1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
raspap-webgui/installers/common.sh

662 lines
28 KiB
Bash
Raw Normal View History

#!/bin/bash
#
2020-03-23 10:31:18 +01:00
# RaspAP installation functions
# Author: @billz <billzimmerman@gmail.com>
# Author URI: https://github.com/billz/
2020-03-23 10:31:18 +01:00
# License: GNU General Public License v3.0
2021-02-03 10:07:15 +01:00
# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
2020-03-23 10:31:18 +01:00
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
# set -o xtrace
# Set defaults
readonly raspap_dir="/etc/raspap"
readonly raspap_user="www-data"
readonly raspap_sudoers="/etc/sudoers.d/090_raspap"
readonly raspap_default="/etc/dnsmasq.d/090_raspap.conf"
readonly raspap_wlan0="/etc/dnsmasq.d/090_wlan0.conf"
2020-04-01 09:51:53 +02:00
readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
2020-03-23 10:31:18 +01:00
readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
readonly raspap_network="$raspap_dir/networking/"
2020-03-25 23:59:51 +01:00
readonly rulesv4="/etc/iptables/rules.v4"
2020-04-13 09:49:18 +02:00
readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
webroot_dir="/var/www/html"
if [ "$insiders" == 1 ]; then
repo="RaspAP/raspap-insiders"
branch=${RASPAP_INSIDERS_LATEST}
fi
git_source_url="https://github.com/$repo"
# NOTE: all the below functions are overloadable for system-specific installs
function _install_raspap() {
_display_welcome
_config_installation
_update_system_packages
_install_dependencies
_enable_php_lighttpd
_create_raspap_directories
_optimize_php
_check_for_old_configs
_download_latest_files
_change_file_ownership
_create_hostapd_scripts
_create_lighttpd_scripts
2021-01-30 17:56:49 +01:00
_install_lighttpd_configs
_move_config_file
_default_configuration
_configure_networking
_prompt_install_adblock
_prompt_install_openvpn
_prompt_install_wireguard
_patch_system_files
_install_complete
}
2016-06-16 15:16:19 +02:00
2020-03-23 10:31:18 +01:00
# Prompts user to set installation options
function _config_installation() {
if [ "$upgrade" == 1 ]; then
opt=(Upgrade Upgrading upgrade)
else
opt=(Install Installing installation)
fi
_install_log "Configure ${opt[2]}"
2020-03-23 10:31:18 +01:00
_get_linux_distro
2020-03-20 13:07:50 +01:00
echo "Detected OS: ${DESC}"
echo "Using GitHub repository: ${repo} ${branch} branch"
echo "Configuration directory: ${raspap_dir}"
echo -n "lighttpd root: ${webroot_dir}? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
2020-03-20 21:13:33 +01:00
read -e -p < /dev/tty "Enter alternate lighttpd directory: " -i "/var/www/html" webroot_dir
fi
else
echo -e
fi
echo "${opt[1]} lighttpd directory: ${webroot_dir}"
if [ "$upgrade" == 1 ]; then
echo "This will upgrade your existing install to version ${RASPAP_RELEASE}"
echo "Your configuration will NOT be changed"
fi
echo -n "Complete ${opt[2]} with these values? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo "Installation aborted."
