Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-adduser

@@ -156,6 +156,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
     userdel -r $ADD_USERNAME
     exit 7
 fi
+
 gpg_agent_setup $ADD_USERNAME
 
 # add a monkeysphere subkey
@@ -239,8 +240,18 @@ if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
     echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
 fi
 
+# fix some gpg strangeness when searching for keys
+printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr
+if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then
+    chmod +x /home/$ADD_USERNAME/.gnupg/crls.d
+fi
+
 ${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
+
+gpg_agent_enable $ADD_USERNAME
+
 clear
+
 echo $"New user $ADD_USERNAME was created"
 echo $"Their login password is $NEW_USER_PASSWORD"
 echo ''

src/freedombone-app-pleroma

@@ -140,8 +140,46 @@ function expire_pleroma_posts {
 
     pleroma_expire_script=/etc/cron.daily/pleroma-expire
     echo '#!/bin/bash' > $pleroma_expire_script
+    echo 'cd /etc/postgresql' >> $pleroma_expire_script
+    echo 'if [ -d /etc/pleroma/tempfiles ]; then' >> $pleroma_expire_script
+    echo '    rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script
+    echo 'fi' >> $pleroma_expire_script
+    echo '' >> $pleroma_expire_script
+    echo '# make directory to temporarily store local avatars' >> $pleroma_expire_script
+    echo 'mkdir /etc/pleroma/tempfiles' >> $pleroma_expire_script
+    echo '' >> $pleroma_expire_script
+    echo '# get the local avatar files' >> $pleroma_expire_script
+    echo "avatars=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'url' from users where avatar->>'url' like '%${domain_name}%'\")" >> $pleroma_expire_script
+    echo '' >> $pleroma_expire_script
+    echo '# copy the avatar files to a temporary directory' >> $pleroma_expire_script
+    echo 'arr=( $avatars )' >> $pleroma_expire_script
+    echo 'for i in "${arr[@]}"; do' >> $pleroma_expire_script
+    echo '    if [[ "$i" == *'/media/'* ]]; then' >> $pleroma_expire_script
+    echo "        imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');" >> $pleroma_expire_script
+    echo '        if [ -f $imagefile ]; then' >> $pleroma_expire_script
+    echo "            imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')" >> $pleroma_expire_script
+    echo '            nowdate=$(date +%s)' >> $pleroma_expire_script
+    echo '            sinceepoch=$(date +%s -r $imagefile)' >> $pleroma_expire_script
+    echo '            daysold=$((($nowdate - $sinceepoch) / 86400))' >> $pleroma_expire_script
+    echo "            if [ \$daysold -ge ${expire_days_files} ]; then" >> $pleroma_expire_script
+    echo '                if [ ! -d /etc/pleroma/tempfiles/$imagedir ]; then' >> $pleroma_expire_script
+    echo '                    mkdir /etc/pleroma/tempfiles/$imagedir' >> $pleroma_expire_script
+    echo '                fi' >> $pleroma_expire_script
+    echo '                cp -rp $imagefile /etc/pleroma/tempfiles/$imagedir' >> $pleroma_expire_script
+    echo '            fi' >> $pleroma_expire_script
+    echo '        fi' >> $pleroma_expire_script
+    echo '    fi' >> $pleroma_expire_script
+    echo 'done' >> $pleroma_expire_script
+    echo '' >> $pleroma_expire_script
+    echo '# delete old files' >> $pleroma_expire_script
     echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
-    echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script
+    echo '' >> $pleroma_expire_script
+    echo '# move avatar files back to uploads' >> $pleroma_expire_script
+    echo 'chown -R pleroma:pleroma /etc/pleroma/tempfiles' >> $pleroma_expire_script
+    echo 'mv /etc/pleroma/tempfiles/* /etc/pleroma/uploads' >> $pleroma_expire_script
+    echo 'rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script
+    echo '' >> $pleroma_expire_script
+    echo '/usr/bin/pleroma-expire-posts 2> /dev/null' >> $pleroma_expire_script
     chmod +x $pleroma_expire_script
 
     # remove any old cron job
@@ -624,6 +662,9 @@ function upgrade_pleroma {
     read_config_param PLEROMA_DOMAIN_NAME
     read_config_param PLEROMA_EXPIRE_MONTHS
 
