Browse Source

generate config file during upgrade

HgO 1 year ago
parent
commit
87fdd9dad5
4 changed files with 182 additions and 124 deletions
  1. 22 1
      config_panel.toml
  2. 138 0
      scripts/_common.sh
  3. 9 119
      scripts/config
  4. 13 4
      scripts/upgrade

+ 22 - 1
config_panel.toml

@@ -30,7 +30,28 @@ name = "Auto-configuration"
         help = ".cube file recommended, .ovpn file accepted"
         bind = "/etc/openvpn/client.conf"
         redact = true
-        
+
+        [main.vpn.config_template]
+        type = "file"
+        bind = "/etc/openvpn/client.conf.tpl"
+        redact = true
+        optional = true
+        visible = false
+
+        [main.vpn.cube_file]
+        type = "file"
+        bind = "/etc/openvpn/client.cube"
+        redact = true
+        optional = true
+        visible = false
+
+        [main.vpn.ovpn_file]
+        type = "file"
+        bind = "/etc/openvpn/client.ovpn"
+        redact = true
+        optional = true
+        visible = false
+
     [main.auth]
     name = "Authentication"
     optional = true

+ 138 - 0
scripts/_common.sh

@@ -61,3 +61,141 @@ function vpnclient_deploy_files_and_services()
 
