]; then
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory" sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_error "Unable to remove old webroot directory"
fi fi
install_log "Cloning latest files from github" _install_log "Cloning latest files from github"
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github" git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || _install_error "Unable to download files from github"
sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root" sudo mv /tmp/raspap-webgui $webroot_dir || _install_error "Unable to move raspap-webgui to web root"
} }
# Sets files ownership in web root directory # Sets files ownership in web root directory
function change_file_ownership() { function _change_file_ownership() {
if [ ! -d "$webroot_dir" ]; then if [ ! -d "$webroot_dir" ]; then
install_error "Web root directory doesn't exist" _install_error "Web root directory doesn't exist"
fi fi
install_log "Changing file ownership in web root directory" _install_log "Changing file ownership in web root directory"
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'" sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_error "Unable to change file ownership for '$webroot_dir'"
} }
# Check for existing configuration files # Check for existing configuration files
function check_for_old_configs() { function _check_for_old_configs() {
if [ -f /etc/network/interfaces ]; then if [ -f /etc/network/interfaces ]; then
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`" sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces" sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
@ -249,33 +260,33 @@ function check_for_old_configs() {
} }
# Move configuration file to the correct location # Move configuration file to the correct location
function move_config_file() { function _move_config_file() {
if [ ! -d "$raspap_dir" ]; then if [ ! -d "$raspap_dir" ]; then
install_error "'$raspap_dir' directory doesn't exist" _install_error "'$raspap_dir' directory doesn't exist"
fi fi
install_log "Moving configuration file to '$raspap_dir'" _install_log "Moving configuration file to '$raspap_dir'"
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'" sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_error "Unable to move files to '$raspap_dir'"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
} }
# Set up default configuration # Set up default configuration
function default_configuration() { function _default_configuration() {
install_log "Applying default configuration to installed services" _install_log "Applying default configuration to installed services"
if [ -f /etc/default/hostapd ]; then if [ -f /etc/default/hostapd ]; then
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file" sudo mv /etc/default/hostapd /tmp/default_hostapd.old || _install_error "Unable to remove old /etc/default/hostapd file"
fi fi
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file" sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || _install_error "Unable to move hostapd defaults file"
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file" sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_error "Unable to move hostapd configuration file"
sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || install_error "Unable to move dnsmasq configuration file" sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || _install_error "Unable to move dnsmasq configuration file"
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file" sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_error "Unable to move dhcpcd configuration file"
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d [ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
sudo systemctl stop systemd-networkd sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd sudo systemctl disable systemd-networkd
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file" sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_error "Unable to move br0 netdev file"
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file" sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_error "Unable to move br0 member file"
if [ ! -f "$webroot_dir/includes/config.php" ]; then if [ ! -f "$webroot_dir/includes/config.php" ]; then
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php" sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
@ -283,27 +294,27 @@ function default_configuration() {
} }
# Install and enable RaspAP daemon # Install and enable RaspAP daemon
function enable_raspap_daemon() { function _enable_raspap_daemon() {
install_log "Enabling RaspAP daemon" _install_log "Enabling RaspAP daemon"
echo "Disable with: sudo systemctl disable raspapd.service" echo "Disable with: sudo systemctl disable raspapd.service"
sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || install_error "Unable to move raspap.service file" sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_error "Unable to move raspap.service file"