+    if ! grep -q "/media/" /etc/cron.daily/pleroma-expire; then
+        rm $pleroma_expire_posts_script
+    fi
     if [ ! -f $pleroma_expire_posts_script ]; then
         expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
     fi

src/freedombone-app-riot

@@ -155,15 +155,6 @@ function riot_download {
     fi
     cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs
 
-    # customize the login image
-    if [ -f ~/freedombone/img/logo_riot.png ]; then
-        cp ~/freedombone/img/logo_riot.png /var/www/$RIOT_DOMAIN_NAME/htdocs/img/logo.png
-    else
-        if [ -f /home/$MY_USERNAME/freedombone/img/logo_riot.png ]; then
-            cp /home/$MY_USERNAME/freedombone/img/logo_riot.png /var/www/$RIOT_DOMAIN_NAME/htdocs/img/logo.png
-        fi
-    fi
-
     chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
 }
 

src/freedombone-base-email

@@ -1365,7 +1365,8 @@ function configure_gpg {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
     fi
-    apt-get -yq install gnupg
+    apt-get -yq install gnupg dirmngr
+    printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > ~/.gnupg/S.dirmngr
 
     check_email_address_exists
 
@@ -1390,6 +1391,10 @@ function configure_gpg {
                 chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
                 chmod 700 $gpg_dir
                 chmod 600 $gpg_dir/*
+                printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$MY_USERNAME/.gnupg/S.dirmngr
+                if [ -d /home/$MY_USERNAME/.gnupg/crls.d ]; then
+                    chmod +x /home/$MY_USERNAME/.gnupg/crls.d
+                fi
                 mark_completed $FUNCNAME
                 return
             fi
@@ -1418,6 +1423,10 @@ function configure_gpg {
     chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
     chmod 700 $gpg_dir
     chmod 600 $gpg_dir/*
+    printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > $gpg_dir/S.dirmngr
+    if [ -d $gpg_dir/crls.d ]; then
+        chmod +x $gpg_dir/crls.d
+    fi
 
     if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
         echo $'Importing GPG keys from file'
@@ -1466,6 +1475,10 @@ function configure_gpg {
         cp -r /home/$MY_USERNAME/.gnupg /root/
         chmod 700 /root/.gnupg
         chmod 600 /root/.gnupg/*
+        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
+        if [ -d /root/.gnupg/crls.d ]; then
+            chmod +x /root/.gnupg/crls.d
+        fi
     fi
 
