labriqueinternet
/
vpnclient_ynh
mirror of https://github.com/labriqueinternet/vpnclient_ynh


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
							#!/bin/bash

# Retrieve arguments
domain=$1
url_path=$2
server_name=$3
crt_client_path=$4
crt_client_key_path=$5
crt_server_ca_path=$6
ip6_net=$7

# Check arguments
# TODO

# Check domain/path availability
sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
if [[ ! $? -eq 0 ]]; then
  exit 1
fi

# Install packages
sudo apt-get --assume-yes --force-yes install openvpn php5-fpm

# Install extra packages
sudo apt-get --assume-yes --force-yes install sipcalc

# Compute extra arguments
wired_device=$(ip r | awk '/default via/ { print $NF; }')
ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }')
ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }')
ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1")
ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')

if [ -z "${server_ip6}" ]; then
  server_ip6=$(host ${server_name} 80.67.188.188 | awk '/IPv6/ { print $NF; }')
fi

# Save arguments for future upgrades
sudo yunohost app setting vpnclient wired_device -v ${wired_device}
sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr}
sudo yunohost app setting vpnclient ip6_net -v ${ip6_net}
sudo yunohost app setting vpnclient server_name -v ${server_name}
sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}

# Copy confs
sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf

# Copy web sources
sudo mkdir -pm 0755 /var/www/vpnadmin/

sudo cp -a ../sources/* /var/www/vpnadmin/

sudo chown -R root: /var/www/vpnadmin/
sudo chmod -R 0644 /var/www/vpnadmin/*
sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;

# Copy certificates
sudo mkdir -pm 0700 /etc/openvpn/keys/
sudo chown root: /etc/openvpn/keys/

sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt
sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key
sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt

sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path}

# Create user for the web admin
sudo useradd -MUr vpnadmin

# Fix confs
## openvpn
sudo sed "s|<TPL:SERVER_NAME>|${server_name}|g" -i /etc/openvpn/client.conf.tpl

## nginx
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf

## php-fpm
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_USER>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_GROUP>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf

# Fix sources
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php

# Copy init script
sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient

# Fix init script
## ynh-vpnclient
sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient
sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient

# Set default inits
# The openvpn configuration is modified before the start, so the service is disabled by default
# and the ynh-vpnclient service handles it.
# All services are registred by yunohost in order to prevent conflicts after the uninstall.
sudo yunohost service add openvpn
sudo yunohost service stop openvpn
sudo yunohost service disable openvpn

sudo yunohost service add php5-fpm
sudo yunohost service enable php5-fpm
sudo yunohost service stop php5-fpm
sudo yunohost service start php5-fpm

sudo yunohost service add ynh-vpnclient
sudo yunohost service enable ynh-vpnclient
sudo yunohost service start ynh-vpnclient

sudo service nginx reload

# Update SSO for vpnadmin
sudo yunohost app ssowatconf

# Restart hotspot service if installed to change NAT configuration (now on tun0)
sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
if [ "$?" -eq 0 ]; then
  sudo yunohost service stop ynh-hotspot
  sudo yunohost service start ynh-hotspot
fi

exit 0