freedombone/src/freedombone-app-scuttlebot

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# scuttlebot pub application. Enables nat traversal for SSB.
# https://scuttlebot.io
#
# License
# =======
#
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim social'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SHOW_ICANN_ADDRESS_ON_ABOUT=0

SCUTTLEBOT_DOMAIN_NAME=
SCUTTLEBOT_CODE=
SCUTTLEBOT_VERSION='10.4.6'
SCUTTLEBOT_PORT=8010
SCUTTLEBOT_ONION_PORT=8623
GIT_SSB_PORT=7718
NGINX_GIT_SSB_PORT=7719

scuttlebot_variables=(MY_USERNAME
                      SCUTTLEBOT_DOMAIN_NAME
                      SCUTTLEBOT_CODE
                      DEFAULT_DOMAIN_NAME
                      SYSTEM_TYPE)

function logging_on_scuttlebot {
    echo -n ''
}

function logging_off_scuttlebot {
    echo -n ''
}

function scuttlebot_create_invite {
    invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')

    clear
    echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n'
    read -n1 -r -p $"Press any key to continue..." key
}

function configure_interactive_scuttlebot {
    while true
    do
        data=$(tempfile 2>/dev/null)
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Scuttlebot" \
               --radiolist $"Choose an operation:" 10 50 2 \
               1 $"Create an invite" off \
               2 $"Exit" on 2> $data
        sel=$?
        case $sel in
            1) return;;
            255) return;;
        esac
        case $(cat $data) in
            1) scuttlebot_create_invite;;
            2) break;;
        esac
    done
}

function remove_user_scuttlebot {
    remove_username="$1"
}

function add_user_scuttlebot {
    new_username="$1"
    new_user_password="$2"
    echo '0'
}

function install_interactive_scuttlebot {
    if [[ $ONION_ONLY != "no" ]]; then
        SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
        write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details scuttlebot
    fi
    APP_INSTALLED=1
}

function change_password_scuttlebot {
    new_username="$1"
    new_user_password="$2"
    echo '0'
}

function reconfigure_scuttlebot {
    if [ -d /etc/scuttlebot/.ssb ]; then
        systemctl stop scuttlebot
        rm -rf /etc/scuttlebot/.ssb
        systemctl start scuttlebot
    fi
}

function upgrade_scuttlebot {
    if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then
        return
    fi

    CURR_SCUTTLEBOT_VERSION=$(get_completion_param "scuttlebot version")
    echo "scuttlebot current version: ${CURR_SCUTTLEBOT_VERSION}"
    echo "scuttlebot app version: ${SCUTTLEBOT_VERSION}"
    if [[ "${CURR_SCUTTLEBOT_VERSION}" == "${SCUTTLEBOT_VERSION}" ]]; then
        return
    fi

    npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save
    if [ ! "$?" = "0" ]; then
        return
    fi
    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
}

function backup_local_scuttlebot {
    if [ -d /etc/scuttlebot/.ssb ]; then
        systemctl stop scuttlebot
        function_check backup_directory_to_usb
        backup_directory_to_usb /etc/scuttlebot/.ssb scuttlebot
        systemctl start scuttlebot
    fi
}

function restore_local_scuttlebot {
    if [ -d /etc/scuttlebot ]; then
        systemctl stop scuttlebot
        temp_restore_dir=/root/tempscuttlebot
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir scuttlebot
        if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
            cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
        else
            cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
        fi
        systemctl start scuttlebot
        rm -rf $temp_restore_dir
    fi
}

function backup_remote_scuttlebot {
    if [ -d /etc/scuttlebot/.ssb ]; then
        systemctl stop scuttlebot
        function_check backup_directory_to_friend
        backup_directory_to_friend /etc/scuttlebot/.ssb scuttlebot
        systemctl start scuttlebot
    fi
}

function restore_remote_scuttlebot {
    if [ -d /etc/scuttlebot ]; then
        systemctl stop scuttlebot
        temp_restore_dir=/root/tempscuttlebot
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir scuttlebot
        if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
            cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
        else
            cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
        fi
        systemctl start scuttlebot
        rm -rf $temp_restore_dir
    fi
}

function remove_scuttlebot {
    firewall_remove ${SCUTTLEBOT_PORT}
    firewall_remove ${GIT_SSB_PORT}

    if [ $SCUTTLEBOT_DOMAIN_NAME ]; then
        nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
        rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
    fi

    systemctl stop scuttlebot
    systemctl disable scuttlebot
    rm /etc/systemd/system/scuttlebot.service
    systemctl daemon-reload

    userdel -r scuttlebot

    if [ -d /etc/scuttlebot ]; then
        rm -rf /etc/scuttlebot
    fi

    remove_completion_param install_scuttlebot
    sed -i '/scuttlebot /d' $COMPLETION_FILE
}

function scuttlebot_git_setup {
    if [[ "$1" == "mesh" ]]; then
        git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
        echo 'server {' > $git_ssb_nginx_site
        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
        echo '' >> $git_ssb_nginx_site
        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
        echo '' >> $git_ssb_nginx_site
        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
    else
        if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
            exit 7357225
        fi
        git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
        function_check nginx_http_redirect
        nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
        echo 'server {' >> $git_ssb_nginx_site
        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
        echo '  listen [::]:443 ssl;' >> $git_ssb_nginx_site
        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
        echo '' >> $git_ssb_nginx_site
        function_check nginx_compress
        nginx_compress $SCUTTLEBOT_DOMAIN_NAME
        echo '' >> $git_ssb_nginx_site
        echo '  # Security' >> $git_ssb_nginx_site
        function_check nginx_ssl
        nginx_ssl $SCUTTLEBOT_DOMAIN_NAME

        function_check nginx_disable_sniffing
        nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
    fi

    echo '' >> $git_ssb_nginx_site
    echo '  location = / {' >> $git_ssb_nginx_site
    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
    echo '  }' >> $git_ssb_nginx_site
    echo '}' >> $git_ssb_nginx_site