   ynh_add_systemd_config $service_checker_name "$service_checker_name.service"
 }
+
+function read_cube() {
+  local config_file="$1"
+  local key="$2"
+  local tmp_dir=$(dirname "$config_file")
+
+  setting_value="$(jq --raw-output ".$key" "$config_file")"
+  if [[ "$setting_value" == "null" ]]
+  then
+    setting_value=''
+  # Save file in tmp dir
+  elif [[ "$key" == "crt_"* ]]
+  then
+    if [ -n "${setting_value}" ]
+    then
+      echo "${setting_value}" | sed 's/|/\n/g' > "$tmp_dir/$key"
+      setting_value="$tmp_dir/$key"
+    fi
+  fi
+  echo $setting_value
+}
+
+function convert_cube_file()
+{
+  local config_file="$1"
+  local tmp_dir=$(dirname "$config_file")
+  
+  ynh_print_info --message="Transforming .cube into OVPN file"
+  server_name="$(read_cube $config_file server_name)"
+  server_port="$(read_cube $config_file server_port)"
+  server_proto="$(read_cube $config_file server_proto)"
+  ip6_net="$(read_cube $config_file ip6_net)"
+  ip6_addr="$(read_cube $config_file ip6_addr)"
+  login_user="$(read_cube $config_file login_user)"
+  login_passphrase="$(read_cube $config_file login_passphrase)"
+  dns0="$(read_cube $config_file dns0)"
+  dns1="$(read_cube $config_file dns1)"
+  crt_server_ca="$(read_cube $config_file crt_server_ca)"
+  crt_client="$(read_cube $config_file crt_client)"
+  crt_client_key="$(read_cube $config_file crt_client_key)"
+  crt_client_ta="$(read_cube $config_file crt_client_ta)"
+
+  if [[ -z "$dns0" && -z "$dns1" ]]; then
+    dns_method="yunohost"
+  else
+    dns_method="custom"
+    nameservers="$dns0,$dns1"
+  fi
+  
+  # Build specific OVPN template
+  config_template="$tmp_dir/client.conf.tpl"
+  cp -f /etc/yunohost/apps/vpnclient/conf/openvpn_client.conf.tpl "$config_template"
+  # Remove some lines
+  jq --raw-output '.openvpn_rm[]' "${config_file}" | while read -r rm_regex
+  do
+    if [ ! -z "${rm_regex}" ]; then
+      sed -i "/${rm_regex/\//\\\/}/d" "$config_template"
+    fi
+  done
+
+  # Add some other lines
+  echo "# Custom additions from .cube" >> "$config_template"
+  jq --raw-output ".openvpn_add[]" "${config_file}" >> "$config_template"
+
+  # Temporarily tweak sever_proto for template hydratation
+  [ "$server_proto" == tcp ] && server_proto=tcp-client
+
+  # Define other needed vars for template hydratation
+  [ -e "$crt_client_key" ] && cert_comment="" || cert_comment="#"
+  [ -e "$crt_client_ta" ] && ta_comment="" || ta_comment="#"
+  [[ "$server_proto" =~ udp ]] && udp_comment="" || udp_comment="#"
+  [ -n "$login_user" ] && login_comment="" || login_comment="#"
+
+  # Actually generate/hydrate the final configuration
+  ynh_add_config --template="$config_template" --destination="$config_file"
+
+  [ "$server_proto" == tcp-client ] && server_proto=tcp
+}
+
+function convert_ovpn_file()
+{
+  local config_file="$1"
+  local tmp_dir=$(dirname "$config_file")
+
+  ynh_print_info --message="Extracting TLS keys from .ovpn file"
+  if grep -q '^\s*<ca>' ${config_file}
+  then
+      grep -Poz '(?<=<ca>)(.*\n)*.*(?=</ca>)' ${config_file} | sed '/^$/d'  > $tmp_dir/crt_server_ca
+      crt_server_ca=$tmp_dir/crt_server_ca
+      sed -i '/^\s*<ca>/,/\s*<\/ca>/d' ${config_file}
+      sed -i '/^\s*ca\s/d' ${config_file}
+      echo -e "\nca /etc/openvpn/keys/ca-server.crt" >> $config_file
+  fi
+  if grep -q '^\s*<cert>' ${config_file}
+  then
+      grep -Poz '(?<=<cert>)(.*\n)*.*(?=</cert>)' ${config_file} | sed '/^$/d'  > $tmp_dir/crt_client
+      crt_client=$tmp_dir/crt_client
+      sed -i '/^\s*<cert>/,/\s*<\/cert>/d' ${config_file}
+      sed -i '/^\s*cert\s/d' ${config_file}
+      echo -e "\ncert /etc/openvpn/keys/user.crt" >> ${config_file}
+  elif ! grep -q '^\s*cert\s' ${config_file}
+  then
+      crt_client=""
+  fi
+  if grep -q '^\s*<key>' ${config_file}
+  then
+      grep -Poz '(?<=<key>)(.*\n)*.*(?=</key>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client_key
+      crt_client_key=$tmp_dir/crt_client_key
+      sed -i '/^\s*<key>/,/\s*<\/key>/d' ${config_file}
+      sed -i '/^\s*key\s/d' ${config_file}
+      echo -e "\nkey /etc/openvpn/keys/user.key" >> ${config_file}
+  elif ! grep -q '^\s*key\s' ${config_file}
+  then
+      crt_client_key=""
+  fi
+  if grep -q '^\s*<tls-auth>' ${config_file}
+  then
+      grep -Poz '(?<=<tls-auth>)(.*\n)*.*(?=</tls-auth>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client_ta
+      crt_client_ta=$tmp_dir/crt_client_ta
+      sed -i '/^\s*<tls-auth>/,/\s*<\/tls-auth>/d' ${config_file}
+      sed -i '/^\s*tls-auth\s/d' ${config_file}
+      echo -e "\ntls-auth /etc/openvpn/keys/user_ta.key 1" >> ${config_file}
+  elif ! grep -q '^\s*tls-auth\s' ${config_file}
+  then
+      crt_client_ta=""
+  fi
+  sed -i 's@^\s*ca\s.*$@ca /etc/openvpn/keys/ca-server.crt@g' ${config_file}
+  sed -i 's@^\s*cert\s.*$@cert /etc/openvpn/keys/user.crt@g' ${config_file}
+  sed -i 's@^\s*key\s.*$@key /etc/openvpn/keys/user.key@g' ${config_file}
+  sed -i 's@^\s*tls-auth\s.*$@tls-auth /etc/openvpn/keys/user_ta.key 1@g' ${config_file}
+
+  echo -e '\nroute-up "/etc/openvpn/scripts/run-parts.sh route-up"' >> ${config_file}
+  echo -e '\ndown "/etc/openvpn/scripts/run-parts.sh route-down"' >> ${config_file}
+
+  # Currently we need root priviledge to create tun0
+  sed -i '/^\s*user\s/d' ${config_file}
+  sed -i '/^\s*group\s/d' ${config_file}
+}

