#!/bin/bash # Retrieve arguments domain=${1} url_path=${2} server_name=${3} ## ## These arguments are optional but YunoHost is not yet able to handle them with the web installer ## See manifest.json.options ## # #crt_client_path=${4} #crt_client_key_path=${5} #crt_server_ca_path=${6} #login_user=${7} #login_passphrase=${8} # Check arguments if [ -z "${server_name}" ]; then echo "ERROR: You need a VPN server name" >&2 exit 1 fi #if [ \( -z "${crt_client_path}" -a ! -z "${crt_client_key_path}" \)\ # -o \( ! -z "${crt_client_path}" -a -z "${crt_client_key_path}" \) ]; then # # echo "ERROR: A client certificate is needed when you suggest a key (or vice versa)" >&2 # exit 1 #fi # #if [ ! -z "${crt_client_key_path}" -a -z "${crt_server_ca_path}" ]; then # echo "ERROR: If you can suggest a local path for the client certificates, you probably can suggest one other for the (mandatory) CA server" >&2 # exit 1 #fi # #if [ \( -z "${login_user}" -a ! -z "${login_passphrase}" \)\ # -o \( ! -z "${login_user}" -a -z "${login_passphrase}" \) ]; then # # echo "ERROR: A login password is needed when you suggest a login user (or vice versa)" >&2 # exit 1 #fi # #if [ ! -z "${crt_client_path}" -a ! -f "${crt_client_path}" ]; then # echo "ERROR: The local path <${crt_client_path}> does not exist" >&2 # exit 1 #fi # #if [ ! -z "${crt_client_key_path}" -a ! -f "${crt_client_key_path}" ]; then # echo "ERROR: The local path <${crt_client_key_path}> does not exist" >&2 # exit 1 #fi # #if [ ! -z "${crt_server_ca_path}" -a ! -f "${crt_server_ca_path}" ]; then # echo "ERROR: The local path <${crt_server_ca_path}> does not exist" >&2 # exit 1 #fi # Check domain/path availability sudo yunohost app checkurl ${domain}${url_path} -a vpnclient if [ ! $? -eq 0 ]; then exit 1 fi # Install packages packages='php5-fpm sipcalc openvpn' sudo apt-get --assume-yes --force-yes install ${packages} if [ $? -ne 0 ]; then sudo apt-get update sudo apt-get --assume-yes --force-yes install ${packages} fi # Save arguments sudo yunohost app setting vpnclient server_name -v "${server_name}" sudo yunohost app setting vpnclient server_port -v 1194 sudo yunohost app setting vpnclient server_proto -v udp sudo yunohost app setting vpnclient ip6_addr -v none sudo yunohost app setting vpnclient ip6_net -v none sudo yunohost app setting vpnclient login_user -v "${login_user}" sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}" # Install IPv6 scripts sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/ sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/ # Copy confs sudo chown root:admins /etc/openvpn/ sudo chmod 775 /etc/openvpn/ sudo install -b -o root -g admins -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf # Copy web sources sudo mkdir -pm 0755 /var/www/vpnadmin/ sudo cp -a ../sources/* /var/www/vpnadmin/ sudo chown -R root: /var/www/vpnadmin/ sudo chmod -R 0644 /var/www/vpnadmin/* sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \; # Copy certificates sudo mkdir -pm 0770 /etc/openvpn/keys/ sudo chown root:admins /etc/openvpn/keys/ #[ ! -z "${crt_client_path}" ] &&\ # sudo install -b -o root -g admins -m 0660 "${crt_client_path}" /etc/openvpn/keys/user.crt # #[ ! -z "${crt_client_key_path}" ] &&\ # sudo install -b -o root -g admins -m 0660 "${crt_client_key_path}" /etc/openvpn/keys/user.key # #[ ! -z "${crt_server_ca_path}" ] &&\ # sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt # #sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}" # Credentials file for (optional) login #sudo cat << EOF > /etc/openvpn/keys/credentials #${login_user} #${login_passphrase} #EOF # #sudo chown -R root:admins /etc/openvpn/keys/credentials #sudo chmod 0460 /etc/openvpn/keys/credentials # Fix confs ## nginx sudo sed "s||${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" sudo sed 's||/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" sudo sed 's||vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" ## php-fpm sudo sed 's||vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's||admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's||admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's||/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's|^;\?\s*max_execution_time.\+|max_execution_time = 600|' -i /etc/php5/fpm/php.ini # Fix sources sudo sed "s||${url_path}|g" -i /var/www/vpnadmin/config.php # Copy init script sudo install -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient # Set default inits # The openvpn configuration is modified before the start, so the service is disabled by default # and the ynh-vpnclient service handles it. sudo yunohost service add openvpn sudo yunohost service stop openvpn sudo yunohost service disable openvpn sudo yunohost service add php5-fpm sudo yunohost service enable php5-fpm sudo yunohost service add ynh-vpnclient sudo yunohost service enable ynh-vpnclient sudo service ynh-vpnclient start sudo service nginx reload # Update SSO for vpnadmin sudo yunohost app ssowatconf # Restart hotspot service if installed (and started) to change NAT configuration (now on tun0) # A new start will fix the interface without unsetting all stuff if [ -e /tmp/.ynh-hotspot-started ]; then sudo service ynh-hotspot start fi # Check configuration consistency if [ -z "${crt_server_ca_path}" ]; then echo "WARNING: VPN Client is not started because you need to define a server CA through the web admin" >&2 fi if [ -z "${crt_client_key_path}" -a -z "${login_user}" ]; then echo "WARNING: VPN Client is not started because you need either a client certificate, either a username (or both)" >&2 fi exit 0