     mark_completed $FUNCNAME

src/freedombone-controlpanel-user

@@ -923,6 +923,7 @@ function menu_top_level {
 }
 
 sign_keys
+gpg_agent_enable $USER
 menu_top_level
 clear
 . ~/.bashrc

src/freedombone-template

@@ -0,0 +1,650 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# Command to create app templates
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PROJECT_NAME='freedombone'
+
+app_name='noapp'
+app_name_lower="$(tr '[:upper:]' '[:lower:]' <<< ${app_name:0:1})${app_name:1}"
+app_name=$app_name_lower
+app_name_upper="$(tr '[:lower:]' '[:upper:]' <<< ${app_name:0:1})${app_name:1}"
+app_repo="TODO"
+app_repo_commit='TODO'
+app_php=
+app_node=
+your_name=''
+your_email=''
+SHOW_ON_ABOUT=1
+database_type=''
+
+function show_help {
+    echo ''
+    echo $"${PROJECT_NAME}-template --app [myappname] --php yes -n \"My Name\" -e \"myname@mydomain\" > src/${PROJECT_NAME}-app-myappname"
+    echo ''
+    echo $'Creates a new app script which can then be filled in'
+    echo ''
+    echo ''
+    echo $'  -h --help                            Show help'
+    echo $'  -a --app [name]                      Name of the application'
+    echo $'  -n --name [name]                     Your name'
+    echo $'  -e --email [address]                 Your email address'
+    echo $'  -r --repo [url]                      Git repo url for the app'
+    echo $'  -c --commit [hash]                   Git commit'
+    echo $'     --node [yes|no]                   Is this a nodejs app?'
+    echo $'  -p --php [yes|no]                    Is this a PHP app?'
+    echo $'  -d --database [mariadb|postgresql]   Type of database'
+    echo ''
+    exit 0
+}
+
+while [[ $# > 1 ]]
+do
+    key="$1"
+
+    case $key in
+        -h|--help)
+            show_help
+            ;;
+        -a|--app|--appname)
+            shift
+            app_name="$1"
+            app_name_lower="$(tr '[:upper:]' '[:lower:]' <<< ${app_name:0:1})${app_name:1}"
+            app_name=$app_name_lower
+            app_name_upper="$(tr '[:lower:]' '[:upper:]' <<< ${app_name:0:1})${app_name:1}"
+            ;;
+        -r|--repo)
+            shift
+            app_repo="$1"
+            ;;
+        -c|--commit)
+            shift
+            app_repo_commit="$1"
+            ;;
+        -n|--name)
+            shift
+            your_name="$1"
+            ;;
+        -e|--email)
+            shift
+            your_email="$1"
+            ;;
+        -d|--database)
+            shift
+            database_type="$1"
+            ;;
+        -p|--php)
+            shift
+            app_php="$1"
+            ;;
+        --node|--nodejs)
+            shift
+            app_node="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
+    shift
+done
+
+if [[ "$app_name" == 'noapp' ]]; then
+    show_help
+    exit 1
+fi
+
+if [[ "$app_name" == *' '* ]]; then
+    echo $'app name should not contain any spaces'
+    exit 2
+fi
+
+if [[ "$app_name" == *'_'* ]]; then
+    echo $'app name should not contain any underscore characters'
+    exit 3
+fi
+
+if [[ "$app_name" == *'-'* ]]; then
+    echo $'app name should not contain any hyphen characters'
+    exit 4
+fi
+
+if [ ${#app_name} -lt 3 ]; then
+    echo $'app name should be at least three characters'
+    exit 5
+fi
+
+if [ ${#your_name} -lt 2 ]; then
+    echo $'Specify your name with --name'
+    exit 6
+fi
+
+if [ ${#your_email} -lt 3 ]; then
+    echo $'Specify your email address with --email'
+    exit 7
+fi
+
+if [[ "$your_email" != *'@'* ]]; then
+    echo $"That doesn't look like an email address"
+    exit 8
+fi
+
+echo '#!/bin/bash'
+echo '#'
+echo '# .---.                  .              .'
+echo '# |                      |              |'
+echo '# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.'
+echo "# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'"
+echo "# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'"
+echo '#'
+echo '#                    Freedom in the Cloud'
+echo '#'
+echo '# License'
+echo '# ======='
+echo '#'
+echo "# Copyright (C) $(date +%Y) ${your_name} <${your_email}>"
+echo '#'
+echo '# This program is free software: you can redistribute it and/or modify'
+echo '# it under the terms of the GNU Affero General Public License as published by'
+echo '# the Free Software Foundation, either version 3 of the License, or'
+echo '# (at your option) any later version.'
+echo '#'
+echo '# This program is distributed in the hope that it will be useful,'
+echo '# but WITHOUT ANY WARRANTY; without even the implied warranty of'
+echo '# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the'
+echo '# GNU Affero General Public License for more details.'
+echo '#'
