Browse Source

Fix typo in conf generation + use ynh_add_config instead of shitload of seds

Alexandre Aubin 3 years ago
parent
commit
913c4e58b7
6 changed files with 30 additions and 48 deletions
  1. 9 9
      conf/openvpn_client.conf.tpl
  2. 1 2
      scripts/_common.sh
  3. 0 1
      scripts/backup
  4. 20 34
      scripts/config
  5. 0 1
      scripts/remove
  6. 0 1
      scripts/restore

+ 9 - 9
conf/openvpn_client.conf.tpl

@@ -1,12 +1,12 @@
 # [WARN] Edit this raw configuration ONLY IF YOU KNOW 
 #        what you do!
-# [WARN] Continue to use the placeholders <TPL:*> and
+# [WARN] Continue to use the placeholders __FOO_BAR__ and
 #        keep update their value on the web admin (they 
 #        are not only used for this file).
 
-remote <TPL:SERVER_NAME>
-proto <TPL:PROTO>
-port <TPL:SERVER_PORT>
+remote __SERVER_NAME__
+proto __SERVER_PROTO__
+port __SERVER_PORT__
 
 pull
 nobind
@@ -17,19 +17,19 @@ comp-lzo adaptive
 resolv-retry infinite
 
 # Authentication by login
-<TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
+__LOGIN_COMMENT__auth-user-pass /etc/openvpn/keys/credentials
 
 # UDP only
-<TPL:UDP_COMMENT>explicit-exit-notify
+__UDP_COMMENT__explicit-exit-notify
 
 # TLS
 tls-client
-<TPL:TA_COMMENT>tls-auth /etc/openvpn/keys/user_ta.key 1
+__TA_COMMENT__tls-auth /etc/openvpn/keys/user_ta.key 1
 remote-cert-tls server
 ns-cert-type server
 ca /etc/openvpn/keys/ca-server.crt
-<TPL:CERT_COMMENT>cert /etc/openvpn/keys/user.crt
-<TPL:CERT_COMMENT>key /etc/openvpn/keys/user.key
+__CERT_COMMENT__cert /etc/openvpn/keys/user.crt
+__CERT_COMMENT__key /etc/openvpn/keys/user.key
 
 # Logs
 verb 3

+ 1 - 2
scripts/_common.sh

@@ -26,8 +26,7 @@ function vpnclient_deploy_files_and_services()
   chmod 775 /etc/openvpn/
   mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
 
-  install -b -o root -g ${app} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
-  install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
+  install -b -o root -g ${app} -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
   install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
   install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
 

+ 0 - 1
scripts/backup

@@ -35,7 +35,6 @@ ynh_backup "/usr/local/bin/$service_name-loadcubefile.sh"
 ynh_backup "/etc/yunohost/hooks.d/90-vpnclient.tpl"
 
 ynh_backup "/etc/openvpn/client.conf.tpl"
-ynh_backup "/etc/openvpn/client.conf.tpl.restore"
 ynh_backup "/etc/openvpn/keys/"
 
 ynh_backup "/usr/local/bin/$service_name"

+ 20 - 34
scripts/config

@@ -88,7 +88,7 @@ EOF
 get__login_user() {
     if [ -s /etc/openvpn/keys/credentials ]
     then
-        echo "$(sed -n 1p /etc/openvpn/keys/credentials)" 
+        echo "$(sed -n 1p /etc/openvpn/keys/credentials)"
     else
         echo ""
     fi
@@ -192,7 +192,7 @@ set__login_passphrase() {
 }
 
 #=================================================
-# OVERWRITING VALIDATE STEP 
+# OVERWRITING VALIDATE STEP
 #=================================================
 read_cube() {
     tmp_dir=$(dirname "$1")
@@ -242,7 +242,7 @@ ynh_app_config_validate() {
 
         # Build specific OVPN template
         tmp_dir=$(dirname "${config_file}")
-        cp -f /etc/openvpn/client.conf.tpl.restore $tmp_dir/client.conf.tpl
+        cp -f /etc/openvpn/client.conf.tpl $tmp_dir/client.conf.tpl
         # Remove some lines
         for rm_regex in "$(jq --raw-output '.openvpn_rm[]' "${config_file}")"
         do
@@ -252,35 +252,21 @@ ynh_app_config_validate() {
         done
 
