freedombone/src/freedombone-app-scuttlebot

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# scuttlebot pub application. Enables nat traversal for SSB.
# https://scuttlebot.io
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim social'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SHOW_ICANN_ADDRESS_ON_ABOUT=0

SCUTTLEBOT_DOMAIN_NAME=
SCUTTLEBOT_CODE=
SCUTTLEBOT_VERSION='10.4.6'
SCUTTLEBOT_PORT=8010
SCUTTLEBOT_ONION_PORT=8623
GIT_SSB_PORT=7718
NGINX_GIT_SSB_PORT=7719

scuttlebot_variables=(MY_USERNAME
                      SCUTTLEBOT_DOMAIN_NAME
                      SCUTTLEBOT_CODE
                      DEFAULT_DOMAIN_NAME
                      SYSTEM_TYPE)

function logging_on_scuttlebot {
    echo -n ''
}

function logging_off_scuttlebot {
    echo -n ''
}

function scuttlebot_create_invite {
    invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')

    clear
    echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
    # shellcheck disable=SC2034
    read -n1 -r -p $"Press any key to continue..." key
}

function configure_interactive_scuttlebot {
    W=(1 $"Create an invite")

    while true
    do
        # shellcheck disable=SC2068
        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Scuttlebot" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)

        if [ ! "$selection" ]; then
            break
        fi

        case $selection in
            1) scuttlebot_create_invite;;
        esac
    done
}

function remove_user_scuttlebot {
    echo -n ''
#    remove_username="$1"
}

function add_user_scuttlebot {
#    new_username="$1"
#    new_user_password="$2"
    echo '0'
}

function install_interactive_scuttlebot {
    if [[ $ONION_ONLY != "no" ]]; then
        SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
        write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details scuttlebot
    fi
    APP_INSTALLED=1
}

function change_password_scuttlebot {
#    new_username="$1"
#    new_user_password="$2"
    echo '0'
}

function reconfigure_scuttlebot {
    if [ -d /etc/scuttlebot/.ssb ]; then
        systemctl stop scuttlebot
        rm -rf /etc/scuttlebot/.ssb
        systemctl start scuttlebot
    fi
}

function upgrade_scuttlebot {
    if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
        return
    fi

    CURR_SCUTTLEBOT_VERSION=$(get_completion_param "scuttlebot version")
    echo "scuttlebot current version: ${CURR_SCUTTLEBOT_VERSION}"
    echo "scuttlebot app version: ${SCUTTLEBOT_VERSION}"
    if [[ "${CURR_SCUTTLEBOT_VERSION}" == "${SCUTTLEBOT_VERSION}" ]]; then
        return
    fi

    if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
        return
    fi
    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
}

function backup_local_scuttlebot {
    if [ -d /etc/scuttlebot/.ssb ]; then
        systemctl stop scuttlebot
        function_check backup_directory_to_usb
        backup_directory_to_usb /etc/scuttlebot/.ssb scuttlebot
        systemctl start scuttlebot
    fi
}

function restore_local_scuttlebot {
    if [ -d /etc/scuttlebot ]; then
        systemctl stop scuttlebot
        temp_restore_dir=/root/tempscuttlebot
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir scuttlebot
        if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
            cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
        else
            cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
        fi
        systemctl start scuttlebot
        rm -rf $temp_restore_dir
    fi
}

function backup_remote_scuttlebot {
    if [ -d /etc/scuttlebot/.ssb ]; then
        systemctl stop scuttlebot
        function_check backup_directory_to_friend
        backup_directory_to_friend /etc/scuttlebot/.ssb scuttlebot
        systemctl start scuttlebot
    fi
}

function restore_remote_scuttlebot {
    if [ -d /etc/scuttlebot ]; then
        systemctl stop scuttlebot
        temp_restore_dir=/root/tempscuttlebot
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir scuttlebot
        if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
            cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
        else
            cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
        fi
        systemctl start scuttlebot
        rm -rf $temp_restore_dir
    fi
}

function remove_scuttlebot {
    firewall_remove ${SCUTTLEBOT_PORT}
    firewall_remove ${GIT_SSB_PORT}

    if [ $SCUTTLEBOT_DOMAIN_NAME ]; then
        nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
        rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
    fi

    systemctl stop git_ssb
    systemctl stop scuttlebot
    systemctl disable git_ssb
    systemctl disable scuttlebot
    rm /etc/systemd/system/git_ssb.service
    rm /etc/systemd/system/scuttlebot.service
    systemctl daemon-reload