+echo '# You should have received a copy of the GNU Affero General Public License'
+echo '# along with this program.  If not, see <http://www.gnu.org/licenses/>.'
+echo ''
+echo "VARIANTS='full full-vim'"
+echo ''
+echo 'IN_DEFAULT_INSTALL=0'
+echo "SHOW_ON_ABOUT=${SHOW_ON_ABOUT}"
+echo ''
+echo "${app_name_upper}_DOMAIN_NAME="
+echo "${app_name_upper}_CODE="
+echo "${app_name_upper}_ONION_PORT=$(( ( RANDOM % 1000 )  + 9010 ))"
+echo "${app_name_upper}_REPO=\"${app_repo}\""
+echo "${app_name_upper}_COMMIT='${app_repo_commit}'"
+echo ''
+echo "${app_name}=(ONION_ONLY"
+echo "             ${app_name_upper}_DOMAIN_NAME"
+echo "             ${app_name_upper}_CODE"
+echo '             DDNS_PROVIDER'
+echo "             MY_USERNAME)"
+echo ''
+echo "function logging_on_${app_name} {"
+echo "    echo -n ''"
+echo "}"
+echo ''
+echo "function logging_off_${app_name} {"
+echo "    echo -n ''"
+echo '}'
+echo ''
+echo "function remove_user_${app_name} {"
+echo '    remove_username="$1"'
+echo ''
+echo "    \${PROJECT_NAME}-pass -u \$remove_username --rmapp ${app_name}"
+echo '}'
+echo ''
+echo "function add_user_${app_name} {"
+echo '    new_username="$1"'
+echo '    new_user_password="$2"'
+echo ''
+echo "    \${PROJECT_NAME}-pass -u \$new_username -a ${app_name} -p \"\$new_user_password\""
+echo "    echo '0'"
+echo '}'
+echo ''
+echo "function install_interactive_${app_name} {"
+echo '    if [ ! $ONION_ONLY ]; then'
+echo "        ONION_ONLY='no'"
+echo '    fi'
+echo ''
+echo '    if [[ $ONION_ONLY != "no" ]]; then'
+echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
+echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
+echo '    else'
+echo "        interactive_site_details \"${app_name}\" \"${app_name_upper}_DOMAIN_NAME\" \"${app_name}_CODE\""
+echo '    fi'
+echo '    APP_INSTALLED=1'
+echo '}'
+echo ''
+echo "function change_password_${app_name} {"
+echo '    curr_username="$1"'
+echo '    new_user_password="$2"'
+echo ''
+echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
+echo ''
+echo "    \${PROJECT_NAME}-pass -u \"\$curr_username\" -a ${app_name} -p \"\$new_user_password\""
+echo '}'
+
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* ]]; then
+    echo ''
+    echo "function ${app_name}_create_database {"
+    echo '    if [ -f $IMAGE_PASSWORD_FILE ]; then'
+    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf `cat $IMAGE_PASSWORD_FILE`)\""
+    echo '    else'
+    echo "        if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then"
+    echo "            ${app_name_upper}_ADMIN_PASSWORD=\"\$(create_password \${MINIMUM_PASSWORD_LENGTH})\""
+    echo '        fi'
+    echo '    fi'
+    echo "    if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then"
+    echo '        return'
+    echo '    fi'
+    echo ''
+    if [[ "$database_type" != "postgres"* ]]; then
+        echo "    create_database ${app_name} \"\$${app_name_upper}_ADMIN_PASSWORD\" \$MY_USERNAME"
+    else
+        echo '    systemctl restart postgresql'
+        echo "    run_system_query_postgresql \"CREATE USER peertube WITH PASSWORD '\$${app_name_upper}_ADMIN_PASSWORD';\""
+        echo "    run_system_query_postgresql \"CREATE DATABASE ${app_name} OWNER ${app_name};\""
+        echo "    run_system_query_postgresql \"GRANT ALL PRIVILEGES ON DATABASE ${app_name} to ${app_name};\""
+        echo "    run_system_query_postgresql \"set statement_timeout to 40000;\""
+    fi
+    echo '}'
+fi
+echo ''
+echo "function reconfigure_${app_name} {"
+echo '    # This is used if you need to switch identity. Dump old keys and generate new ones'
+echo "    echo -n ''"
+echo '}'
+echo ''
+echo "function configure_interactive_${app_name} {"
+echo '    while true'
+echo '    do'
+echo '        data=$(tempfile 2>/dev/null)'
+echo '        trap "rm -f $data" 0 1 2 5 15'
+echo "        dialog --backtitle \$\"Freedombone Control Panel\" \\"
+echo "               --title \$\"${app_name}\" \\"
+echo "               --radiolist \$\"Choose an operation:\" 16 70 3 \\"
+echo '               1 $"Option 1" off \'
+echo '               2 $"Option 2" off \'
+echo '               3 $"Exit" on 2> $data'
+echo '        sel=$?'
+echo '        case $sel in'
+echo '            1) return;;'
+echo '            255) return;;'
+echo '        esac'
+echo '        case $(cat $data) in'
+echo '            1) # call some function for option 1'
+echo '               ;;'
+echo '            2) # call some function for option 2'
+echo '               ;;'
+echo '            3) break;;'
+echo '        esac'
+echo '    done'
+echo '}'
+echo ''
+echo "function upgrade_${app_name} {"
+echo "    CURR_${app_name_upper}_COMMIT=\$(get_completion_param \"${app_name} commit\")"
