Merge branch 'master' into feature/zbchristian-clients

2025-03-01 10:31:47 +00:00 · 2021-03-21 18:00:40 +01:00
parent 68ec5f7db5 1b47fcf2a9
commit e16844294b
29 changed files with 1001 additions and 42 deletions
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -28,7 +28,12 @@ readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
-git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
+
+if [ "$insiders" == 1 ]; then
+    repo="RaspAP/raspap-insiders"
+    branch=${RASPAP_INSIDERS_LATEST}
+fi
+git_source_url="https://github.com/$repo"

 # NOTE: all the below functions are overloadable for system-specific installs
 function _install_raspap() {
@@ -51,6 +56,7 @@ function _install_raspap() {
    _prompt_install_adblock
    _prompt_install_openvpn
    _install_features
+    _prompt_install_wireguard
    _patch_system_files
    _install_complete
 }
@@ -93,7 +99,7 @@ function _config_installation() {
    fi
    echo "${opt[1]} lighttpd directory: ${webroot_dir}"
    if [ "$upgrade" == 1 ]; then
-        echo "This will upgrade your existing install to version ${RASPAP_LATEST}"
+        echo "This will upgrade your existing install to version ${RASPAP_RELEASE}"
        echo "Your configuration will NOT be changed"
    fi
    echo -n "Complete ${opt[2]} with these values? [Y/n]: "
@@ -334,6 +340,49 @@ function _prompt_install_openvpn() {
    fi
 }

+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    if [ "$insiders" == 1 ]; then
+        _install_log "Configure WireGuard support"
+        echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
+        if [ "$assume_yes" == 0 ]; then
+            read answer < /dev/tty
+            if [ "$answer" != "${answer#[Nn]}" ]; then
+                echo -e
+            else
+                _install_wireguard
+            fi
+        elif [ "$wg_option" == 1 ]; then
+            _install_wireguard
+        else
+            echo "(Skipped)"
+        fi
+    fi
+}
+
+# Install Wireguard from the Debian unstable distro
+function _install_wireguard() {
+    _install_log "Configure WireGuard support"
+    if [ "$OS" == "Raspbian" ]; then
+        echo "Installing raspberrypi-kernel-headers"
+        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    fi
+    echo "Installing WireGuard from Debian unstable distro"
+    echo "Adding Debian distro"
+    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
+    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
+    echo "Adding Debian distro keys"
+    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
+    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    echo "Installing WireGuard"
+    sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
+    echo "Enabling WireGuard management option"
+    sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
+    _install_status 0
+}
+
 # Install openvpn and enable client configuration option
 function _install_openvpn() {
    _install_log "Installing OpenVPN and enabling client configuration"
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -41,8 +41,11 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/openvpnlog.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
+www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/socat - /dev/ttyUSB[0-9]
 www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *
@@ -50,3 +53,10 @@ www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
 www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh *
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -15,11 +15,11 @@
 # -c, --cert, --certficate          Installs mkcert and generates an SSL certificate for lighttpd
 # -o, --openvpn <flag>              Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>              Used with -y, --yes, sets Adblock install option (0=no install)
-# -r, --repo, --repository <name>   Overrides the default GitHub repo (raspap/raspap-webgui)
+# -r, --repo, --repository <name>   Overrides the default GitHub repo (RaspAP/raspap-webgui)
 # -b, --branch <name>               Overrides the default git branch (master)
-# -t, --token <accesstoken>         Token to access a private repository
+# -t, --token <accesstoken>         Specify a GitHub token to access a private repository
 # -u, --upgrade                     Upgrades an existing installation to the latest release version
-# -i, --insiders                    Installs from the Insiders Edition (raspap/raspap-insiders)
+# -i, --insiders                    Installs from the Insiders Edition (RaspAP/raspap-insiders)
 # -v, --version                     Outputs release info and exits
 # -h, --help                        Outputs usage notes and exits
 #
@@ -37,7 +37,7 @@ set -eo pipefail

