1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
raspap-webgui/installers/common.sh

502 lines
20 KiB
Bash
Executable File

#!/bin/bash
#
# RaspAP installation functions.
# author: @billz
# license: GNU General Public License v3.0
raspap_dir="/etc/raspap"
raspap_user="www-data"
raspap_sudoers="/etc/sudoers.d/090_raspap"
raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf"
raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
webroot_dir="/var/www/html"
git_source_url="https://github.com/$repo" # $repo from install.raspap.com
# Fetch details for various Linux distros
if type lsb_release >/dev/null 2>&1; then # linuxbase.org
OS=$(lsb_release -si)
RELEASE=$(lsb_release -sr)
CODENAME=$(lsb_release -sc)
DESC=$(lsb_release -sd)
elif [ -f /etc/os-release ]; then # freedesktop.org
. /etc/os-release
OS=$ID
RELEASE=$VERSION_ID
CODENAME=$VERSION_CODENAME
DESC=$PRETTY_NAME
else
install_error "Unsupported Linux distribution"
fi
# Set default home for lighttpd, dhcpcd5 and php package option
# based on Linux OS, version
if [ "$RELEASE" -eq "10" ]; then
php_package="php7.3-cgi"
elif [ "$RELEASE" -eq "9" ]; then
php_package="php7.0-cgi"
elif [ "$RELEASE" -eq "8" ]; then
install_error "${DESC} and php5 are not supported. Please upgrade."
elif [ "$RELEASE" -lt "8" ]; then
install_error "${DESC} is unsupported. Please install on a supported distro."
fi
if [ ${OS,,} = "debian" ]; then
dhcpcd_package="dhcpcd5"
fi
if [ "$php_package" = "php7.3-cgi" ]; then
phpcgiconf="/etc/php/7.3/cgi/php.ini"
elif [ "$php_package" = "php7.0-cgi" ]; then
phpcgiconf="/etc/php/7.0/cgi/php.ini"
fi
### NOTE: all the below functions are overloadable for system-specific installs
# Prompts user to set options for installation
function config_installation() {
install_log "Configure installation"
echo "Detected ${DESC}"
echo "Install directory: ${raspap_dir}"
echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
read -e -p < /dev/tty "Enter alternate Lighttpd directory: " -i "/var/www/html" webroot_dir
fi
else
echo -e
fi
echo "Install to Lighttpd directory: ${webroot_dir}"
echo -n "Complete installation with these values? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo "Installation aborted."
exit 0
fi
else
echo -e
fi
}
# Runs a system software update to make sure we're using all fresh packages
function install_dependencies() {
install_log "Installing required packages"
sudo apt-get install $apt_option lighttpd git hostapd dnsmasq $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies"
}
# Enables PHP for lighttpd and restarts service for settings to take effect
function enable_php_lighttpd() {
install_log "Enabling PHP for lighttpd"
sudo lighttpd-enable-mod fastcgi-php
sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd"
}
# Verifies existence and permissions of RaspAP directory
function create_raspap_directories() {
install_log "Creating RaspAP directories"
if [ -d "$raspap_dir" ]; then
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way"
fi
sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'"
# Create a directory for existing file backups.
sudo mkdir -p "$raspap_dir/backups"
# Create a directory to store networking configs
sudo mkdir -p "$raspap_dir/networking"
# Copy existing dhcpcd.conf to use as base config
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
}
# Generate hostapd logging and service control scripts
function create_hostapd_scripts() {
install_log "Creating hostapd logging & control scripts"
sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'"
# Move logging shell scripts
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts"
# Move service control shell scripts
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts"