+echo "    if [[ \"\$CURR_${app_name_upper}_COMMIT\" == \"\$${app_name_upper}_COMMIT\" ]]; then"
+echo '        return'
+echo '    fi'
+echo ''
+echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+echo '    fi'
+echo ''
+echo '    # update to the next commit'
+echo "    set_repo_commit /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
+echo "    chown -R www-data:www-data /var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+echo '}'
+echo ''
+echo "function backup_local_${app_name} {"
+echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
+echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+echo '    fi'
+echo ''
+echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+echo ''
+echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
+echo ''
+echo "    dest_directory=${app_name}"
+echo '    backup_directory_to_usb $source_directory $dest_directory'
+echo ''
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo "    backup_database_to_usb ${app_name}"
+    echo ''
+fi
+if [[ "$database_type" == "postgres"* ]]; then
+    echo '    USE_POSTGRESQL=1'
+    echo "    backup_database_to_usb ${app_name}"
+    echo ''
+fi
+echo '    restart_site'
+echo '}'
+echo ''
+echo "function restore_local_${app_name} {"
+echo "    if ! grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo '        return'
+echo '    fi'
+echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "        temp_restore_dir=/root/temp${app_name}"
+echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+echo ''
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo "        ${app_name}_create_database"
+    echo ''
+    echo "        restore_database ${app_name}"
+    echo '        if [ -d $temp_restore_dir ]; then'
+    echo '            rm -rf $temp_restore_dir'
+    echo '        fi'
+    echo ''
+fi
+if [[ "$database_type" == "postgres"* ]]; then
+    echo "        ${app_name}_create_database"
+    echo ''
+    echo '        USE_POSTGRESQL=1'
+    echo "        restore_database ${app_name}"
+    echo '        if [ -d $temp_restore_dir ]; then'
+    echo '            rm -rf $temp_restore_dir'
+    echo '        fi'
+    echo ''
+fi
+echo "        restore_directory_from_usb \$temp_restore_dir ${app_name}"
+echo '        if [ -d $temp_restore_dir ]; then'
+echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
+echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
+echo '            else'
+echo "                if [ ! -d \$${app_name}_dir ]; then"
+echo "                    mkdir \$${app_name}_dir"
+echo '                fi'
+echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
+echo '            fi'
+echo "            chown -R www-data:www-data \$${app_name}_dir"
+echo '            rm -rf $temp_restore_dir'
+echo '        fi'
+echo ''
+echo '    fi'
+echo '}'
+echo ''
+echo "function backup_remote_${app_name} {"
+echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
+echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+echo '    fi'
+echo ''
+echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+echo ''
+echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
+echo ''
+echo "    dest_directory=${app_name}"
+echo '    backup_directory_to_friend $source_directory $dest_directory'
+echo ''
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo "    backup_database_to_friend ${app_name}"
+fi
+if [[ "$database_type" == "postgres"* ]]; then
+    echo '    USE_POSTGRESQL=1'
+    echo "    backup_database_to_friend ${app_name}"
+    echo ''
+fi
+echo ''
+echo '    restart_site'
+echo '}'
+echo ''
+echo "function restore_remote_${app_name} {"
+echo "    if ! grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo '        return'
+echo '    fi'
+echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "        temp_restore_dir=/root/temp${app_name}"
+echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+echo ''
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo "        ${app_name}_create_database"
+    echo ''
+    echo "        restore_database_from_friend ${app_name}"
+    echo '        if [ -d $temp_restore_dir ]; then'
+    echo '            rm -rf $temp_restore_dir'
+    echo '        fi'
+    echo ''
+fi
+if [[ "$database_type" == "postgres"* ]]; then
+    echo "        ${app_name}_create_database"
+    echo ''
+    echo '        USE_POSTGRESQL=1'
+    echo "        restore_database_from_friend ${app_name}"
+    echo '        if [ -d $temp_restore_dir ]; then'
+    echo '            rm -rf $temp_restore_dir'
+    echo '        fi'
+    echo ''
+fi
+echo "        restore_directory_from_friend \$temp_restore_dir ${app_name}"
+echo '        if [ -d $temp_restore_dir ]; then'
+echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
+echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
+echo '            else'
+echo "                if [ ! -d \$${app_name}_dir ]; then"
+echo "                    mkdir \$${app_name}_dir"
+echo '                fi'
+echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
+echo '            fi'
+echo "            chown -R www-data:www-data \$${app_name}_dir"
+echo '            rm -rf $temp_restore_dir'
+echo '        fi'
+echo ''
+echo '    fi'
+echo '}'
+echo ''
+echo "function remove_${app_name} {"
+if [[ "$app_node" == 'yes' ]]; then
+    echo "    remove_nodejs ${app_name}"
+    echo ''
+fi
+echo "    nginx_dissite \$${app_name_upper}_DOMAIN_NAME"
+echo "    remove_certs \$${app_name_upper}_DOMAIN_NAME"
+echo ''
+echo "    if [ -d /var/www/\$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "        rm -rf /var/www/\$${app_name_upper}_DOMAIN_NAME"
+echo '    fi'
+echo "    if [ -f /etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "        rm /etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
+echo '    fi'
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo "    drop_database ${app_name}"
+fi
+if [[ "$database_type" == "postgres"* ]]; then
+    echo "    drop_database_postgresql ${app_name}"
+fi
+echo "    remove_onion_service ${app_name} \${${app_name_upper}_ONION_PORT}"
+echo "    if grep -q \"${app_name}\" /etc/crontab; then"
+echo "        sed -i \"/${app_name}/d\" /etc/crontab"
+echo '    fi'
+echo "    remove_app ${app_name}"
+echo "    remove_completion_param install_${app_name}"
+echo "    sed -i '/${app_name}/d' \$COMPLETION_FILE"
+echo ''
+echo "    if grep -q '${app_name}-firewall' /etc/crontab; then"
+echo "        sed -i '/${app_name}-firewall/d' /etc/crontab"
+echo '    fi'
+echo ''
+echo "    remove_ddns_domain \$${app_name_upper}_DOMAIN_NAME"
+echo '}'
+echo ''
+echo "function install_${app_name} {"
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo '    install_mariadb'
+    echo ''
+    echo '    get_mariadb_password'
+    echo ''
+fi
+if [[ "$database_type" == "postgres"* ]]; then
+    echo '    install_postgresql'
+    echo ''
+fi
+if [[ "$app_node" == 'yes' ]]; then
+    echo "install_nodejs ${app_name}"
+fi
+if [[ "$app_php" == 'yes' ]]; then
+    echo '    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl'
+    echo '    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl'
+    echo ''
+fi
+echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "        mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME"
+echo '    fi'
+echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
+echo "        if [ -d /repos/${app_name} ]; then"
+echo "            mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo "            cp -r -p /repos/${app_name}/. /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo "            cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo '            git pull'
+echo '        else'
+echo "            git_clone \$${app_name_upper}_REPO /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo '        fi'
+echo ''
+echo "        if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
+echo "            echo \$'Unable to clone ${app_name} repo'"
+echo '            exit 87525'
+echo '        fi'
+echo '    fi'
+echo ''
+echo "    cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo "    git checkout \$${app_name_upper}_COMMIT -b \$${app_name_upper}_COMMIT"
+echo "    set_completion_param \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\""
+echo ''
+echo "    chmod g+w /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo "    chown -R www-data:www-data /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo ''
+    echo "    ${app_name}_create_database"
+fi
+echo ''
+echo "    add_ddns_domain \$${app_name_upper}_DOMAIN_NAME"
+echo ''
+echo "    ${app_name_upper}_ONION_HOSTNAME=\$(add_onion_service ${app_name} 80 \${${app_name_upper}_ONION_PORT})"
+echo ''
+echo "    ${app_name}_nginx_site=/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
+echo '    if [[ $ONION_ONLY == "no" ]]; then'
+if [[ "$app_php" == 'yes' ]]; then
+    echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.php\""
+else
+    echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.html\""
+fi
+echo "        echo 'server {' >> \$${app_name}_nginx_site"
+echo "        echo '  listen 443 ssl;' >> \$${app_name}_nginx_site"
+echo "        echo '  listen [::]:443 ssl;' >> \$${app_name}_nginx_site"
+echo "        echo \"  server_name \$${app_name_upper}_DOMAIN_NAME;\" >> \$${app_name}_nginx_site"
+echo "        echo '' >> \$${app_name}_nginx_site"