exit 0
fi
else
echo -e
2016-06-16 15:16:19 +02:00
fi
}
2020-07-03 13:43:47 +02:00
# Determines host Linux distribution details
2020-03-23 10:31:18 +01:00
function _get_linux_distro() {
if type lsb_release >/dev/null 2>&1; then # linuxbase.org
OS=$(lsb_release -si)
RELEASE=$(lsb_release -sr)
CODENAME=$(lsb_release -sc)
DESC=$(lsb_release -sd)
elif [ -f /etc/os-release ]; then # freedesktop.org
. /etc/os-release
OS=$ID
RELEASE=$VERSION_ID
CODENAME=$VERSION_CODENAME
DESC=$PRETTY_NAME
else
_install_status 1 "Unsupported Linux distribution"
fi
}
2020-03-23 10:31:18 +01:00
# Sets php package option based on Linux version, abort if unsupported distro
function _set_php_package() {
case $RELEASE in
18.04|19.10) # Ubuntu Server
php_package="php7.4-cgi"
phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
10*)
php_package="php7.3-cgi"
phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
9*)
php_package="php7.0-cgi"
phpcgiconf="/etc/php/7.0/cgi/php.ini" ;;
8)
_install_status 1 "${DESC} and php5 are not supported. Please upgrade." ;;
*)
_install_status 1 "${DESC} is unsupported. Please install on a supported distro." ;;
esac
}
2016-06-16 15:16:19 +02:00
# Runs a system software update to make sure we're using all fresh packages
2020-03-23 10:31:18 +01:00
function _install_dependencies() {
_install_log "Installing required packages"
_set_php_package
2020-03-20 21:13:33 +01:00
if [ "$php_package" = "php7.4-cgi" ]; then
echo "Adding apt-repository ppa:ondrej/php"
2020-04-19 07:30:23 +02:00
sudo apt-get install $apt_option software-properties-common || _install_status 1 "Unable to install dependency"
sudo add-apt-repository $apt_option ppa:ondrej/php || _install_status 1 "Unable to add-apt-repository ppa:ondrej/php"
2020-03-20 21:13:33 +01:00
fi
2020-03-22 19:16:57 +01:00
if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then
dhcpcd_package="dhcpcd5"
fi
# Set dconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
_install_status 0
2016-06-16 15:16:19 +02:00
}
# Enables PHP for lighttpd and restarts service for settings to take effect
2020-03-23 10:31:18 +01:00
function _enable_php_lighttpd() {
_install_log "Enabling PHP for lighttpd"
2017-11-16 02:28:59 +01:00
sudo lighttpd-enable-mod fastcgi-php
sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service || _install_status 1 "Unable to restart lighttpd"
2016-06-16 15:16:19 +02:00
}
# Verifies existence and permissions of RaspAP directory
2020-03-23 10:31:18 +01:00
function _create_raspap_directories() {
_install_log "Creating RaspAP directories"
if [ -d "$raspap_dir" ]; then
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_status 1 "Unable to move old '$raspap_dir' out of the way"
2016-06-16 15:16:19 +02:00
fi
sudo mkdir -p "$raspap_dir" || _install_status 1 "Unable to create directory '$raspap_dir'"
# Create a directory for existing file backups.
sudo mkdir -p "$raspap_dir/backups"
2016-06-16 15:16:19 +02:00
# Create a directory to store networking configs
2020-03-23 10:31:18 +01:00
echo "Creating $raspap_dir/networking"
sudo mkdir -p "$raspap_dir/networking"
echo "Changing file ownership of $raspap_dir"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
2016-06-16 15:16:19 +02:00
}
2019-03-06 11:48:18 +01:00
# Generate hostapd logging and service control scripts
2020-03-23 10:31:18 +01:00
function _create_hostapd_scripts() {
_install_log "Creating hostapd logging & control scripts"
sudo mkdir $raspap_dir/hostapd || _install_status 1 "Unable to create directory '$raspap_dir/hostapd'"
2017-11-16 23:38:03 +01:00
2019-03-06 11:48:18 +01:00
# Move logging shell scripts
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_status 1 "Unable to move logging scripts"
2019-03-06 11:48:18 +01:00
# Move service control shell scripts
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_status 1 "Unable to move service control scripts"