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl enable raspapd.service || install_error "Failed to enable raspap.service" sudo systemctl enable raspapd.service || _install_error "Failed to enable raspap.service"
} }
# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
function configure_networking() { function _configure_networking() {
install_log "Configuring networking" _install_log "Configuring networking"
echo "Enabling IP forwarding" echo "Enabling IP forwarding"
echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || install_error "Unable to set IP forwarding" echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_error "Unable to set IP forwarding"
sudo sysctl -p $raspap_sysctl || install_error "Unable to execute sysctl" sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl"
sudo /etc/init.d/procps restart || install_error "Unable to execute procps" sudo /etc/init.d/procps restart || _install_error "Unable to execute procps"
echo "Creating IP tables rules" echo "Creating IP tables rules"
sudo iptables -t nat -A POSTROUTING -j MASQUERADE || install_error "Unable to execute iptables" sudo iptables -t nat -A POSTROUTING -j MASQUERADE || _install_error "Unable to execute iptables"
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || install_error "Unable to execute iptables" sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || _install_error "Unable to execute iptables"
echo "Persisting IP tables rules" echo "Persisting IP tables rules to /etc/iptables/rules.v4"
sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null || install_error "Unable to execute iptables-save" sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null || _install_error "Unable to execute iptables-save"
# Prompt to install RaspAP daemon # Prompt to install RaspAP daemon
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
@ -312,42 +323,42 @@ function configure_networking() {
if [ "$answer" != "${answer#[Nn]}" ]; then if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e echo -e
else else
enable_raspap_daemon _enable_raspap_daemon
fi fi
else else
echo -e echo -e
enable_raspap_daemon _enable_raspap_daemon
fi fi
} }
# Add sudoers file to /etc/sudoers.d/ and set file permissions # Add sudoers file to /etc/sudoers.d/ and set file permissions
function patch_system_files() { function _patch_system_files() {
# Create sudoers if not present # Create sudoers if not present
if [ ! -f $raspap_sudoers ]; then if [ ! -f $raspap_sudoers ]; then
install_log "Adding raspap.sudoers to ${raspap_sudoers}" _install_log "Adding raspap.sudoers to ${raspap_sudoers}"
sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || install_error "Unable to apply raspap.sudoers to $raspap_sudoers" sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_error "Unable to apply raspap.sudoers to $raspap_sudoers"
sudo chmod 0440 $raspap_sudoers || install_error "Unable to change file permissions for $raspap_sudoers" sudo chmod 0440 $raspap_sudoers || _install_error "Unable to change file permissions for $raspap_sudoers"
fi fi
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces # Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces" _install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/ sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
fi fi
# Unmask and enable hostapd.service # Unmask and enable hostapd.service
install_log "Unmasking and enabling hostapd service" _install_log "Unmasking and enabling hostapd service"
sudo systemctl unmask hostapd.service sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service sudo systemctl enable hostapd.service
} }
# Optimize configuration of php-cgi. # Optimize configuration of php-cgi.
function optimize_php() { function _optimize_php() {
install_log "Optimize PHP configuration" _install_log "Optimize PHP configuration"
if [ ! -f "$phpcgiconf" ]; then if [ ! -f "$phpcgiconf" ]; then
install_warning "PHP configuration could not be found." _install_warning "PHP configuration could not be found."
return return
fi fi
@ -389,15 +400,14 @@ function optimize_php() {
if [ -f "/usr/sbin/phpenmod" ]; then if [ -f "/usr/sbin/phpenmod" ]; then
sudo phpenmod opcache sudo phpenmod opcache
else else
install_warning "phpenmod not found." _install_warning "phpenmod not found."
fi fi
fi fi
fi fi
} }
function install_complete() { function _install_complete() {
install_log "Installation completed!" _install_log "Installation completed!"
if [ "$assume_yes" == 0 ]; then if [ "$assume_yes" == 0 ]; then
# Prompt to reboot if wired ethernet (eth0) is connected. # Prompt to reboot if wired ethernet (eth0) is connected.
# With default_configuration this will create an active AP on restart. # With default_configuration this will create an active AP on restart.
@ -408,28 +418,28 @@ function install_complete() {
echo "Installation reboot aborted." echo "Installation reboot aborted."
