diff --git a/installers/common.sh b/installers/common.sh index dba8a0b9..8b532be3 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -28,7 +28,12 @@ readonly raspap_network="$raspap_dir/networking/" readonly rulesv4="/etc/iptables/rules.v4" readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/" webroot_dir="/var/www/html" -git_source_url="https://github.com/$repo" # $repo from install.raspap.com + +if [ "$insiders" == 1 ]; then + repo="RaspAP/raspap-insiders" + branch=${RASPAP_INSIDERS_LATEST} +fi +git_source_url="https://github.com/$repo" # NOTE: all the below functions are overloadable for system-specific installs function _install_raspap() { @@ -50,6 +55,7 @@ function _install_raspap() { _configure_networking _prompt_install_adblock _prompt_install_openvpn + _prompt_install_wireguard _patch_system_files _install_complete } @@ -77,7 +83,7 @@ function _config_installation() { fi echo "${opt[1]} lighttpd directory: ${webroot_dir}" if [ "$upgrade" == 1 ]; then - echo "This will upgrade your existing install to version ${RASPAP_LATEST}" + echo "This will upgrade your existing install to version ${RASPAP_RELEASE}" echo "Your configuration will NOT be changed" fi echo -n "Complete ${opt[2]} with these values? [Y/n]: " @@ -170,6 +176,8 @@ function _create_raspap_directories() { # Create a directory to store networking configs echo "Creating $raspap_dir/networking" sudo mkdir -p "$raspap_dir/networking" + echo "Changing file ownership of $raspap_dir" + sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'" } # Generate hostapd logging and service control scripts @@ -313,6 +321,49 @@ function _prompt_install_openvpn() { fi } +# Prompt to install WireGuard +function _prompt_install_wireguard() { + if [ "$insiders" == 1 ]; then + _install_log "Configure WireGuard support" + echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: " + if [ "$assume_yes" == 0 ]; then + read answer < /dev/tty + if [ "$answer" != "${answer#[Nn]}" ]; then + echo -e + else + _install_wireguard + fi + elif [ "$wg_option" == 1 ]; then + _install_wireguard + else + echo "(Skipped)" + fi + fi +} + +# Install Wireguard from the Debian unstable distro +function _install_wireguard() { + _install_log "Configure WireGuard support" + if [ "$OS" == "Raspbian" ]; then + echo "Installing raspberrypi-kernel-headers" + sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers" + fi + echo "Installing WireGuard from Debian unstable distro" + echo "Adding Debian distro" + echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list" + sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr" + echo "Adding Debian distro keys" + sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys" + printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d" + echo "Installing WireGuard" + sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard" + echo "Enabling wg-quick@wg0" + sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service" + echo "Enabling WireGuard management option" + sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php" + _install_status 0 +} + # Install openvpn and enable client configuration option function _install_openvpn() { _install_log "Installing OpenVPN and enabling client configuration" @@ -329,9 +380,10 @@ function _create_openvpn_scripts() { _install_log "Creating OpenVPN control scripts" sudo mkdir $raspap_dir/openvpn || _install_status 1 "Unable to create directory '$raspap_dir/openvpn'" - # Move service auth control shell scripts + # Move service auth control & logging shell scripts sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_status 1 "Unable to move auth control script" - # Make configauth.sh writable by www-data group + sudo cp "$webroot_dir/installers/"openvpnlog.sh "$raspap_dir/openvpn" || _install_status 1 "Unable to move logging script" + # Make scripts executable by www-data group sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_status 1 "Unable change owner and/or group" sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_status 1 "Unable to change file permissions" _install_status 0 diff --git a/installers/openvpnlog.sh b/installers/openvpnlog.sh new file mode 100755 index 00000000..96e79e2d --- /dev/null +++ b/installers/openvpnlog.sh @@ -0,0 +1,3 @@ +#!/bin/bash +touch /tmp/openvpn.log +grep -m 100 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log diff --git a/installers/raspbian.sh b/installers/raspbian.sh index 469fff7f..f0e2eb4a 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -17,6 +17,7 @@ # -a, --adblock Used with -y, --yes, sets Adblock install option (0=no install) # -r, --repo, --repository Overrides the default GitHub repo (raspap/raspap-webgui) # -b, --branch Overrides the default git branch (master) +# -t, --token Specify a GitHub token to access a private repository # -u, --upgrade Upgrades an existing installation to the latest release version # -i, --insiders Installs from the Insiders Edition (raspap/raspap-insiders) # -v, --version Outputs release info and exits @@ -36,8 +37,7 @@ set -eo pipefail function _main() { # set defaults - repo="raspap/raspap-webgui" # override with -r, --repo option - + repo="RaspAP/raspap-webgui" # override with -r, --repo option _parse_params "$@" _setup_colors _log_output @@ -50,6 +50,8 @@ function _parse_params() { upgrade=0 ovpn_option=1 adblock_option=1 + insiders=0 + acctoken="" while :; do case "${1-}" in @@ -83,7 +85,10 @@ function _parse_params() { upgrade=1 ;; -i|--insiders) - repo="raspap/raspap-insiders" + insiders=1 + ;; + -t|--token) + acctoken="$2" ;; -v|--version) _version @@ -129,6 +134,7 @@ OPTIONS: -a, --adblock Used with -y, --yes, sets Adblock install option (0=no install) -r, --repo, --repository Overrides the default GitHub repo (raspap/raspap-webgui) -b, --branch Overrides the default git branch (latest release) +-t, --token Specify a GitHub token to access a private repository -u, --upgrade Upgrades an existing installation to the latest release version -i, --insiders Installs from the Insiders Edition (raspap/raspap-insiders) -v, --version Outputs release info and exits @@ -153,7 +159,7 @@ EOF function _version() { _get_release - echo -e "RaspAP v${RASPAP_LATEST} - Simple wireless AP setup & management for Debian-based devices" + echo -e "RaspAP v${RASPAP_RELEASE} - Simple wireless AP setup & management for Debian-based devices" exit } @@ -167,18 +173,19 @@ function _display_welcome() { echo -e " 88 88 88. .88 88 88. .88 88 88 88" echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP" echo -e " 88" - echo -e " dP version ${RASPAP_LATEST}" + echo -e " dP version ${RASPAP_RELEASE}" echo -e "${ANSI_GREEN}" echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n" } -# Fetch latest release from GitHub API +# Fetch latest release from GitHub or RaspAP Installer API function _get_release() { - if [ "$repo" == "raspap/raspap-insiders" ]; then - readonly RASPAP_LATEST="Insiders" - branch="master" + readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) + if [ "$insiders" == 1 ]; then + RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' ) + RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders" else - readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) + RASPAP_RELEASE="${RASPAP_LATEST}" fi } @@ -222,15 +229,21 @@ function _load_installer() { branch=$RASPAP_LATEST fi + # add optional auth token header if defined with -t, --token option + header=() + if [[ ! -z "$acctoken" ]]; then + header=(--header "Authorization: token $acctoken") + fi + UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/" if [ "${install_cert:-}" = 1 ]; then source="mkcert" - wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh + wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh _install_certificate || _install_status 1 "Unable to install certificate" else source="common" - wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh + wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh _install_raspap || _install_status 1 "Unable to install RaspAP" fi