# Make enablelog.sh and disablelog.sh not writable by www-data group.
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_status 1 "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_status 1 "Unable to change file permissions"
_install_status 0
}
2019-11-10 23:21:55 +01:00
# Generate lighttpd service control scripts
2020-03-23 10:31:18 +01:00
function _create_lighttpd_scripts() {
_install_log "Creating lighttpd control scripts"
sudo mkdir $raspap_dir/lighttpd || _install_status 1 "Unable to create directory '$raspap_dir/lighttpd"
2019-11-10 23:21:55 +01:00
# Move service control shell scripts
echo "Copying configport.sh to $raspap_dir/lighttpd"
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_status 1 "Unable to move service control scripts"
# Make configport.sh writable by www-data group
echo "Changing file ownership"
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_status 1 "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_status 1 "Unable to change file permissions"
_install_status 0
2019-11-10 23:21:55 +01:00
}
2021-01-31 07:23:54 +01:00
# Copy extra config files required to configure lighttpd
function _install_lighttpd_configs() {
_install_log "Copying lighttpd extra config files"
# Copy config files
echo "Copying 50-raspap-router.conf to /etc/lighttpd/conf-available"
2021-03-02 15:37:50 +01:00
CONFSRC="$webroot_dir/config/50-raspap-router.conf"
LTROOT=$(grep "server.document-root" /etc/lighttpd/lighttpd.conf | awk -F '=' '{print $2}' | tr -d " \"")
# compare values and get difference
HTROOT=${webroot_dir/$LTROOT}
# remove trailing slash if present
HTROOT=$(echo "$HTROOT" | sed -e 's/\/$//')
# substitute values
awk "{gsub(\"/REPLACE_ME\",\"$HTROOT\")}1" $CONFSRC > /tmp/50-raspap-router.conf
# copy into place
sudo cp /tmp/50-raspap-router.conf /etc/lighttpd/conf-available/ || _install_status 1 "Unable to copy lighttpd config file into place."
# link into conf-enabled
2021-03-02 15:37:50 +01:00
echo "Creating link to /etc/lighttpd/conf-enabled"
sudo ln -s "/etc/lighttpd/conf-available/50-raspap-router.conf" "/etc/lighttpd/conf-enabled/50-raspap-router.conf" || _install_status 1 "Unable to symlink lighttpd config file (this is normal if the link already exists)."
sudo systemctl restart lighttpd.service || _install_status 1 "Unable to restart lighttpd"
_install_status 0
}
2021-03-02 15:37:50 +01:00
2020-04-13 09:49:18 +02:00
# Prompt to install ad blocking
2020-03-31 23:54:46 +02:00
function _prompt_install_adblock() {
2020-04-13 09:49:18 +02:00
_install_log "Configure ad blocking (Beta)"
echo -n "Install ad blocking and enable list management? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
_install_adblock
2020-03-31 23:54:46 +02:00
fi
2020-04-13 09:49:18 +02:00
elif [ "$adblock_option" == 1 ]; then
_install_adblock
else
echo "(Skipped)"
2020-03-31 23:54:46 +02:00
fi
}
# Download notracking adblock lists and enable option
function _install_adblock() {
2020-04-13 09:49:18 +02:00
_install_log "Creating ad blocking base configuration (Beta)"
2020-03-31 23:54:46 +02:00
if [ ! -d "$raspap_dir/adblock" ]; then
echo "Creating $raspap_dir/adblock"
sudo mkdir -p "$raspap_dir/adblock"
fi
if [ ! -f /tmp/hostnames.txt ]; then
echo "Fetching latest hostnames list"
2020-04-01 20:49:25 +02:00
wget ${notracking_url}hostnames.txt -q --show-progress --progress=bar:force -O /tmp/hostnames.txt 2>&1 \
|| _install_status 1 "Unable to download notracking hostnames"
2020-03-31 23:54:46 +02:00
fi
if [ ! -f /tmp/domains.txt ]; then
echo "Fetching latest domains list"
2020-04-01 20:49:25 +02:00
wget ${notracking_url}domains.txt -q --show-progress --progress=bar:force -O /tmp/domains.txt 2>&1 \
|| _install_status 1 "Unable to download notracking domains"
2020-03-31 23:54:46 +02:00
fi