exit 0 exit 0
fi fi
sudo shutdown -r now || install_error "Unable to execute shutdown" sudo shutdown -r now || _install_error "Unable to execute shutdown"
fi fi
fi fi
} }
function install_raspap() { function _install_raspap() {
display_welcome _display_welcome
config_installation _config_installation
update_system_packages _update_system_packages
install_dependencies _install_dependencies
enable_php_lighttpd _enable_php_lighttpd
create_raspap_directories _create_raspap_directories
optimize_php _optimize_php
check_for_old_configs _check_for_old_configs
download_latest_files _download_latest_files
change_file_ownership _change_file_ownership
create_hostapd_scripts _create_hostapd_scripts
create_lighttpd_scripts _create_lighttpd_scripts
move_config_file _move_config_file
default_configuration _default_configuration
configure_networking _configure_networking
prompt_install_openvpn _prompt_install_openvpn
patch_system_files _patch_system_files
install_complete _install_complete
} }

View file

@ -1,19 +1,31 @@
#!/bin/bash #!/bin/bash
# #
# RaspAP SSL certificate installation functions # RaspAP SSL certificate installation functions
# author: @billz # Author: @billz <billzimmerman@gmail.com>
# license: GNU General Public License v3.0 # License: GNU General Public License v3.0
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
# set -o xtrace
# Set defaults
certname=$HOSTNAME."local" certname=$HOSTNAME."local"
lighttpd_ssl="/etc/lighttpd/ssl" lighttpd_ssl="/etc/lighttpd/ssl"
lighttpd_conf="/etc/lighttpd/lighttpd.conf" lighttpd_conf="/etc/lighttpd/lighttpd.conf"
webroot_dir="/var/www/html" webroot_dir="/var/www/html"
mkcert_version="1.4.1" readonly mkcert_version="1.4.1"
readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}"
### NOTE: all the below functions are overloadable for system-specific installs ### NOTE: all the below functions are overloadable for system-specific installs
function config_installation() { function _config_installation() {
install_log "Configure a new SSL certificate" _install_log "Configure a new SSL certificate"
echo "Current system hostname is $HOSTNAME" echo "Current system hostname is $HOSTNAME"
echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]" echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
if [ $assume_yes == 0 ]; then if [ $assume_yes == 0 ]; then
@ -35,10 +47,10 @@ function config_installation() {
echo -e echo -e
fi fi
install_divider _install_divider
echo "A new SSL certificate for: ${certname}" echo "A new SSL certificate for: ${certname}"
echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}" echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
install_divider _install_divider
echo -n "Complete installation with these values? [y/N]: " echo -n "Complete installation with these values? [y/N]: "
if [ $assume_yes == 0 ]; then if [ $assume_yes == 0 ]; then
read answer < /dev/tty read answer < /dev/tty
@ -52,43 +64,43 @@ function config_installation() {
} }
# Installs pre-built mkcert binary for Arch Linux ARM # Installs pre-built mkcert binary for Arch Linux ARM
function install_mkcert() { function _install_mkcert() {
install_log "Fetching mkcert binary" _install_log "Fetching mkcert binary"
sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert" sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert"
sudo chmod +x /usr/local/bin/mkcert sudo chmod +x /usr/local/bin/mkcert
install_log "Installing mkcert" _install_log "Installing mkcert"
mkcert -install || install_error "Failed to install mkcert" mkcert -install || _install_error "Failed to install mkcert"
} }
# Generate a certificate for host # Generate a certificate for host
function generate_certificate() { function _generate_certificate() {
install_log "Generating a new certificate for $certname" _install_log "Generating a new certificate for $certname"
cd $HOME cd $HOME
mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname" mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname"
install_log "Combining private key and certificate" _install_log "Combining private key and certificate"
cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate" cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate"
echo "OK" echo "OK"
} }
# Create a directory for the combined .pem file in lighttpd # Create a directory for the combined .pem file in lighttpd
function create_lighttpd_dir() { function _create_lighttpd_dir() {
install_log "Creating SLL directory for lighttpd" _install_log "Creating SLL directory for lighttpd"
if [ ! -d "$lighttpd_ssl" ]; then if [ ! -d "$lighttpd_ssl" ]; then
sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory" sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory"
fi fi
echo "OK" echo "OK"
install_log "Setting permissions and moving .pem file" _install_log "Setting permissions and moving .pem file"
chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file" chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file"
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file" sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file"
echo "OK" echo "OK"
} }
# Generate config to enable SSL in lighttpd # Generate config to enable SSL in lighttpd
function configure_lighttpd() { function _configure_lighttpd() {
install_log "Configuring lighttpd for SSL" _install_log "Configuring lighttpd for SSL"
lines=( lines=(
'server.modules += ("mod_openssl")' 'server.modules += ("mod_openssl")'
'$SERVER["socket"] == ":443" {' '$SERVER["socket"] == ":443" {'
@ -110,22 +122,22 @@ function configure_lighttpd() {
} }
# Copy rootCA.pem to RaspAP web root # Copy rootCA.pem to RaspAP web root
function copy_rootca() { function _copy_rootca() {
install_log "Copying rootCA.pem to RaspAP web root" _install_log "Copying rootCA.pem to RaspAP web root"
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}" sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}"
echo "OK" echo "OK"
} }
# Restart lighttpd service # Restart lighttpd service
function restart_lighttpd() { function _restart_lighttpd() {
install_log "Restarting lighttpd service" _install_log "Restarting lighttpd service"
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service" sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service"
sudo systemctl status lighttpd.service sudo systemctl status lighttpd.service
} }
function install_complete() { function _install_complete() {
install_log "SSL certificate install completed!" _install_log "SSL certificate install completed!"
