Install cryptpad on mesh clients

src/freedombone-app-cryptpad

@@ -215,6 +215,162 @@ function remove_cryptpad {
     userdel -r cryptpad
 }
 
+function mesh_install_cryptpad {
+    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+        return
+    fi
+
+    if [ ! -d $rootdir/var/www/cryptpad ]; then
+        mkdir $rootdir/var/www/cryptpad
+    fi
+    if [ -d $rootdir$CRYPTPAD_DIR ]; then
+        rm -rf $rootdir$CRYPTPAD_DIR
+    fi
+
+    git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR
+
+    if [ ! -d $rootdir$CRYPTPAD_DIR ]; then
+        echo $'Unable to clone cryptpad repo'
+        exit 783251
+    fi
+
+    # an unprivileged user to run as
+    chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
+
+    cd $rootdir$CRYPTPAD_DIR
+    git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
+
+    chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
+
+    cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
+    echo 'server {' > $cryptpad_nginx_site
+    echo "  listen 80 default_server;" >> $cryptpad_nginx_site
+    echo "  server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  # Logs' >> $cryptpad_nginx_site
+    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
+    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  # Root' >> $cryptpad_nginx_site
+    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  index index.html;' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
+    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
+    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
+    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
+    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
+    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
+    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
+    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
+    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
+    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
+    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+
+    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
+    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
+    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
+    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '  location = /api/config {' >> $cryptpad_nginx_site
+    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
+    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
+    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
+    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
+    echo '}' >> $cryptpad_nginx_site
+    ln -s $cryptpad_nginx_site $rootdir/etc/nginx/sites-enabled/cryptpad
+
+    cd $rootdir$CRYPTPAD_DIR
+
+    get_npm_arch
+
+    cat <<EOF > $rootdir/usr/bin/install_cryptpad
+#!/bin/bash
+cd $CRYPTPAD_DIR
+npm install --arch=$NPM_ARCH --build-from-source
+npm install --arch=$NPM_ARCH -g bower@1.8.0
+chown -R cryptpad:cryptpad $CRYPTPAD_DIR
+su -c 'bower install' - cryptpad
+cp config.example.js config.js
+EOF
+
+    if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then
+        echo $'Cryptpad config file not found'
+        exit 628252
+    fi
+
+    sed -i "s|httpPort:.*|httpPort: $CRYPTPAD_PORT,|g" $rootdir$CRYPTPAD_DIR/config.js
+    sed -i "s|// domain:|domain:|g" $rootdir$CRYPTPAD_DIR/config.js
+    sed -i 's|openFileLimit:.*|openFileLimit: 1024,|g' $rootdir$CRYPTPAD_DIR/config.js
+    sed -i "s|domain:.*|domain: 'http://P${PEER_ID}.local',|g" $rootdir$CRYPTPAD_DIR/config.js
+
+    chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
+
+    # daemon
+    echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service
+    echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service
+    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service
+    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service
+    chroot "$rootdir" systemctl enable cryptpad.service
+}
+
 function install_cryptpad_main {
     if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
         return

src/freedombone-image-customise

@@ -697,6 +697,7 @@ initialise_mesh() {
     install_tox
     install_web_server
     install_pelican
+    mesh_install_cryptpad
     if [ $ENABLE_ZERONET ]; then
         install_zeronet
     fi

src/freedombone-image-mesh

@@ -85,6 +85,24 @@ VPN_MESH_TLS_PORT=653
 
 SCUTTLEBOT_PORT=8010
 
+CRYPTPAD_PORT=9003
+CRYPTPAD_DIR=/etc/cryptpad
+
+function enable_cryptpad {
+    if [ ! -d $CRYPTPAD_DIR ]; then
+        return
+    fi
+    if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
+        mkdir -p $CRYPTPAD_DIR/customize/api
+    fi
+    wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
+    if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
+        echo $'Unable to wget api/config'
+        exit 89252
+    fi
+    chown -R cryptpad:cryptpad $CRYPTPAD_DIR
+}
+
 # Debian stretch has a problem where the formerly predictable wlan0 and eth0
 # device names get assigned random names. This is a hacky workaround.
 # Also adding net.ifnames=0 to kernel options on bootloader may work.
@@ -873,12 +891,16 @@ if [ -f $MESH_INSTALL_SETUP ]; then
     #create_ram_disk 1
     #setup_amnesic_data
     change_avahi_name
+    if [ -d $CRYPTPAD_DIR ]; then
+        systemctl start cryptpad
+    fi
     configure_toxcore
     create_tox_user
     #setup_tahoelafs
     mesh_setup_vpn
     initialise_scuttlebot_pub
     setup_ipfs
+    enable_cryptpad
     mesh_amnesic
     make_root_read_only
 

src/freedombone-utils-guile

@@ -54,6 +54,7 @@ function install_8sync {
     configure
     make
     make install
+    export GUILE_LOAD_COMPILED_PATH="$INSTALL_DIR/8sync"
 }
 
 function install_guile {