echo "Adding blocklists to $raspap_dir/adblock"
sudo cp /tmp/hostnames.txt $raspap_dir/adblock || _install_status 1 "Unable to move notracking hostnames"
sudo cp /tmp/domains.txt $raspap_dir/adblock || _install_status 1 "Unable to move notracking domains"
2020-03-31 23:54:46 +02:00
echo "Moving and setting permissions for blocklist update script"
sudo cp "$webroot_dir/installers/"update_blocklist.sh "$raspap_dir/adblock" || _install_status 1 "Unable to move blocklist update script"
2020-03-31 23:54:46 +02:00
# Make blocklists and update script writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/adblock/"*.* || _install_status 1 "Unable to change owner/group"
2020-03-31 23:54:46 +02:00
sudo chmod 750 "$raspap_dir/adblock/"*.sh || install_error "Unable to change file permissions"
2020-04-01 09:51:53 +02:00
# Create 090_adblock.conf and write values to /etc/dnsmasq.d
if [ ! -f "$raspap_adblock" ]; then
echo "Adding 090_addblock.conf to /etc/dnsmasq.d"
sudo touch "$raspap_adblock"
echo "conf-file=$raspap_dir/adblock/domains.txt" | sudo tee -a "$raspap_adblock" > /dev/null || _install_status 1 "Unable to write to $raspap_adblock"
echo "addn-hosts=$raspap_dir/adblock/hostnames.txt" | sudo tee -a "$raspap_adblock" > /dev/null || _install_status 1 "Unable to write to $raspap_adblock"
2020-04-01 09:51:53 +02:00
fi
2020-12-05 23:21:39 +01:00
# Remove dhcp-option=6 in dnsmasq.d/090_wlan0.conf to force local DNS resolution for DHCP clients
echo "Enabling local DNS name resolution for DHCP clients"
sudo sed -i '/dhcp-option=6/d' $raspap_wlan0 || _install_status 1 "Unable to modify $raspap_dnsmasq"
2020-03-31 23:54:46 +02:00
echo "Enabling ad blocking management option"
sudo sed -i "s/\('RASPI_ADBLOCK_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
_install_status 0
2020-03-31 23:54:46 +02:00
}
# Prompt to install openvpn
2020-03-23 10:31:18 +01:00
function _prompt_install_openvpn() {
2020-04-13 09:49:18 +02:00
_install_log "Configure OpenVPN support"
echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
2020-03-23 10:31:18 +01:00
_install_openvpn
fi
elif [ "$ovpn_option" == 1 ]; then
2020-03-23 10:31:18 +01:00
_install_openvpn
2020-04-13 09:49:18 +02:00
else
echo "(Skipped)"
fi
}
# Prompt to install WireGuard
function _prompt_install_wireguard() {
if [ "$insiders" == 1 ]; then
_install_log "Configure WireGuard support"
echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
_install_wireguard
fi
elif [ "$wg_option" == 1 ]; then
_install_wireguard
else
echo "(Skipped)"
fi
fi
}
# Install Wireguard from the Debian unstable distro
function _install_wireguard() {
_install_log "Configure WireGuard support"
if [ "$OS" == "Raspbian" ]; then
echo "Installing raspberrypi-kernel-headers"
sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
fi
echo "Installing WireGuard from Debian unstable distro"
echo "Adding Debian distro"
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
echo "Adding Debian distro keys"
sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
echo "Installing WireGuard"
sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
echo "Enabling wg-quick@wg0"
sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
echo "Enabling WireGuard management option"
sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
_install_status 0
}
# Install openvpn and enable client configuration option
2020-03-23 10:31:18 +01:00
function _install_openvpn() {
_install_log "Installing OpenVPN and enabling client configuration"
2020-10-14 12:40:02 +02:00
echo "Adding packages via apt-get"
2020-11-02 09:23:55 +01:00
sudo apt-get install -y openvpn || _install_status 1 "Unable to install openvpn"
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
echo "Enabling openvpn-client service on boot"