+echo "        nginx_compress \$${app_name_upper}_DOMAIN_NAME"
+echo "        echo '' >> \$${app_name}_nginx_site"
+echo "        echo '  # Security' >> \$${app_name}_nginx_site"
+echo "        nginx_ssl \$${app_name_upper}_DOMAIN_NAME"
+echo ''
+echo "        nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
+echo ''
+echo "        echo '  add_header Strict-Transport-Security max-age=15768000;' >> \$${app_name}_nginx_site"
+echo "        echo '' >> \$${app_name}_nginx_site"
+echo "        echo '  # Logs' >> \$${app_name}_nginx_site"
+echo "        echo '  access_log /dev/null;' >> \$${app_name}_nginx_site"
+echo "        echo '  error_log /dev/null;' >> \$${app_name}_nginx_site"
+echo "        echo '' >> \$${app_name}_nginx_site"
+echo "        echo '  # Root' >> \$${app_name}_nginx_site"
+echo "        echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$${app_name}_nginx_site"
+echo "        echo '' >> \$${app_name}_nginx_site"
+if [[ "$app_php" == 'yes' ]]; then
+    echo "        echo '  index index.php;' >> \$${app_name}_nginx_site"
+    echo "        echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+    echo "        echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
+    echo "        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
+    echo "        echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
+    echo "        echo '  }' >> \$${app_name}_nginx_site"
+    echo "        echo '' >> \$${app_name}_nginx_site"
+else
+    echo "        echo '  index index.html;' >> \$${app_name}_nginx_site"
+fi
+echo "        echo '  # Location' >> \$${app_name}_nginx_site"
+echo "        echo '  location / {' >> \$${app_name}_nginx_site"
+echo "        nginx_limits \$${app_name_upper}_DOMAIN_NAME '15m'"
+echo "        echo '    try_files \$uri \$uri/ @${app_name};' >> \$${app_name}_nginx_site"
+echo "        echo '  }' >> \$${app_name}_nginx_site"
+echo "        echo '}' >> \$${app_name}_nginx_site"
+echo '    else'
+echo "        echo -n '' > \$${app_name}_nginx_site"
+echo '    fi'
+echo "    echo 'server {' >> \$${app_name}_nginx_site"
+echo "    echo \"    listen 127.0.0.1:\$${app_name_upper}_ONION_PORT default_server;\" >> \$${app_name}_nginx_site"
+echo "    echo \"    server_name \$${app_name_upper}_ONION_HOSTNAME;\" >> \$${app_name}_nginx_site"
+echo "    echo '' >> \$${app_name}_nginx_site"
+echo "    nginx_compress \$${app_name_upper}_DOMAIN_NAME"
+echo "    echo '' >> \$${app_name}_nginx_site"
+echo "    nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
+echo "    echo '' >> \$${app_name}_nginx_site"
+echo "    echo '  # Logs' >> \$${app_name}_nginx_site"
+echo "    echo '  access_log /dev/null;' >> \$${app_name}_nginx_site"
+echo "    echo '  error_log /dev/null;' >> \$${app_name}_nginx_site"
+echo "    echo '' >> \$${app_name}_nginx_site"
+echo "    echo '  # Root' >> \$${app_name}_nginx_site"
+echo "    echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$${app_name}_nginx_site"
+echo "    echo '' >> \$${app_name}_nginx_site"
+if [[ "$app_php" == 'yes' ]]; then
+    echo "    echo '  index index.php;' >> \$${app_name}_nginx_site"
+    echo "    echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+    echo "    echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
+    echo "    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
+    echo "    echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
+    echo "    echo '  }' >> \$${app_name}_nginx_site"
+    echo "    echo '' >> \$${app_name}_nginx_site"
+else
+    echo "        echo '  index index.html;' >> \$${app_name}_nginx_site"
+fi
+echo "    echo '  # Location' >> \$${app_name}_nginx_site"
+echo "    echo '  location / {' >> \$${app_name}_nginx_site"
+echo "    nginx_limits \$${app_name_upper}_DOMAIN_NAME '15m'"
+echo "    echo '    try_files \$uri \$uri/ @${app_name};' >> \$${app_name}_nginx_site"
+echo "    echo '  }' >> \$${app_name}_nginx_site"
+echo "    echo '}' >> \$${app_name}_nginx_site"
+if [[ "$app_php" == 'yes' ]]; then
+    echo ''
+    echo '    configure_php'
+fi
+echo ''
+echo "    create_site_certificate \$${app_name_upper}_DOMAIN_NAME 'yes'"
+echo ''
+echo "    nginx_ensite \$${app_name_upper}_DOMAIN_NAME"
+echo ''
+if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo '    systemctl restart mariadb'
+fi
+if [[ "$app_php" == 'yes' ]]; then
+    echo '    systemctl restart php7.0-fpm'
+fi
+echo '    systemctl restart nginx'
+echo ''
+echo "    \${PROJECT_NAME}-pass -u \$MY_USERNAME -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
+echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
+echo ''
+echo '    APP_INSTALLED=1'
+echo '}'
+echo ''
+echo '# NOTE: deliberately there is no "exit 0"'