# Make enablelog.sh and disablelog.sh not writable by www-data group.
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions"
}
# Generate lighttpd service control scripts
function create_lighttpd_scripts() {
install_log "Creating lighttpd control scripts"
sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd"
# Move service control shell scripts
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts"
# Make configport.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions"
}
# Prompt to install openvpn
function prompt_install_openvpn() {
install_log "Setting up OpenVPN support (beta)"
echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
install_openvpn
fi
elif [ "$ovpn_option" == 1 ]; then
install_openvpn
fi
}
# Install openvpn and enable client configuration option
function install_openvpn() {
install_log "Installing OpenVPN and enabling client configuration"
sudo apt-get install -y openvpn || install_error "Unable to install openvpn"
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php"
echo "Enabling openvpn-client service on boot"
sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon"
create_openvpn_scripts || install_error "Unable to create openvpn control scripts"
}
# Generate openvpn logging and auth control scripts
function create_openvpn_scripts() {
install_log "Creating OpenVPN control scripts"
sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'"
# Move service auth control shell scripts
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script"
# Make configauth.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions"
}
# Fetches latest files from github to webroot
function download_latest_files() {
if [ ! -d "$webroot_dir" ]; then
sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory"
fi
if [ -d "$webroot_dir" ]; then
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory"
fi
install_log "Cloning latest files from github"
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github"
sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root"
}
# Sets files ownership in web root directory
function change_file_ownership() {
if [ ! -d "$webroot_dir" ]; then
install_error "Web root directory doesn't exist"
fi
install_log "Changing file ownership in web root directory"
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'"
}
# Check for existing configuration files
function check_for_old_configs() {
if [ -f /etc/network/interfaces ]; then
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
fi
if [ -f /etc/hostapd/hostapd.conf ]; then
sudo cp /etc/hostapd/hostapd.conf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
fi
if [ -f $raspap_dnsmasq ]; then
sudo cp $raspap_dnsmasq "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf"
fi
if [ -f /etc/dhcpcd.conf ]; then
sudo cp /etc/dhcpcd.conf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
fi
if [ -f $raspap_sysctl ]; then
sudo cp $raspap_sysctl "$raspap_dir/backups/rc.local.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local"
fi
for file in /etc/systemd/network/raspap-*.net*; do
if [-f "${file}" ]; then
filename = $(basename $file)
sudo cp "$file" "${raspap_dir}/backups/${filename}.`date +%F-%R`"
sudo ln -sf "${raspap_dir}/backups/${filename}.`date +%F-%R`" "${raspap_dir}/backups/${filename}"
fi
done
}
# Move configuration file to the correct location
function move_config_file() {
if [ ! -d "$raspap_dir" ]; then
install_error "'$raspap_dir' directory doesn't exist"
fi
install_log "Moving configuration file to '$raspap_dir'"
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
}
# Set up default configuration
function default_configuration() {
install_log "Applying default configuration to installed services"
if [ -f /etc/default/hostapd ]; then
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file"
fi
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file"
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file"
sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || install_error "Unable to move dnsmasq configuration file"
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file"
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file"
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file"
if [ ! -f "$webroot_dir/includes/config.php" ]; then
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
fi
# Enable IP forwarding in /etc/sysctl.d/90_raspap.conf
if [ ! -f $raspap_sysctl ]; then
echo "Enabling IP forwarding"
sudo touch $raspap_sysctl || install_error "Unable to create ${raspap_sysctl}"
fi
line='echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward'
if grep "$line" $raspap_sysctl > /dev/null; then
echo "$line: Line already added"
else
sudo sed -i "s/^exit 0$/$line\nexit 0/" $raspap_sysctl
echo "Adding line $line to $raspap_sysctl"
fi
echo "Applying persistent IP tables rules"
if [ ! -f "/etc/iptables/iptables.rules" ]; then
sudo cp $webroot_dir/installers/iptables.rules /etc/iptables
fi
if [ ! -f "/etc/systemd/system/iptables.service" ]; then
echo "Enabling iptables.service"
sudo cp $webroot_dir/installers/iptables.service /etc/systemd/system/ || install_error "Unable to move iptables.service file"
sudo systemctl daemon-reload
sudo systemctl enable iptables.service || install_error "Failed to enable iptables.service"
sudo systemctl start iptables.service || install_error "Unable to start iptables.service"
fi
# Prompt to install RaspAP daemon
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