sudo systemctl enable openvpn-client@client || _install_status 1 "Unable to enable openvpn-client daemon"
_create_openvpn_scripts || _install_status 1 "Unable to create openvpn control scripts"
}
# Generate openvpn logging and auth control scripts
2020-03-23 10:31:18 +01:00
function _create_openvpn_scripts() {
_install_log "Creating OpenVPN control scripts"
sudo mkdir $raspap_dir/openvpn || _install_status 1 "Unable to create directory '$raspap_dir/openvpn'"
# Move service auth control & logging shell scripts
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_status 1 "Unable to move auth control script"
sudo cp "$webroot_dir/installers/"openvpnlog.sh "$raspap_dir/openvpn" || _install_status 1 "Unable to move logging script"
# Make scripts executable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_status 1 "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_status 1 "Unable to change file permissions"
_install_status 0
}
2016-06-16 15:16:19 +02:00
# Fetches latest files from github to webroot
2020-03-23 10:31:18 +01:00
function _download_latest_files() {
if [ ! -d "$webroot_dir" ]; then
sudo mkdir -p $webroot_dir || _install_status 1 "Unable to create new webroot directory"
fi
2016-10-23 17:39:33 +02:00
if [ -d "$webroot_dir" ]; then
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_status 1 "Unable to remove old webroot directory"
2016-06-16 15:16:19 +02:00
fi
2020-03-23 10:31:18 +01:00
_install_log "Cloning latest files from github"
git clone --branch $branch --depth 1 -c advice.detachedHead=false $git_source_url /tmp/raspap-webgui || _install_status 1 "Unable to download files from github"
2020-03-10 00:05:46 +01:00
sudo mv /tmp/raspap-webgui $webroot_dir || _install_status 1 "Unable to move raspap-webgui to web root"
if [ "$upgrade" == 1 ]; then
_install_log "Applying existing configuration to ${webroot_dir}/includes"
sudo mv /tmp/config.php $webroot_dir/includes || _install_status 1 "Unable to move config.php to ${webroot_dir}/includes"
fi
_install_status 0
2016-06-16 15:16:19 +02:00
}
# Sets files ownership in web root directory
2020-03-23 10:31:18 +01:00
function _change_file_ownership() {
2016-06-16 15:16:19 +02:00
if [ ! -d "$webroot_dir" ]; then
_install_status 1 "Web root directory doesn't exist"
2016-06-16 15:16:19 +02:00
fi
2020-03-23 10:31:18 +01:00
_install_log "Changing file ownership in web root directory"
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_status 1 "Unable to change file ownership for '$webroot_dir'"
2016-06-16 15:16:19 +02:00
}
# Check for existing configuration files
2020-03-23 10:31:18 +01:00
function _check_for_old_configs() {
if [ "$upgrade" == 1 ]; then
_install_log "Moving existing configuration to /tmp"
sudo mv $webroot_dir/includes/config.php /tmp || _install_status 1 "Unable to move config.php to /tmp"
else
_install_log "Backing up existing configs to ${raspap_dir}/backups"
if [ -f /etc/network/interfaces ]; then
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
fi
if [ -f /etc/hostapd/hostapd.conf ]; then
sudo cp /etc/hostapd/hostapd.conf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
fi
if [ -f $raspap_default ]; then
sudo cp $raspap_default "$raspap_dir/backups/090_raspap.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/090_raspap.conf.`date +%F-%R`" "$raspap_dir/backups/090_raspap.conf"
fi
if [ -f $raspap_wlan0 ]; then
sudo cp $raspap_wlan0 "$raspap_dir/backups/090_wlan0.conf.`date +%F-%R`"
2020-12-03 21:26:17 +01:00
sudo ln -sf "$raspap_dir/backups/090_wlan0.conf.`date +%F-%R`" "$raspap_dir/backups/090_wlan0.conf"
fi
if [ -f /etc/dhcpcd.conf ]; then
sudo cp /etc/dhcpcd.conf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
2020-03-10 09:42:08 +01:00
fi
for file in /etc/systemd/network/raspap-*.net*; do
if [ -f "${file}" ]; then
filename=$(basename $file)
