123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 |
- #!/bin/bash
- # Retrieve arguments
- domain=$1
- url_path=$2
- server_name=$3
- crt_client_path=$4
- crt_client_key_path=$5
- crt_server_ca_path=$6
- ip6_net=$7
- # Check arguments
- # TODO
- # Check domain/path availability
- sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
- if [[ ! $? -eq 0 ]]; then
- exit 1
- fi
- # Install packages
- sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
- # Install extra packages
- sudo apt-get --assume-yes --force-yes install sipcalc
- # Compute extra arguments
- wired_device=$(ip r | awk '/default via/ { print $NF; }')
- ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }')
- ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }')
- ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1")
- ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
- server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')
- if [ -z "${server_ip6}" ]; then
- server_ip6=$(host ${server_name} 80.67.188.188 | awk '/IPv6/ { print $NF; }')
- fi
- # Save arguments for future upgrades
- sudo yunohost app setting vpnclient wired_device -v ${wired_device}
- sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr}
- sudo yunohost app setting vpnclient ip6_net -v ${ip6_net}
- sudo yunohost app setting vpnclient server_name -v ${server_name}
- sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}
- # Copy confs
- sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
- sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
- sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
- # Copy web sources
- sudo mkdir -pm 0755 /var/www/vpnadmin/
- sudo cp -a ../sources/* /var/www/vpnadmin/
- sudo chown -R root: /var/www/vpnadmin/
- sudo chmod -R 0644 /var/www/vpnadmin/*
- sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
- # Copy certificates
- sudo mkdir -pm 0700 /etc/openvpn/keys/
- sudo chown root: /etc/openvpn/keys/
- sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt
- sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key
- sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt
- sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path}
- # Create user for the web admin
- sudo useradd -MUr vpnadmin
- # Fix confs
- ## openvpn
- sudo sed "s|<TPL:SERVER_NAME>|${server_name}|g" -i /etc/openvpn/client.conf.tpl
- ## nginx
- sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
- sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
- sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
- ## php-fpm
- sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
- sudo sed 's|<TPL:PHP_USER>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
- sudo sed 's|<TPL:PHP_GROUP>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
- sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
- # Fix sources
- sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
- # Copy init script
- sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
- # Fix init script
- ## ynh-vpnclient
- sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient
- sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
- sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient
- # Set default inits
- # The openvpn configuration is modified before the start, so the service is disabled by default
- # and the ynh-vpnclient service handles it.
- # All services are registred by yunohost in order to prevent conflicts after the uninstall.
- sudo yunohost service add openvpn
- sudo yunohost service stop openvpn
- sudo yunohost service disable openvpn
- sudo yunohost service add php5-fpm
- sudo yunohost service enable php5-fpm
- sudo yunohost service stop php5-fpm
- sudo yunohost service start php5-fpm
- sudo yunohost service add ynh-vpnclient
- sudo yunohost service enable ynh-vpnclient
- sudo yunohost service start ynh-vpnclient
- sudo service nginx reload
- # Update SSO for vpnadmin
- sudo yunohost app ssowatconf
- # Restart hotspot service if installed to change NAT configuration (now on tun0)
- sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
- if [ "$?" -eq 0 ]; then
- sudo yunohost service stop ynh-hotspot
- sudo yunohost service start ynh-hotspot
- fi
- exit 0
|