install_divider _install_divider
printf '%s\n' \ printf '%s\n' \
"Open a browser and enter the address: http://$certname/rootCA.pem" \ "Open a browser and enter the address: http://$certname/rootCA.pem" \
"Download the root certificate to your client and add it to your system keychain." \ "Download the root certificate to your client and add it to your system keychain." \
@ -133,18 +145,18 @@ function install_complete() {
"Finally, enter the address https://$certname in your browser." \ "Finally, enter the address https://$certname in your browser." \
"Enjoy an encrypted SSL connection to RaspAP 🔒" \ "Enjoy an encrypted SSL connection to RaspAP 🔒" \
"For advanced options, run mkcert -help" "For advanced options, run mkcert -help"
install_divider _install_divider
} }
function install_certificate() { function _install_certificate() {
display_welcome _display_welcome
config_installation _config_installation
install_mkcert _install_mkcert
generate_certificate _generate_certificate
create_lighttpd_dir _create_lighttpd_dir
configure_lighttpd _configure_lighttpd
copy_rootca _copy_rootca
restart_lighttpd _restart_lighttpd
install_complete _install_complete
} }

View file

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# RaspAP Quick Installer # RaspAP Quick Installer
# author: @billz # Author: @billz <billzimmerman@gmail.com>
# license: GNU General Public License v3.0 # License: GNU General Public License v3.0
# #
# Usage: # Usage:
# #
@ -27,13 +27,16 @@
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh
# - or - # - or -
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Set defaults # Set defaults
repo="billz/raspap-webgui" repo="billz/raspap-webgui"
branch="master" branch="master"
assume_yes=0 assume_yes=0
ovpn_option=1 ovpn_option=1
RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
# Define usage notes # Define usage notes
usage=$(cat << EOF usage=$(cat << EOF
@ -93,7 +96,7 @@ done
UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/" UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
# Outputs a welcome message # Outputs a welcome message
function display_welcome() { function _display_welcome() {
raspberry='\033[0;35m' raspberry='\033[0;35m'
green='\033[1;32m' green='\033[1;32m'
@ -111,29 +114,29 @@ function display_welcome() {
} }
# Outputs a RaspAP Install log line # Outputs a RaspAP Install log line
function install_log() { function _install_log() {
echo -e "\033[1;32mRaspAP Install: $*\033[m" echo -e "\033[1;32mRaspAP Install: $*\033[m"
} }
# Outputs a RaspAP Install Error log line and exits with status code 1 # Outputs a RaspAP Install Error log line and exits with status code 1
function install_error() { function _install_error() {
echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m" echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m"
exit 1 exit 1
} }
# Outputs a RaspAP Warning line # Outputs a RaspAP Warning line
function install_warning() { function _install_warning() {
echo -e "\033[1;33mWarning: $*\033[m" echo -e "\033[1;33mWarning: $*\033[m"
} }
# Outputs a RaspAP divider # Outputs a RaspAP divider
function install_divider() { function _install_divider() {
echo -e "\033[1;32m***************************************************************$*\033[m" echo -e "\033[1;32m***************************************************************$*\033[m"
} }
function update_system_packages() { function _update_system_packages() {
install_log "Updating sources" _install_log "Updating sources"
sudo apt-get update || install_error "Unable to update package list" sudo apt-get update || _install_error "Unable to update package list"
} }
# Fetch required installer functions # Fetch required installer functions
@ -141,11 +144,11 @@ if [ "${install_cert:-}" = 1 ]; then
source="mkcert" source="mkcert"
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
install_certificate || install_error "Unable to install certificate" _install_certificate || _install_error "Unable to install certificate"
else else
source="common" source="common"
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
install_raspap || install_error "Unable to install RaspAP" _install_raspap || _install_error "Unable to install RaspAP"
fi fi