+ 9 - 119
scripts/config

@@ -195,23 +195,6 @@ set__login_passphrase() {
 #=================================================
 # OVERWRITING VALIDATE STEP
 #=================================================
-read_cube() {
-    tmp_dir=$(dirname "$1")
-    setting_value="$(jq --raw-output ".$2" "$1")"
-    if [[ "$setting_value" == "null" ]]
-    then
-        setting_value=''
-    # Save file in tmp dir
-    elif [[ "$2" == "crt_"* ]]
-    then
-        if [ -n "${setting_value}" ]
-        then
-            echo "${setting_value}" | sed 's/|/\n/g' > $tmp_dir/$2
-            setting_value="$tmp_dir/$2"
-        fi
-    fi
-    echo $setting_value
-}
 ynh_app_config_validate() {
     # At this moment this var is not already set with the old value
     if [ -z ${config_file+x} ]
@@ -224,115 +207,22 @@ ynh_app_config_validate() {
     # (i.e. it starts with { ..)
     elif [ -f "${config_file}" ] && [[ "$(cat ${config_file} | tr -d ' ' | grep -v "^$" | head -c1)" == "{" ]]
     then
-        ynh_print_info --message="Transforming .cube into OVPN file"
-        server_name="$(read_cube $config_file server_name)"
-        server_port="$(read_cube $config_file server_port)"
-        server_proto="$(read_cube $config_file server_proto)"
-        ip6_net="$(read_cube $config_file ip6_net)"
-        ip6_addr="$(read_cube $config_file ip6_addr)"
-        login_user="$(read_cube $config_file login_user)"
-        login_passphrase="$(read_cube $config_file login_passphrase)"
-        dns0="$(read_cube $config_file dns0)"
-        dns1="$(read_cube $config_file dns1)"
-        crt_server_ca="$(read_cube $config_file crt_server_ca)"
-        crt_client="$(read_cube $config_file crt_client)"
-        crt_client_key="$(read_cube $config_file crt_client_key)"
-        crt_client_ta="$(read_cube $config_file crt_client_ta)"
-
-        if [[ -z "$dns0" && -z "$dns1" ]]; then
-          dns_method="yunohost"
-        else
-          dns_method="custom"
-          nameservers="$dns0,$dns1"
-        fi
-        
-        # Build specific OVPN template
-        tmp_dir=$(dirname "${config_file}")
-        cp -f /etc/yunohost/apps/vpnclient/conf/openvpn_client.conf.tpl $tmp_dir/client.conf.tpl
-        # Remove some lines
-        jq --raw-output '.openvpn_rm[]' "${config_file}" | while read -r rm_regex
-        do
-            if [ ! -z "${rm_regex}" ] ; then
-		sed -i "/${rm_regex/\//\\\/}/d" $tmp_dir/client.conf.tpl
-            fi
-        done
-
-        # Add some other lines
-        echo "# Custom additions from .cube" >> $tmp_dir/client.conf.tpl
-        jq --raw-output ".openvpn_add[]" "${config_file}" >> $tmp_dir/client.conf.tpl
-
-        # Temporarily tweak sever_proto for template hydratation
-        [ "$server_proto" == tcp ] && server_proto=tcp-client
+        local tmp_dir=$(dirname "$config_file")
 
-        # Define other needed vars for template hydratation
-        [ -e "$crt_client_key" ] && cert_comment="" || cert_comment="#"
-        [ -e "$crt_client_ta" ] && ta_comment="" || ta_comment="#"
-        [[ "$server_proto" =~ udp ]] && udp_comment="" || udp_comment="#"
-        [ -n "$login_user" ] && login_comment="" || login_comment="#"
-
-        # Actually generate/hydrate the final configuration
-        ynh_add_config --template="$tmp_dir/client.conf.tpl" --destination="${config_file}"
-
-        [ "$server_proto" == tcp-client ] && server_proto=tcp
+        cube_file="$tmp_dir/client.cube"
+        cp -f "$config_file" "$cube_file"
 