src/freedombone-utils-backup

@@ -70,7 +70,8 @@ function configure_backup_key {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
     fi
-    apt-get -yq install gnupg
+    apt-get -yq install gnupg dirmngr
+    printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > ~/.gnupg/S.dirmngr
 
     BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)")
     if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then

src/freedombone-utils-gpg

@@ -144,10 +144,18 @@ function gpg_set_permissions {
     if [[ "$key_username" != 'root' ]]; then
         chmod 700 /home/$key_username/.gnupg
         chmod -R 600 /home/$key_username/.gnupg/*
+        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr
+        if [ -d /home/$key_username/.gnupg/crls.d ]; then
+            chmod +x /home/$key_username/.gnupg/crls.d
+        fi
         chown -R $key_username:$key_username /home/$key_username/.gnupg
     else
         chmod 700 /root/.gnupg
         chmod -R 600 /root/.gnupg/*
+        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
+        if [ -d /root/.gnupg/crls.d ]; then
+            chmod +x /root/.gnupg/crls.d
+        fi
         chown -R $key_username:$key_username /root/.gnupg
     fi
 }
@@ -252,7 +260,38 @@ function gpg_agent_setup {
         if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
             echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
         fi
-        su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+        if [[ "$gpg_username" != "$USER" ]]; then
+            su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+        else
+            echo RELOADAGENT | gpg-connect-agent
+        fi
+    fi
+}
+
+function gpg_agent_enable {
+    gpg_username=$1
+
+    if [[ $gpg_username == 'root' ]]; then
+        return
+    else
+        if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
+            sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc
+            chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+        fi
+        if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
+           sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf
+        fi
+        if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
+            sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf
+        fi
+        if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
+            rm /home/$gpg_username/.gnupg/gpg-agent.conf
+        fi
+        if [[ "$gpg_username" != "$USER" ]]; then
+            su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+        else
+            echo RELOADAGENT | gpg-connect-agent
+        fi
     fi
 }
 

src/freedombone-utils-keys

@@ -264,6 +264,10 @@ function interactive_key_recovery {
         cp -rf /home/$MY_USERNAME/.gnupg /root
         chmod 700 /root/.gnupg
         chmod 600 /root/.gnupg/*
+        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
+        if [ -d /root/.gnupg/crls.d ]; then
+            chmod +x /root/.gnupg/crls.d
+        fi
     fi
 }
 

src/freedombone-utils-postgresql

@@ -145,10 +145,7 @@ function run_query_postgresql_with_output {
     database_name=$1
     database_query=$2
     cd /etc/postgresql
-    output=$(sudo -u postgres psql -d $database_name -c << EOF
-$database_query
-EOF
-)
+    output=$(sudo -u postgres psql -d $database_name -c "$database_query")
     echo "$output"
 }