irc configuration for onion only systems

src/freedombone-app-irc

@@ -97,11 +97,12 @@ function create_irssi_config {
     echo '  },' >> /home/${new_username}/.irssi/config
     echo '  {' >> /home/${new_username}/.irssi/config
     echo "    address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config
-    echo '    use_ssl = "yes";' >> /home/${new_username}/.irssi/config
     echo '    ssl_verify = "no";' >> /home/${new_username}/.irssi/config
     if [[ ${ONION_ONLY} == 'no' ]]; then
+        echo '    use_ssl = "yes";' >> /home/${new_username}/.irssi/config
         echo "    port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config
     else
+        echo '    use_ssl = "no";' >> /home/${new_username}/.irssi/config
         IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}')
         echo "    port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config
     fi
@@ -517,15 +518,17 @@ function install_irc_server {
     sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
     sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
     sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
-    else
-        sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
-    fi
-    sed -i "s|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam|g" /etc/ngircd/ngircd.conf
-    sed -i "s|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/ngircd/ngircd.conf
     sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/1" /etc/ngircd/ngircd.conf
-    sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/2" /etc/ngircd/ngircd.conf
+    if [[ $ONION_ONLY == 'no' ]]; then
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
+        else
+            sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
+        fi
+        sed -i "s|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam|g" /etc/ngircd/ngircd.conf
+        sed -i "s|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/ngircd/ngircd.conf
+        sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/2" /etc/ngircd/ngircd.conf
+    fi
     sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
     sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
     sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
@@ -607,7 +610,11 @@ function install_irc_bouncer {
     echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
     echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
     echo '  Port = 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '  SSL = true' >> /home/znc/.znc/configs/znc.conf
+    if [[ ${ONION_ONLY} == 'no' ]]; then
+        echo '  SSL = true' >> /home/znc/.znc/configs/znc.conf
+    else
+        echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
+    fi
     echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
     echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
     echo '' >> /home/znc/.znc/configs/znc.conf

src/freedombone-utils-web

@@ -652,78 +652,79 @@ function configure_firewall_for_web_access {
 
 function update_default_domain {
     echo $'Updating default domain'
+    if [[ $ONION_ONLY == 'no' ]]; then
+        if [ -d /etc/prosody ]; then
+            if [ ! -d /etc/prosody/certs ]; then
+                mkdir /etc/prosody/certs
+            fi
 
-    if [ -d /etc/prosody ]; then
-        if [ ! -d /etc/prosody/certs ]; then
-            mkdir /etc/prosody/certs
-        fi
+            if [[ "$(cert_exists chat.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+                sed -i 's|--Component "conference.|Component "chat.|g' /etc/prosody/prosody.cfg.lua
+            fi
+            if [[ "$(cert_exists xmpp.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+                sed -i 's|--Component "conference.|Component "xmpp.|g' /etc/prosody/prosody.cfg.lua
+            fi
+            if [[ "$(cert_exists conference.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+                sed -i 's|--Component "conference.|Component "conference.|g' /etc/prosody/prosody.cfg.lua
+            fi
 
-        if [[ "$(cert_exists chat.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
-            sed -i 's|--Component "conference.|Component "chat.|g' /etc/prosody/prosody.cfg.lua
-        fi
-        if [[ "$(cert_exists xmpp.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
-            sed -i 's|--Component "conference.|Component "xmpp.|g' /etc/prosody/prosody.cfg.lua
-        fi
-        if [[ "$(cert_exists conference.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
-            sed -i 's|--Component "conference.|Component "conference.|g' /etc/prosody/prosody.cfg.lua
-        fi
+            cp /etc/ssl/private/xmpp* /etc/prosody/certs
+            cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
+            cp /etc/ssl/certs/xmpp* /etc/prosody/certs
+            cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
+            if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+                if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
+                    mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
+                fi
+            else
+                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
 
-        cp /etc/ssl/private/xmpp* /etc/prosody/certs
-        cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
-        cp /etc/ssl/certs/xmpp* /etc/prosody/certs
-        cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
-        if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-            if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-                mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
+                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
             fi
-        else
-            sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-            sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-
-            sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
-            sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
-        fi
-        chown -R prosody:prosody /etc/prosody
-        chmod -R 700 /etc/prosody/certs/*
-        systemctl reload prosody
-    fi
-
-    if [ -d /var/lib/mumble-server ]; then
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
-            cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /var/lib/mumble-server/mumble.pem
-            cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /var/lib/mumble-server/mumble.dhparam
-            cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key /var/lib/mumble-server/mumble.key
-            chown -R mumble-server:mumble-server /var/lib/mumble-server
-            chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.pem
-            chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.key
-            chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.dhparam
-            systemctl reload mumble
+            chown -R prosody:prosody /etc/prosody
+            chmod -R 700 /etc/prosody/certs/*
+            systemctl reload prosody
         fi
-    fi
-
-    if [ -d /home/znc/.znc ]; then
-        echo $'znc found'
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
-            pkill znc
-            cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
-            chown znc:znc /home/znc/.znc/znc.pem
-            chmod 700 /home/znc/.znc/znc.pem
 
-            sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
-            sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
-            sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
-            echo $'irc certificates updated'
+        if [ -d /var/lib/mumble-server ]; then
+            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+                cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /var/lib/mumble-server/mumble.pem
+                cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /var/lib/mumble-server/mumble.dhparam
+                cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key /var/lib/mumble-server/mumble.key
+                chown -R mumble-server:mumble-server /var/lib/mumble-server
+                chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.pem
+                chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.key
+                chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.dhparam
+                systemctl reload mumble
+            fi
+        fi
 
-            systemctl restart ngircd
-            su -c 'znc' - znc
+        if [ -d /home/znc/.znc ]; then
+            echo $'znc found'
+            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+                pkill znc
+                cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
+                chown znc:znc /home/znc/.znc/znc.pem
+                chmod 700 /home/znc/.znc/znc.pem
+
+                sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
+                sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
+                sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
+                echo $'irc certificates updated'
+
+                systemctl restart ngircd
+                su -c 'znc' - znc
+            fi
         fi
-    fi
 
-    if [ -d /etc/dovecot ]; then
-        if ! grep -q "ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
-            sed -i "s|#ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
-            sed -i "s|ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
-            systemctl restart dovecot
+        if [ -d /etc/dovecot ]; then
+            if ! grep -q "ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
+                sed -i "s|#ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+                sed -i "s|ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+                systemctl restart dovecot
+            fi
         fi
     fi
 }