enable_raspap_daemon
fi
else
echo -e
enable_raspap_daemon
fi
}
# Install and enable RaspAP daemon
function enable_raspap_daemon() {
install_log "Enabling RaspAP daemon"
echo "Disable with: sudo systemctl disable raspap.service"
sudo cp $webroot_dir/installers/raspap.service /etc/systemd/system/ || install_error "Unable to move raspap.service file"
sudo systemctl daemon-reload
sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service"
sudo systemctl start raspap.service || intall_error "Unable to start raspap.service"
}
# Add a single entry to the sudoers file
function sudo_add() {
sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | tee -a $raspap_sudoers" \
|| install_error "Unable to patch /etc/sudoers"
}
# Adds www-data user to the sudoers file with restrictions on what the user can execute
function patch_system_files() {
# Set commands array
cmds=(
"/sbin/ifdown"
"/sbin/ifup"
"/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf"
"/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf"
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
"/sbin/wpa_cli -i wlan[0-9] scan_results"
"/sbin/wpa_cli -i wlan[0-9] scan"
"/sbin/wpa_cli -i wlan[0-9] reconfigure"
"/sbin/wpa_cli -i wlan[0-9] select_network"
"/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf"
"/bin/systemctl start hostapd.service"
"/bin/systemctl stop hostapd.service"
"/bin/systemctl start dnsmasq.service"
"/bin/systemctl stop dnsmasq.service"
"/bin/systemctl start openvpn-client@client"
"/bin/systemctl enable openvpn-client@client"
"/bin/systemctl stop openvpn-client@client"
"/bin/systemctl disable openvpn-client@client"
"/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf"
"/bin/cp /tmp/authdata /etc/openvpn/client/login.conf"
"/bin/cp /tmp/dnsmasqdata ${raspap_dnsmasq}"
"/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf"
"/sbin/shutdown -h now"
"/sbin/reboot"
"/sbin/ip link set wlan[0-9] down"
"/sbin/ip link set wlan[0-9] up"
"/sbin/ip -s a f label wlan[0-9]"
"/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf"
"/etc/raspap/hostapd/enablelog.sh"
"/etc/raspap/hostapd/disablelog.sh"
"/etc/raspap/hostapd/servicestart.sh"
"/etc/raspap/lighttpd/configport.sh"
"/etc/raspap/openvpn/configauth.sh"
"/bin/chmod o+r /tmp/hostapd.log"
"/bin/chmod o+r /tmp/dnsmasq.log"
)
# Create sudoers if not present
if [ ! -f $raspap_sudoers ]; then
install_log "Creating ${raspap_sudoers}"
sudo touch $raspap_sudoers
fi
# Check if sudoers needs patching
if [ $(sudo grep -c $raspap_user $raspap_sudoers) -ne ${#cmds[@]} ]; then
# Sudoers file has incorrect number of commands. Wiping them out.
install_log "Cleaning system sudoers file"
sudo sed -i "/$raspap_user/d" $raspap_sudoers
install_log "Patching system sudoers file"
# patch /etc/sudoers.d/090_raspap file
for cmd in "${cmds[@]}"
do
sudo_add $cmd
IFS=$'\n'
done
else
install_log "Sudoers file already patched"
fi
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
fi
# Unmask and enable hostapd.service
install_log "Unmasking and enabling hostapd service"
sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service
}
# Optimize configuration of php-cgi.
function optimize_php() {
install_log "Optimize PHP configuration"
if [ ! -f "$phpcgiconf" ]; then
install_warning "PHP configuration could not be found."
return
fi
# Backup php.ini and create symlink for restoring.
datetimephpconf=$(date +%F-%R)
sudo cp "$phpcgiconf" "$raspap_dir/backups/php.ini.$datetimephpconf"
sudo ln -sf "$raspap_dir/backups/php.ini.$datetimephpconf" "$raspap_dir/backups/php.ini"
echo -n "Enable HttpOnly for session cookies (Recommended)? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
php_session_cookie=1;
fi
fi
if [ "$assume_yes" == 1 ] || [ "$php_session_cookie" == 1 ]; then
echo "Php-cgi enabling session.cookie_httponly."
sudo sed -i -E 's/^session\.cookie_httponly\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/session.cookie_httponly = 1/' "$phpcgiconf"
fi
if [ "$php_package" = "php7.1-cgi" ]; then
echo -n "Enable PHP OPCache (Recommended)? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
php_opcache=1;
fi
fi
if [ "$assume_yes" == 1 ] || [ "$phpopcache" == 1 ]; then
echo -e "Php-cgi enabling opcache.enable."
sudo sed -i -E 's/^;?opcache\.enable\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/opcache.enable = 1/' "$phpcgiconf"
# Make sure opcache extension is turned on.
if [ -f "/usr/sbin/phpenmod" ]; then
sudo phpenmod opcache
else
install_warning "phpenmod not found."
fi
fi
fi
}
function install_complete() {
install_log "Installation completed!"
if [ "$assume_yes" == 0 ]; then
# Prompt to reboot if wired ethernet (eth0) is connected.
# With default_configuration this will create an active AP on restart.
if ip a | grep -q ': eth0:.*state UP'; then
echo -n "The system needs to be rebooted as a final step. Reboot now? [y/N]: "
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo "Installation reboot aborted."
exit 0
fi
sudo shutdown -r now || install_error "Unable to execute shutdown"
fi
fi
}
function install_raspap() {
display_welcome
config_installation
update_system_packages
install_dependencies
enable_php_lighttpd
create_raspap_directories
optimize_php
check_for_old_configs
download_latest_files
change_file_ownership
create_hostapd_scripts
create_lighttpd_scripts
move_config_file
default_configuration
prompt_install_openvpn
patch_system_files
install_complete
}