         # Add some other lines
-        echo "# Custom" >> $tmp_dir/client.conf.tpl
+        echo "# Custom additions from .cube" >> $tmp_dir/client.conf.tpl
         jq --raw-output ".openvpn_add[]" "${config_file}" >> $tmp_dir/client.conf.tpl
 
-        # Build directly the OVPN file
-        cp /etc/openvpn/client.conf.tpl "${config_file}"
+        # Temporarily tweak sever_proto for template hydratation
         [ "$server_proto" == tcp ] && server_proto=tcp-client
-        sed "s|<TPL:SERVER_NAME>|$server_name|g" -i "${config_file}"
-        sed "s|<TPL:SERVER_PORT>|$server_port|g" -i "${config_file}"
-        sed "s|<TPL:PROTO>|$server_proto|g" -i "${config_file}"
-        if [ -e "$crt_client_key" ]; then
-            sed 's|^<TPL:CERT_COMMENT>||g' -i "${config_file}"
-        else
-            sed 's|^<TPL:CERT_COMMENT>|;|g' -i "${config_file}"
-        fi
-        if [ -e "$crt_client_ta" ]; then
-            sed 's|^<TPL:TA_COMMENT>||' -i "${config_file}"
-        else
-            sed 's|^<TPL:TA_COMMENT>|;|' -i "${config_file}"
-        fi
-        if [[ "$server_proto" =~ udp ]]; then
-            sed 's|^<TPL:UDP_COMMENT>||' -i "${config_file}"
-        else
-            sed 's|^<TPL:UDP_COMMENT>|;|' -i "${config_file}"
-        fi
-        if [ -n "$login_user" ]; then
-            sed 's|^<TPL:LOGIN_COMMENT>||' -i "${config_file}"
-        else
-            sed 's|^<TPL:LOGIN_COMMENT>|;|' -i "${config_file}"
-        fi
+
+        # Define other needed vars for template hydratation
+        [ -e "$crt_client_key" ] && cert_comment="" || cert_comment="#"
+        [ -e "$crt_client_ta" ] && ta_comment="" || ta_comment="#"
+        [[ "$server_proto" =~ udp ]] && udp_comment="" || udp_comment="#"
+        [ -n "$login_user" ] && login_comment="" || login_comment="#"
+
+        # Actually generate/hydrate the final configuration
+        ynh_add_config --template="$tmp_dir/client.conf.tpl" --destination="${config_file}"
+
         [ "$server_proto" == tcp-client ] && server_proto=tcp
 
 
@@ -347,10 +333,10 @@ ynh_app_config_validate() {
 }
 
 #=================================================
-# OVERWRITING APPLY STEP 
+# OVERWRITING APPLY STEP
 #=================================================
 ynh_app_config_apply() {
-    
+
     # Stop vpn client
     ynh_print_info --message="Stopping vpnclient in order to edit files"
     touch /tmp/.ynh-vpnclient-stopped
@@ -358,15 +344,15 @@ ynh_app_config_apply() {
 
     chown $app:$app /etc/openvpn/keys
     chmod go=--- /etc/openvpn/keys
-    
+
     _ynh_app_config_apply
-    
+
     set_permissions /etc/openvpn/client.conf
     set_permissions /etc/openvpn/keys/ca-server.crt
     set_permissions /etc/openvpn/keys/user.crt
     set_permissions /etc/openvpn/keys/user.key
     set_permissions /etc/openvpn/keys/user_ta.key
-    
+
     # Start vpn client
     ynh_print_info --message="Starting vpnclient service if needed"
     /usr/local/bin/ynh-vpnclient start

+ 0 - 1
scripts/remove

@@ -63,7 +63,6 @@ ynh_print_info "Removing openvpn configuration"
 # Remove openvpn configurations
 ynh_secure_remove /etc/openvpn/client.conf
 ynh_secure_remove /etc/openvpn/client.conf.tpl
-ynh_secure_remove /etc/openvpn/client.conf.tpl.restore
 
 # Remove YunoHost hook
 ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl

+ 0 - 1
scripts/restore

@@ -33,7 +33,6 @@ ynh_restore_file "/usr/local/bin/$service_name-loadcubefile.sh"
 ynh_restore_file "/etc/yunohost/hooks.d/90-vpnclient.tpl"
 
 ynh_restore_file "/etc/openvpn/client.conf.tpl"
-ynh_restore_file "/etc/openvpn/client.conf.tpl.restore"
 ynh_restore_file "/etc/openvpn/keys/"
 
 ynh_restore_file "/usr/local/bin/$service_name"