freedombone/src/freedombone-app-ghost

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Ghost blog
#
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS="full full-vim writer"

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

GHOST_DOMAIN_NAME=
GHOST_CODE=
GHOST_ONION_PORT=8104
GHOST_VERSION='0.11.3'
GHOST_PORT=2368

ghost_variables=(GHOST_VERSION
                 GHOST_DOMAIN_NAME
                 GHOST_CODE
                 GHOST_ADMIN_PASSWORD
                 ONION_ONLY
                 DDNS_PROVIDER
                 MY_USERNAME)

function ghost_replace_jquery {
    sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" content/themes/casper/default.hbs
    sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" core/server/data/migration/fixtures/004/01-move-jquery-with-alert.js
    sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" node_modules/gscan/app/tpl/layouts/default.hbs
}

function ghost_remove_offsite_links {
    cd /var/www/$GHOST_DOMAIN_NAME/htdocs

    # remove google font links
    # Note that the privacy options in config.js aren't sufficient to remove Google's tentacles
    sed -i "s/fonts.googleapis.com/$GHOST_DOMAIN_NAME/g" content/themes/casper/default.hbs
    sed -i "s/fonts.googleapis.com/$GHOST_DOMAIN_NAME/g" core/server/apps/amp/lib/views/amp.hbs

    # copy jquery locally
    previous_jquery_version='1.12.0'
    jquery_version='1.12.4'
    if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
        wget https://code.jquery.com/jquery-${jquery_version}.js
        jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
        if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
            echo $'Unexpected jquery hash value'
            exit 258442
        fi
    fi
    ghost_replace_jquery
    previous_jquery_version='1.11.3'
    ghost_replace_jquery
}

function ghost_replace_proprietary_services {
    replace_file=$1

    sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file
    sed -i 's|Twitter Username|GNU Social Username|g' $replace_file
    sed -i 's|twitter.com|quitter.se|g' $replace_file
    sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file
    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file
    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file
    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file
    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file
    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file
    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file
    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file
    sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file
    sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file
    sed -i 's|facebook value|hubzilla value|g' $replace_file

    sed -i '/<section class="share">/,/<\/section>/d' $replace_file
}

function ghost_replace_services {
    ghost_replace_proprietary_services /var/www/${GHOST_DOMAIN_NAME}/htdocs/core/built/assets/ghost.js
    ghost_replace_proprietary_services /var/www/${GHOST_DOMAIN_NAME}/htdocs/core/built/assets/ghost.min.js
    ghost_replace_proprietary_services /var/www/${GHOST_DOMAIN_NAME}/htdocs/content/themes/casper/post.hbs
}

function remove_user_ghost {
    remove_username="$1"
}

function add_user_ghost {
    if [[ $(app_is_installed ghost) == "0" ]]; then
        echo '0'
        return
    fi

    new_username="$1"
    new_user_password="$2"

    echo '0'
}

function install_interactive_ghost {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [[ $ONION_ONLY != "no" ]]; then
        GHOST_DOMAIN_NAME='ghost.local'
        write_config_param "GHOST_DOMAIN_NAME" "$GHOST_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details "ghost" "GHOST_DOMAIN_NAME" "GHOST_CODE"
    fi
    APP_INSTALLED=1
}

function change_password_ghost {
    GHOST_USERNAME="$1"
    GHOST_PASSWORD="$2"
    if [ ${#GHOST_PASSWORD} -lt 8 ]; then
        echo $'Ghost password is too short'
        return
    fi
    #${PROJECT_NAME}-pass -u $GHOST_USERNAME -a ghost -p "$GHOST_PASSWORD"
}

function reconfigure_ghost {
    echo -n ''
}

function upgrade_ghost {
    read_config_param "GHOST_DOMAIN_NAME"

    GHOST_PATH=/var/www/$GHOST_DOMAIN_NAME/htdocs

    function_check set_repo_commit
    set_repo_commit $GHOST_PATH "ghost commit" "$GHOST_COMMIT" $GHOST_REPO

    ghost_replace_services
    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs

    ghost_remove_offsite_links
    systemctl restart ghost
}

function backup_local_ghost {
    GHOST_DOMAIN_NAME='ghost.local'
    if grep -q "ghost domain" $COMPLETION_FILE; then
        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
    fi

    ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs
    if [ -d $ghost_path ]; then
        function_check backup_database_to_usb
        backup_database_to_usb ghost

        backup_directory_to_usb $ghost_path ghost
        restart_site
    fi
}

function restore_local_ghost {
    GHOST_DOMAIN_NAME='ghost.local'
    if grep -q "ghost domain" $COMPLETION_FILE; then
        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
    fi
    if [ $GHOST_DOMAIN_NAME ]; then
        function_check ghost_create_database
        ghost_create_database

        function_check restore_database
        restore_database ghost ${GHOST_DOMAIN_NAME}
    fi
}

function backup_remote_ghost {
    GHOST_DOMAIN_NAME='ghost.local'
    if grep -q "ghost domain" $COMPLETION_FILE; then
        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
    fi

    temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs
    if [ -d $temp_backup_dir ]; then
        suspend_site ${GHOST_DOMAIN_NAME}
        backup_database_to_friend ghost
        backup_directory_to_friend $temp_backup_dir ghost
        restart_site
    else
        echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
        exit 2578
    fi
}

function restore_remote_ghost {
    GHOST_DOMAIN_NAME='ghost.local'
    if grep -q "ghost domain" $COMPLETION_FILE; then
        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
    fi

    function_check restore_database_from_friend

    function_check ghost_create_database
    ghost_create_database

    restore_database_from_friend ghost ${GHOST_DOMAIN_NAME}
    restart_site
    chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs/
}

function remove_ghost {
    if [ ${#GHOST_DOMAIN_NAME} -eq 0 ]; then
        return
    fi

    systemctl stop ghost
    systemctl disable ghost
    rm /etc/systemd/system/ghost.service

    function_check remove_nodejs
    remove_nodejs ghost

    drop_database ghost
    remove_backup_database_local ghost

    read_config_param "GHOST_DOMAIN_NAME"
    nginx_dissite $GHOST_DOMAIN_NAME
    remove_certs ${GHOST_DOMAIN_NAME}
    deluser --remove-all-files ghost
    if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
        rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
    fi
    if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then
        rm -rf /var/www/$GHOST_DOMAIN_NAME
    fi
    remove_config_param GHOST_DOMAIN_NAME
    remove_config_param GHOST_CODE
    function_check remove_onion_service
    remove_onion_service ghost ${GHOST_ONION_PORT}
    remove_completion_param "install_ghost"
    sed -i '/Ghost/d' $COMPLETION_FILE
    sed -i '/ghost/d' $COMPLETION_FILE

    function_check remove_ddns_domain
    remove_ddns_domain $GHOST_DOMAIN_NAME
}

function ghost_create_config {
    ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js

    echo "var path = require('path')," > $ghost_config
    echo '    config;' >> $ghost_config
    echo '' >> $ghost_config
    echo 'config = {' >> $ghost_config
    echo '    production: {' >> $ghost_config
    echo '        // This needs to be http and NOT https' >> $ghost_config
    echo "        url: 'http://${GHOST_DOMAIN_NAME}'," >> $ghost_config
    echo '        mail: {' >> $ghost_config
    echo "            transport: 'SMTP'," >> $ghost_config
    echo '            options: {' >> $ghost_config
    echo "                service: 'Sendmail'," >> $ghost_config
    echo '            }' >> $ghost_config
    echo '        },' >> $ghost_config
    echo '        database: {' >> $ghost_config
    echo "            client: 'mysql'," >> $ghost_config
    echo '            connection: {' >> $ghost_config
    echo "                host     : '127.0.0.1'," >> $ghost_config
    echo "                user     : 'root'," >> $ghost_config
    echo "                password : '${MARIADB_PASSWORD}'," >> $ghost_config
    echo "                database : 'ghost'," >> $ghost_config
    echo "                charset  : 'utf8'" >> $ghost_config
    echo '            }' >> $ghost_config
    echo '        },' >> $ghost_config
    echo '' >> $ghost_config
    echo '        server: {' >> $ghost_config
    echo "            host: '127.0.0.1'," >> $ghost_config
    echo "            port: '${GHOST_PORT}'" >> $ghost_config
    echo '        },' >> $ghost_config
    echo '        privacy: {' >> $ghost_config
    echo '            useTinfoil: true,' >> $ghost_config
    echo '        },' >> $ghost_config
    echo '        logging: false' >> $ghost_config
    echo '    }' >> $ghost_config
    echo '};' >> $ghost_config
    echo '' >> $ghost_config
    echo 'module.exports = config;' >> $ghost_config
    chmod 700 $ghost_config
}

function ghost_create_database {
    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
        GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
    else
        if [ ! ${GIT_ADMIN_PASSWORD} ]; then
            GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
        fi
    fi
    if [ ! $GIT_ADMIN_PASSWORD ]; then
        return
    fi

    function_check create_database
    create_database ghost "$GHOST_ADMIN_PASSWORD"
}

function install_ghost {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [ ! $GHOST_DOMAIN_NAME ]; then
        echo $'The ghost domain name was not specified'
        exit 5062
    fi