 function _main() {
    # set defaults
-    repo="raspap/raspap-webgui" # override with -r, --repo option
+    repo="RaspAP/raspap-webgui" # override with -r, --repo option
    _parse_params "$@"
    _setup_colors
    _log_output
@@ -45,11 +45,12 @@ function _main() {
 }

 function _parse_params() {
-    # default flag values
+    # default option values
    assume_yes=0
    upgrade=0
    ovpn_option=1
    adblock_option=1
+    insiders=0
    acctoken=""

    while :; do
@@ -84,7 +85,11 @@ function _parse_params() {
            upgrade=1
            ;;
            -i|--insiders)
-            repo="raspap/raspap-insiders"
+            insiders=1 
+            ;;
+            -t|--token)
+            acctoken="$2"
+            shift
            ;;
            -t|--token)
            acctoken="$2"
@@ -132,10 +137,11 @@ OPTIONS:
 -c, --cert, --certificate           Installs an SSL certificate for lighttpd
 -o, --openvpn <flag>                Used with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>                Used with -y, --yes, sets Adblock install option (0=no install)
-r, --repo, --repository <name>     Overrides the default GitHub repo (raspap/raspap-webgui)
+-r, --repo, --repository <name>     Overrides the default GitHub repo (RaspAP/raspap-webgui)
 -b, --branch <name>                 Overrides the default git branch (latest release)
+-t, --token <accesstoken>           Specify a GitHub token to access a private repository
 -u, --upgrade                       Upgrades an existing installation to the latest release version
-i, --insiders                      Installs from the Insiders Edition (raspap/raspap-insiders)
+-i, --insiders                      Installs from the Insiders Edition (RaspAP/raspap-insiders)
 -v, --version                       Outputs release info and exits
 -h, --help                          Outputs usage notes and exits

@@ -158,7 +164,7 @@ EOF

 function _version() {
    _get_release
-    echo -e "RaspAP v${RASPAP_LATEST} - Simple wireless AP setup & management for Debian-based devices"
+    echo -e "RaspAP v${RASPAP_RELEASE} - Simple wireless AP setup & management for Debian-based devices"
    exit
 }

@@ -172,20 +178,19 @@ function _display_welcome() {
    echo -e " 88     88 88.  .88       88 88.  .88 88     88   88"
    echo -e " dP     dP  88888P8  88888P  88Y888P  88     88   dP"
    echo -e "                             88"
-    echo -e "                             dP       version ${RASPAP_LATEST}"
+    echo -e "                             dP      version ${RASPAP_RELEASE}"
    echo -e "${ANSI_GREEN}"
    echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }

-# Fetch latest release from GitHub API
+# Fetch latest release from GitHub or RaspAP Installer API
 function _get_release() {
-    if [ "$repo" == "raspap/raspap-insiders" ]; then
-        readonly RASPAP_LATEST="Insiders"
-        if [ -z ${branch} ]; then
-           branch="master"
-		fi
+    readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
+    if [ "$insiders" == 1 ]; then
+        readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
+        readonly RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
    else
-        readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
+        readonly RASPAP_RELEASE="${RASPAP_LATEST}"
    fi
 }

@@ -230,6 +235,12 @@ function _load_installer() {
        branch=$RASPAP_LATEST
    fi

+    # add optional auth token header if defined with -t, --token option
+    header=()
+    if [[ ! -z "$acctoken" ]]; then
+        header=(--header "Authorization: token $acctoken")
+    fi
+
    UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
    header=()
    if [[ ! -z "$acctoken" ]]; then
@@ -242,7 +253,7 @@ function _load_installer() {
        _install_certificate || _install_status 1 "Unable to install certificate"
    else
        source="common"
-        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh  -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
        source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
        _install_raspap || _install_status 1 "Unable to install RaspAP"
    fi