    userdel -r scuttlebot

    if [ -d /etc/scuttlebot ]; then
        rm -rf /etc/scuttlebot
    fi
    if [ -f /usr/bin/git-ssb-create ]; then
        rm /usr/bin/git-ssb-create
    fi

    remove_completion_param install_scuttlebot
    sed -i '/scuttlebot /d' "$COMPLETION_FILE"
}

function git_ssb_script {
    if [[ "$1" == "mesh" ]]; then
        # shellcheck disable=SC2154
        git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
        git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
    else
        git_ssb_script_name=/usr/bin/git-ssb-create
        git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
    fi
    { echo '#!/bin/bash';
      echo "reponame=\"\$1\"";
      echo '';
      echo "if [[ \"\$reponame\" != \"\" ]]; then";
      echo "  mkdir \$reponame";
      echo "  cd \$reponame";
      echo '  git init';
      echo "  git ssb create ssb \$reponame";
      echo '  git push --tags ssb master';
      echo 'fi';
      echo 'exit 0'; } > $git_ssb_script_name
    chmod +x $git_ssb_script_name

    { echo '[Unit]';
      echo 'Description=Git SSB (SSB git web interface)';
      echo 'After=syslog.target';
      echo 'After=network.target';
      echo 'After=scuttlebot.target';
      echo '';
      echo '[Service]';
      echo 'Type=simple';
      echo 'User=scuttlebot';
      echo 'Group=scuttlebot';
      echo "WorkingDirectory=/etc/scuttlebot";
      echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
      echo 'Restart=always';
      echo 'Environment="USER=scuttlebot"';
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
}

function scuttlebot_git_setup {
    if [[ "$1" == "mesh" ]]; then
        if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
            mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
        fi
        if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
            echo $'Could not find foundation.css'
            exit 347687245
        fi
        cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"

        git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
        { echo 'server {';
          echo "  listen $NGINX_GIT_SSB_PORT default_server;";
          echo "  server_name P${PEER_ID}.local;";
          echo '';
          echo '  access_log /dev/null;';
          echo '  error_log /dev/null;';
          echo '';
          echo '  add_header X-XSS-Protection "1; mode=block";';
          echo '  add_header X-Content-Type-Options nosniff;';
          echo '  add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
    else
        if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
            exit 7357225
        fi

        if [ ! -d /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
            mkdir /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
        fi
        if [ ! -f /usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
            echo $'Could not find foundation.css'
            exit 347687245
        fi
        cp /usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css

        git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
        function_check nginx_http_redirect
        nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
        { echo 'server {';
          echo '  listen 443 ssl;';
          echo '  #listen [::]:443 ssl;';
          echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;";
          echo ''; } >> $git_ssb_nginx_site
        function_check nginx_compress
        nginx_compress $SCUTTLEBOT_DOMAIN_NAME
        echo '' >> "$git_ssb_nginx_site"
        echo '  # Security' >> "$git_ssb_nginx_site"
        function_check nginx_ssl
        nginx_ssl $SCUTTLEBOT_DOMAIN_NAME

        function_check nginx_security_options
        nginx_security_options $SCUTTLEBOT_DOMAIN_NAME
    fi

    { echo '';
      echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
      echo '';
      echo '  location = / {';
      echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
      echo "    proxy_set_header X-Real-IP \$remote_addr;";
      echo "    proxy_set_header Host \$host;";
      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
      echo '    proxy_http_version 1.1;';
      echo "    proxy_set_header Upgrade \$http_upgrade;";
      echo '    proxy_set_header Connection upgrade;';
      echo '  }';
      echo '}'; } >> $git_ssb_nginx_site

    if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
        { echo '';
          echo 'server {';
          echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
          echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
          echo '';
          echo '  access_log /dev/null;';
          echo '  error_log /dev/null;';
          echo '';
          echo '  add_header X-XSS-Protection "1; mode=block";';
          echo '  add_header X-Content-Type-Options nosniff;';
          echo '  add_header X-Frame-Options SAMEORIGIN;';
          echo '';
          echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
          echo '';
          echo '  location = / {';
          echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
          echo "    proxy_set_header X-Real-IP \$remote_addr;";
          echo "    proxy_set_header Host \$host;";
          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
          echo '    proxy_http_version 1.1;';
          echo "    proxy_set_header Upgrade \$http_upgrade;";
          echo '    proxy_set_header Connection upgrade;';
          echo '  }';
          echo '}'; } >> $git_ssb_nginx_site
    fi
    if [[ "$1" != "mesh" ]]; then
        nginx_ensite git_ssb
    fi
}