    # for the avatar changing command
    apt-get -yq install unzip wget

    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
        mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
    fi
    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
    wget https://ghost.org/zip/ghost-${GHOST_VERSION}.zip
    if [ ! -f ghost-${GHOST_VERSION}.zip ]; then
        echo $'Unable to download ghost'
        rm -rf /var/www/$GHOST_DOMAIN_NAME
        exit 63892
    fi
    unzip ghost-${GHOST_VERSION}.zip
    if [ ! -f /var/www/${GHOST_DOMAIN_NAME}/htdocs/index.js ]; then
        echo $'ghost failed to unzip'
        rm -rf /var/www/$GHOST_DOMAIN_NAME
        exit 63835
    fi

    function_check install_nodejs
    install_nodejs ghost

    sed -i "/sqlite/d" /var/www/${GHOST_DOMAIN_NAME}/htdocs/package.json
    npm install --production

    function_check install_mariadb
    install_mariadb

    function_check get_mariadb_password
    get_mariadb_password

    function_check ghost_create_database
    ghost_create_database

    ghost_create_config

    adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs/

    echo '[Unit]' > /etc/systemd/system/ghost.service
    echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
    echo 'After=syslog.target' >> /etc/systemd/system/ghost.service
    echo 'After=network.target' >> /etc/systemd/system/ghost.service
    echo 'After=mysqld.service' >> /etc/systemd/system/ghost.service
    echo '' >> /etc/systemd/system/ghost.service
    echo '[Service]' >> /etc/systemd/system/ghost.service
    echo 'Type=simple' >> /etc/systemd/system/ghost.service
    echo 'User=ghost' >> /etc/systemd/system/ghost.service
    echo 'Group=ghost' >> /etc/systemd/system/ghost.service
    echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service
    echo "ExecStart=/usr/local/bin/node /var/www/${GHOST_DOMAIN_NAME}/htdocs/index.js" >> /etc/systemd/system/ghost.service
    echo 'Restart=always' >> /etc/systemd/system/ghost.service
    echo 'RestartSec=60' >> /etc/systemd/system/ghost.service
    echo "Environment=NODE_ENV=production PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service
    echo '' >> /etc/systemd/system/ghost.service
    echo '[Install]' >> /etc/systemd/system/ghost.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service

    ghost_remove_offsite_links

    systemctl enable ghost
    systemctl daemon-reload
    systemctl start ghost

    GHOST_ONION_HOSTNAME=$(add_onion_service ghost 80 ${GHOST_ONION_PORT})

    if [[ ${ONION_ONLY} == "no" ]]; then
        function_check nginx_http_redirect
        nginx_http_redirect ${GHOST_DOMAIN_NAME}
        echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo "    server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        function_check nginx_ssl
        nginx_ssl ${GHOST_DOMAIN_NAME}
        function_check nginx_disable_sniffing
        nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        function_check nginx_limits
        nginx_limits ${GHOST_DOMAIN_NAME} '10G'
        echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        nginx_keybase $GHOST_DOMAIN_NAME
        echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    else
        echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    fi
    echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo "    server_name $GHOST_ONION_HOSTNAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    function_check nginx_disable_sniffing
    nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    function_check nginx_limits
    nginx_limits ${GHOST_DOMAIN_NAME} '10G'
    echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
    nginx_keybase ${GHOST_DOMAIN_NAME}
    echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}

    function_check create_site_certificate
    create_site_certificate $GHOST_DOMAIN_NAME 'yes'

    function_check configure_php
    configure_php

    if [[ $ONION_ONLY != 'no' ]]; then
        sed -i "s|url: .*|url: 'http://${GHOST_ONION_HOSTNAME}',|g" /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
        systemctl restart ghost
    fi

    ghost_replace_services

    function_check nginx_ensite
    nginx_ensite $GHOST_DOMAIN_NAME

    systemctl restart nginx

    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"

    function_check add_ddns_domain
    add_ddns_domain $GHOST_DOMAIN_NAME

    set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0