+        convert_cube_file
 
     # Othewise, assume that it's a .ovpn / .conf
     elif [ -f "${config_file}" ]
     then
-        tmp_dir=$(dirname "${config_file}")
-        ynh_print_info --message="Extracting TLS keys from .ovpn file"
-        if grep -q '^\s*<ca>' ${config_file}
-        then
-            grep -Poz '(?<=<ca>)(.*\n)*.*(?=</ca>)' ${config_file} | sed '/^$/d'  > $tmp_dir/crt_server_ca
-            crt_server_ca=$tmp_dir/crt_server_ca
-            sed -i '/^\s*<ca>/,/\s*<\/ca>/d' ${config_file}
-            sed -i '/^\s*ca\s/d' ${config_file}
-            echo -e "\nca /etc/openvpn/keys/ca-server.crt" >> ${config_file}
-        fi
-        if grep -q '^\s*<cert>' ${config_file}
-        then
-            grep -Poz '(?<=<cert>)(.*\n)*.*(?=</cert>)' ${config_file} | sed '/^$/d'  > $tmp_dir/crt_client
-            crt_client=$tmp_dir/crt_client
-            sed -i '/^\s*<cert>/,/\s*<\/cert>/d' ${config_file}
-            sed -i '/^\s*cert\s/d' ${config_file}
-            echo -e "\ncert /etc/openvpn/keys/user.crt" >> ${config_file}
-        elif ! grep -q '^\s*cert\s' ${config_file}
-        then
-            crt_client=""
-        fi
-        if grep -q '^\s*<key>' ${config_file}
-        then
-            grep -Poz '(?<=<key>)(.*\n)*.*(?=</key>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client_key
-            crt_client_key=$tmp_dir/crt_client_key
-            sed -i '/^\s*<key>/,/\s*<\/key>/d' ${config_file}
-            sed -i '/^\s*key\s/d' ${config_file}
-            echo -e "\nkey /etc/openvpn/keys/user.key" >> ${config_file}
-        elif ! grep -q '^\s*key\s' ${config_file}
-        then
-            crt_client_key=""
-        fi
-        if grep -q '^\s*<tls-auth>' ${config_file}
-        then
-            grep -Poz '(?<=<tls-auth>)(.*\n)*.*(?=</tls-auth>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client_ta
-            crt_client_ta=$tmp_dir/crt_client_ta
-            sed -i '/^\s*<tls-auth>/,/\s*<\/tls-auth>/d' ${config_file}
-            sed -i '/^\s*tls-auth\s/d' ${config_file}
-            echo -e "\ntls-auth /etc/openvpn/keys/user_ta.key 1" >> ${config_file}
-        elif ! grep -q '^\s*tls-auth\s' ${config_file}
-        then
-            crt_client_ta=""
-        fi
-        sed -i 's@^\s*ca\s.*$@ca /etc/openvpn/keys/ca-server.crt@g' ${config_file}
-        sed -i 's@^\s*cert\s.*$@cert /etc/openvpn/keys/user.crt@g' ${config_file}
-        sed -i 's@^\s*key\s.*$@key /etc/openvpn/keys/user.key@g' ${config_file}
-        sed -i 's@^\s*tls-auth\s.*$@tls-auth /etc/openvpn/keys/user_ta.key 1@g' ${config_file}
-    fi
+        local tmp_dir=$(dirname "$config_file")
+        
+        ovpn_file="$tmp_dir/client.ovpn"
+        cp -f "$config_file" "$ovpn_file"
 
-    # Currently we need root priviledge to create tun0
-    if [ -f "${config_file}" ]
-    then
-        sed -i '/^\s*user\s/d' ${config_file}
-        sed -i '/^\s*group\s/d' ${config_file}
+        convert_ovpn_file
     fi
 
     _ynh_app_config_validate

+ 13 - 4
scripts/upgrade

@@ -108,15 +108,24 @@ ynh_install_app_dependencies "$pkg_dependencies"
 #=================================================
 
 # Keep a copy of existing config files before overwriting them
-tmpdir=$(mktemp -d /tmp/vpnclient-upgrade-XXX)
-cp -r /etc/openvpn/client* ${tmpdir}
+tmp_dir=$(mktemp -d /tmp/vpnclient-upgrade-XXX)
+cp -r /etc/openvpn/client* ${tmp_dir}
 
 # Deploy files from package
 vpnclient_deploy_files_and_services
 
+# Generate config file from .cube or .ovpn file, if available
+if [[ -f "$tmp_dir/client.cube"]]
+then
+    convert_cube_file "$tmp_dir/client.cube"
+elif [[ -f "$tmp_dir/client.ovpn" ]]
+then
+    convert_ovpn_file "$tmp_dir/client.ovpn"
+fi
+
 # Restore previously existing config files
-cp -r ${tmpdir}/client* /etc/openvpn/
-ynh_secure_remove ${tmpdir}
+cp -r ${tmp_dir}/client* /etc/openvpn/
+ynh_secure_remove ${tmp_dir}
 
 #=================================================
 # SERVICE INTEGRATION IN YUNOHOST