function mesh_install_dat {
    get_npm_arch

    cat <<EOF > "$rootdir/usr/bin/install_dat"
#!/bin/bash
npm install --arch=$NPM_ARCH -g dat
EOF
    chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
    chroot "$rootdir" /usr/bin/install_dat
    rm "$rootdir/usr/bin/install_dat"
}

function install_dat {
    npm install -g dat
}

function mesh_install_scuttlebot {
    SCUTTLEBOT_ONION_HOSTNAME=

    mesh_install_dat

    get_npm_arch

    cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
#!/bin/bash
npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
npm install --arch=$NPM_ARCH -g git-ssb
npm install --arch=$NPM_ARCH -g git-remote-ssb
EOF
    chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
    chroot "$rootdir" /usr/bin/install_scuttlebot
    rm "$rootdir/usr/bin/install_scuttlebot"

    if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
        echo $'Scuttlebot was not installed'
        exit 528253
    fi

    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
        mkdir -p "$rootdir/etc/scuttlebot"
    fi

    # an unprivileged user to run as
    chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot

    # daemon
    { echo '[Unit]';
      echo 'Description=Scuttlebot (messaging system)';
      echo 'After=syslog.target';
      echo 'After=network.target';
      echo '';
      echo '[Service]';
      echo 'Type=simple';
      echo 'User=scuttlebot';
      echo 'Group=scuttlebot';
      echo "WorkingDirectory=/etc/scuttlebot";
      echo 'ExecStart=/usr/local/bin/sbot server';
      echo 'Restart=always';
      echo 'Environment="USER=scuttlebot"';
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"

    scuttlebot_git_setup mesh
    git_ssb_script mesh
}

function install_scuttlebot {
    function_check install_nodejs
    install_nodejs scuttlebot

    npm install -g scuttlebot@${SCUTTLEBOT_VERSION}
    if [ ! -f /usr/local/bin/sbot ]; then
        exit 528253
    fi

    install_dat
    npm install -g git-ssb
    npm install -g git-remote-ssb

    if [ ! -d /etc/scuttlebot ]; then
        mkdir -p /etc/scuttlebot
    fi

    npm install -g dat

    # an unprivileged user to run as
    useradd -d /etc/scuttlebot/ scuttlebot

    # daemon
    { echo '[Unit]';
      echo 'Description=Scuttlebot (messaging system)';
      echo 'After=syslog.target';
      echo 'After=network.target';
      echo '';
      echo '[Service]';
      echo 'Type=simple';
      echo 'User=scuttlebot';
      echo 'Group=scuttlebot';
      echo "WorkingDirectory=/etc/scuttlebot";
      echo 'ExecStart=/usr/local/bin/sbot server';
      echo 'Restart=always';
      echo 'Environment="USER=scuttlebot"';
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service

    chown -R scuttlebot:scuttlebot /etc/scuttlebot

    # files gw_name myhostname mdns4_minimal [NOTFOUND=return] dns
    sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf

    # start the daemon
    systemctl enable scuttlebot.service
    systemctl daemon-reload
    systemctl start scuttlebot.service

    sleep 3

    if [ ! -d /etc/scuttlebot/.ssb ]; then
        echo $'Scuttlebot config not generated'
        exit 73528
    fi

    SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})

    if [[ "$ONION_ONLY" == 'no' ]]; then
        { echo '{';
          echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
          echo '  "tor-only": false,'; } > /etc/scuttlebot/.ssb/config
    else
        { echo '{';
          echo "  \"host\": \"${SCUTTLEBOT_ONION_HOSTNAME}\",";
          echo '  "tor-only": true,'; } > /etc/scuttlebot/.ssb/config
    fi

    { echo "  \"port\": ${SCUTTLEBOT_PORT},";
      echo '  "timeout": 30000,';
      echo '  "pub": true,';
      echo '  "local": true,';
      echo '  "friends": {';
      echo '    "dunbar": 150,';
      echo '    "hops": 3';
      echo '  },';
      echo '  "gossip": {';
      echo '    "connections": 2';
      echo '  },';
      echo '  "master": [],';
      echo '  "logging": {';
      echo '    "level": "error"';
      echo '  }';
      echo '}'; } >> /etc/scuttlebot/.ssb/config
    chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
    systemctl restart scuttlebot.service

    firewall_add scuttlebot ${SCUTTLEBOT_PORT}
    firewall_add git_ssb ${GIT_SSB_PORT}

    scuttlebot_git_setup
    git_ssb_script

    systemctl enable git_ssb.service
    systemctl daemon-reload
    systemctl start git_ssb.service

    function_check create_site_certificate
    create_site_certificate ${SCUTTLEBOT_DOMAIN_NAME} 'yes'

    systemctl restart nginx

    if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
    else
        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
    fi

    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0