sudo cp "$file" "${raspap_dir}/backups/${filename}.`date +%F-%R`"
sudo ln -sf "${raspap_dir}/backups/${filename}.`date +%F-%R`" "${raspap_dir}/backups/${filename}"
fi
done
fi
_install_status 0
}
2016-06-16 15:16:19 +02:00
# Move configuration file to the correct location
2020-03-23 10:31:18 +01:00
function _move_config_file() {
2020-07-21 23:42:39 +02:00
if [ ! -d "$raspap_dir" ]; then
_install_status 1 "'$raspap_dir' directory doesn't exist"
fi
2020-07-21 23:42:39 +02:00
_install_log "Moving configuration file to $raspap_dir"
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_status 1 "Unable to move files to '$raspap_dir'"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
2016-06-16 15:16:19 +02:00
}
2016-10-23 17:39:33 +02:00
# Set up default configuration
2020-03-23 10:31:18 +01:00
function _default_configuration() {
if [ "$upgrade" == 0 ]; then
_install_log "Applying default configuration to installed services"
2020-12-09 18:16:25 +01:00
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_status 1 "Unable to move hostapd configuration file"
sudo cp $webroot_dir/config/090_raspap.conf $raspap_default || _install_status 1 "Unable to move dnsmasq default configuration file"
sudo cp $webroot_dir/config/090_wlan0.conf $raspap_wlan0 || _install_status 1 "Unable to move dnsmasq wlan0 configuration file"
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_status 1 "Unable to move dhcpcd configuration file"
2020-12-05 23:21:39 +01:00
sudo cp $webroot_dir/config/defaults.json $raspap_network || _install_status 1 "Unable to move defaults.json settings"
echo "Changing file ownership of $raspap_dir"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
echo "Checking for existence of /etc/dnsmasq.d"
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
echo "Copying bridged AP config to /etc/systemd/network"
sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_status 1 "Unable to move br0 netdev file"
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_status 1 "Unable to move br0 member file"
echo "Copying primary RaspAP config to includes/config.php"
if [ ! -f "$webroot_dir/includes/config.php" ]; then
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
fi
_install_status 0
fi
2020-03-21 09:07:40 +01:00
}
2020-03-21 09:07:40 +01:00
# Install and enable RaspAP daemon
2020-03-23 10:31:18 +01:00
function _enable_raspap_daemon() {
_install_log "Enabling RaspAP daemon"
2020-03-22 14:40:34 +01:00
echo "Disable with: sudo systemctl disable raspapd.service"
sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_status 1 "Unable to move raspap.service file"
2020-03-21 09:07:40 +01:00
sudo systemctl daemon-reload
sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
2020-03-21 09:07:40 +01:00
}
# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
2020-03-23 10:31:18 +01:00
function _configure_networking() {
_install_log "Configuring networking"
echo "Enabling IP forwarding"
echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_status 1 "Unable to set IP forwarding"
sudo sysctl -p $raspap_sysctl || _install_status 1 "Unable to execute sysctl"
sudo /etc/init.d/procps restart || _install_status 1 "Unable to execute procps"
2020-03-25 23:59:51 +01:00
echo "Checking iptables rules"
rules=(
"-A POSTROUTING -j MASQUERADE"
"-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE"
)
for rule in "${rules[@]}"; do
if grep -- "$rule" $rulesv4 > /dev/null; then
echo "Rule already exits: ${rule}"
else
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
echo "Adding rule: ${rule}"
sudo iptables $rule || _install_status 1 "Unable to execute iptables"
2020-03-25 23:59:51 +01:00
added=true
fi
done
# Persist rules if added
if [ "$added" = true ]; then
echo "Persisting IP tables rules"
sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_status 1 "Unable to execute iptables-save"
2020-03-25 23:59:51 +01:00
fi
2019-04-19 13:36:09 +02:00
# Prompt to install RaspAP daemon
2019-04-21 12:59:36 +02:00
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
2020-03-23 10:31:18 +01:00
_enable_raspap_daemon
fi
else
echo -e
2020-03-23 10:31:18 +01:00
_enable_raspap_daemon
2019-04-21 12:59:36 +02:00
fi
_install_status 0
2020-03-21 09:07:40 +01:00
}
# Add sudoers file to /etc/sudoers.d/ and set file permissions
2020-03-23 10:31:18 +01:00
function _patch_system_files() {
# Create sudoers if not present
if [ ! -f $raspap_sudoers ]; then
2020-03-23 10:31:18 +01:00
_install_log "Adding raspap.sudoers to ${raspap_sudoers}"
sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_status 1 "Unable to apply raspap.sudoers to $raspap_sudoers"
sudo chmod 0440 $raspap_sudoers || _install_status 1 "Unable to change file permissions for $raspap_sudoers"
fi
2019-03-09 18:48:51 +01:00
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
2020-03-23 10:31:18 +01:00
_install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
fi
2019-03-09 19:45:27 +01:00
# Unmask and enable hostapd.service
2020-03-23 10:31:18 +01:00
_install_log "Unmasking and enabling hostapd service"
2019-03-09 18:48:51 +01:00
sudo systemctl unmask hostapd.service
2019-03-09 19:45:27 +01:00
sudo systemctl enable hostapd.service
_install_status 0
2016-06-16 15:16:19 +02:00
}
# Optimize configuration of php-cgi.
2020-03-23 10:31:18 +01:00
function _optimize_php() {
if [ "$upgrade" == 0 ]; then
_install_log "Optimize PHP configuration"
if [ ! -f "$phpcgiconf" ]; then
_install_warning "PHP configuration could not be found."
return
fi
# Backup php.ini and create symlink for restoring.
datetimephpconf=$(date +%F-%R)
sudo cp "$phpcgiconf" "$raspap_dir/backups/php.ini.$datetimephpconf"
sudo ln -sf "$raspap_dir/backups/php.ini.$datetimephpconf" "$raspap_dir/backups/php.ini"
echo -n "Enable HttpOnly for session cookies (Recommended)? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
php_session_cookie=1;
fi
fi
if [ "$assume_yes" == 1 ] || [ "$php_session_cookie" == 1 ]; then
echo "Php-cgi enabling session.cookie_httponly."
sudo sed -i -E 's/^session\.cookie_httponly\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/session.cookie_httponly = 1/' "$phpcgiconf"
fi
if [ "$php_package" = "php7.1-cgi" ]; then
echo -n "Enable PHP OPCache (Recommended)? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
php_opcache=1;
fi
fi
if [ "$assume_yes" == 1 ] || [ "$phpopcache" == 1 ]; then
echo -e "Php-cgi enabling opcache.enable."
sudo sed -i -E 's/^;?opcache\.enable\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/opcache.enable = 1/' "$phpcgiconf"
# Make sure opcache extension is turned on.
if [ -f "/usr/sbin/phpenmod" ]; then
sudo phpenmod opcache
else
_install_status 2 "phpenmod not found."
fi
fi
fi
fi
}
2020-03-23 10:31:18 +01:00
function _install_complete() {
2020-07-03 13:43:47 +02:00
_install_log "Installation completed"
2021-02-10 18:13:34 +01:00
echo "Join RaspAP Insiders for access to exclusive features:"
2020-07-03 13:43:47 +02:00
echo -e "${ANSI_RASPBERRY}"
2021-02-03 10:18:44 +01:00
echo "> https://github.com/sponsors/RaspAP"
2020-07-03 13:43:47 +02:00
echo -e "${ANSI_RESET}"
if [ "$assume_yes" == 0 ]; then
# Prompt to reboot if wired ethernet (eth0) is connected.
# With default_configuration this will create an active AP on restart.
if ip a | grep -q ': eth0:.*state UP'; then
echo -n "The system needs to be rebooted as a final step. Reboot now? [y/N]: "
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo "Installation reboot aborted."
exit 0
fi
sudo shutdown -r now || _install_status 1 "Unable to execute shutdown"
2019-04-08 00:13:05 +02:00
fi
2016-06-16 15:16:19 +02:00
fi
}