install 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. #!/bin/bash
  2. # Retrieve arguments
  3. domain=$1
  4. url_path=$2
  5. server_name=$3
  6. crt_client_path=$4
  7. crt_client_key_path=$5
  8. crt_server_ca_path=$6
  9. ip6_net=$7
  10. # Check arguments
  11. # TODO
  12. # Check domain/path availability
  13. sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
  14. if [[ ! $? -eq 0 ]]; then
  15. exit 1
  16. fi
  17. # Install packages
  18. sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
  19. # Install extra packages
  20. sudo apt-get --assume-yes --force-yes install sipcalc
  21. # Compute extra arguments
  22. wired_device=$(ip r | awk '/default via/ { print $NF; }')
  23. ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }')
  24. ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }')
  25. ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1")
  26. ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
  27. server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')
  28. if [ -z "${server_ip6}" ]; then
  29. server_ip6=$(host ${server_name} 80.67.188.188 | awk '/IPv6/ { print $NF; }')
  30. fi
  31. # Save arguments for future upgrades
  32. sudo yunohost app setting vpnclient wired_device -v ${wired_device}
  33. sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr}
  34. sudo yunohost app setting vpnclient ip6_net -v ${ip6_net}
  35. sudo yunohost app setting vpnclient server_name -v ${server_name}
  36. sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}
  37. # Copy confs
  38. sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
  39. sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
  40. sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
  41. # Copy web sources
  42. sudo mkdir -pm 0755 /var/www/vpnadmin/
  43. sudo cp -a ../sources/* /var/www/vpnadmin/
  44. sudo chown -R root: /var/www/vpnadmin/
  45. sudo chmod -R 0644 /var/www/vpnadmin/*
  46. sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
  47. # Copy certificates
  48. sudo mkdir -pm 0700 /etc/openvpn/keys/
  49. sudo chown root: /etc/openvpn/keys/
  50. sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt
  51. sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key
  52. sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt
  53. sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path}
  54. # Create user for the web admin
  55. sudo useradd -MUr vpnadmin
  56. # Fix confs
  57. ## openvpn
  58. sudo sed "s|<TPL:SERVER_NAME>|${server_name}|g" -i /etc/openvpn/client.conf.tpl
  59. ## nginx
  60. sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
  61. sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
  62. sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
  63. ## php-fpm
  64. sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
  65. sudo sed 's|<TPL:PHP_USER>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
  66. sudo sed 's|<TPL:PHP_GROUP>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
  67. sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
  68. # Fix sources
  69. sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
  70. # Copy init script
  71. sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
  72. # Fix init script
  73. ## ynh-vpnclient
  74. sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient
  75. sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
  76. sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient
  77. # Set default inits
  78. # The openvpn configuration is modified before the start, so the service is disabled by default
  79. # and the ynh-vpnclient service handles it.
  80. # All services are registred by yunohost in order to prevent conflicts after the uninstall.
  81. sudo yunohost service add openvpn
  82. sudo yunohost service stop openvpn
  83. sudo yunohost service disable openvpn
  84. sudo yunohost service add php5-fpm
  85. sudo yunohost service enable php5-fpm
  86. sudo yunohost service stop php5-fpm
  87. sudo yunohost service start php5-fpm
  88. sudo yunohost service add ynh-vpnclient
  89. sudo yunohost service enable ynh-vpnclient
  90. sudo yunohost service start ynh-vpnclient
  91. sudo service nginx reload
  92. # Update SSO for vpnadmin
  93. sudo yunohost app ssowatconf
  94. # Restart hotspot service if installed to change NAT configuration (now on tun0)
  95. sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
  96. if [ "$?" -eq 0 ]; then
  97. sudo yunohost service stop ynh-hotspot
  98. sudo yunohost service start ynh-hotspot
  99. fi
  100. exit 0