    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
        echo '' >> $git_ssb_nginx_site
        echo 'server {' >> $git_ssb_nginx_site
        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
        echo '' >> $git_ssb_nginx_site
        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
        echo '' >> $git_ssb_nginx_site
        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
        echo '' >> $git_ssb_nginx_site
        echo '  location = / {' >> $git_ssb_nginx_site
        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
        echo '  }' >> $git_ssb_nginx_site
        echo '}' >> $git_ssb_nginx_site
    fi
    nginx_ensite git_ssb
}

function mesh_install_scuttlebot {
    SCUTTLEBOT_ONION_HOSTNAME=

    get_npm_arch

    cat <<EOF > $rootdir/usr/bin/install_scuttlebot
#!/bin/bash
npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
npm install --arch=$NPM_ARCH -g git-ssb
npm install --arch=$NPM_ARCH -g git-remote-ssb
EOF
    chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
    chroot "$rootdir" /usr/bin/install_scuttlebot
    rm $rootdir/usr/bin/install_scuttlebot

    if [ ! -f $rootdir/usr/local/bin/sbot ]; then
        echo $'Scuttlebot was not installed'
        exit 528253
    fi

    if [ ! -d $rootdir/etc/scuttlebot ]; then
        mkdir -p $rootdir/etc/scuttlebot
    fi

    # an unprivileged user to run as
    chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot

    # daemon
    echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service
    echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service

    scuttlebot_git_setup mesh
}

function install_scuttlebot {
    function_check install_nodejs
    install_nodejs scuttlebot

    npm install -g scuttlebot@${SCUTTLEBOT_VERSION}
    if [ ! -f /usr/local/bin/sbot ]; then
        exit 528253
    fi

    npm install -g git-ssb
    npm install -g git-remote-ssb

    if [ ! -d /etc/scuttlebot ]; then
        mkdir -p /etc/scuttlebot
    fi

    # an unprivileged user to run as
    useradd -d /etc/scuttlebot/ scuttlebot

    # daemon
    echo '[Unit]' > /etc/systemd/system/scuttlebot.service
    echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service
    echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service
    echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service
    echo '' >> /etc/systemd/system/scuttlebot.service
    echo '[Service]' >> /etc/systemd/system/scuttlebot.service
    echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service
    echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service
    echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service
    echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service
    echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service
    echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service
    echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service
    echo '' >> /etc/systemd/system/scuttlebot.service
    echo '[Install]' >> /etc/systemd/system/scuttlebot.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service

    chown -R scuttlebot:scuttlebot /etc/scuttlebot

    # files gw_name myhostname mdns4_minimal [NOTFOUND=return] dns
    sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf

    # start the daemon
    systemctl enable scuttlebot.service
    systemctl daemon-reload
    systemctl start scuttlebot.service

    sleep 3

    if [ ! -d /etc/scuttlebot/.ssb ]; then
        echo $'Scuttlebot config not generated'
        exit 73528
    fi

    echo '{' > /etc/scuttlebot/.ssb/config
    echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config
    echo "  \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
    echo '  "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
    echo '  "pub": true,' >> /etc/scuttlebot/.ssb/config
    echo '  "local": true,' >> /etc/scuttlebot/.ssb/config
    echo '  "friends": {' >> /etc/scuttlebot/.ssb/config
    echo '    "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
    echo '    "hops": 3' >> /etc/scuttlebot/.ssb/config
    echo '  },' >> /etc/scuttlebot/.ssb/config
    echo '  "gossip": {' >> /etc/scuttlebot/.ssb/config
    echo '    "connections": 2' >> /etc/scuttlebot/.ssb/config
    echo '  },' >> /etc/scuttlebot/.ssb/config
    echo '  "master": [],' >> /etc/scuttlebot/.ssb/config
    echo '  "logging": {' >> /etc/scuttlebot/.ssb/config
    echo '    "level": "error"' >> /etc/scuttlebot/.ssb/config
    echo '  }' >> /etc/scuttlebot/.ssb/config
    echo '}' >> /etc/scuttlebot/.ssb/config
    chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
    systemctl restart scuttlebot.service

    firewall_add scuttlebot ${SCUTTLEBOT_PORT}
    firewall_add git_ssb ${GIT_SSB_PORT}


    SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
    scuttlebot_git_setup

    function_check create_site_certificate
    create_site_certificate ${SCUTTLEBOT_DOMAIN_NAME} 'yes'

    systemctl restart nginx

    if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
    else
        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
    fi

    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0