freedombone/src/freedombone-app-searx

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Searx engine application
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS=''

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

SEARX_REPO="https://github.com/asciimoo/searx"
SEARX_COMMIT='fee556c9904637051a9ba874ba7e71cd9f10789f'
SEARX_PATH=/etc
SEARX_ONION_PORT=8094
SEARX_ONION_HOSTNAME=
SEARX_LOGIN_TEXT=$"Search engine login"
SEARX_PASSWORD=

searx_variables=(SEARX_REPO
                 SEARX_COMMIT
                 SEARX_PATH
                 SEARX_LOGIN_TEXT
                 MY_USERNAME
                 SYSTEM_TYPE)

function install_interactive_searx {
    echo -n ''
    APP_INSTALLED=1
}

function change_password_searx {
    echo -n ''
}

function reconfigure_searx {
    echo -n ''
}

function upgrade_searx {
    set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
    if grep "Search engine key" $COMPLETION_FILE; then
        if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
            # note: this might change to a --tor option in a later version
            if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
                echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
                echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
                echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
                echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
            fi
            SEARX_SECRET_KEY=$(get_completion_param "searx key")
            sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
            if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
                SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
                sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
            fi
        fi
    fi
}

function backup_local_searx {
    echo -n ''
}

function restore_local_searx {
    echo -n ''
}

function backup_remote_searx {
    echo -n ''
}

function restore_remote_searx {
    echo -n ''
}

function remove_searx {
    systemctl stop searx
    systemctl disable searx
    rm /etc/systemd/system/searx.service
    function_check remove_onion_service
    remove_onion_service searx ${SEARX_ONION_PORT}
    userdel -r searx
    nginx_dissite searx
    if [ -f /etc/nginx/sites-available/searx ]; then
        rm /etc/nginx/sites-available/searx
    fi
    if [ -d ${SEARX_PATH}/searx ]; then
        rm -rf ${SEARX_PATH}/searx
    fi
    remove_completion_param install_searx
    sed -i '/Search engine /d' $COMPLETION_FILE
    sed -i '/Search Engine /d' /home/$MY_USERNAME/README
    sed -i '/Search engine /d' /home/$MY_USERNAME/README
    sed -i '/search engine /d' /home/$MY_USERNAME/README
}

function install_searx {
    # Note: currently socks5 outgoing proxies to other search engines does not work
    if [ ! -d /etc/nginx ]; then
        echo $'Webserver is not installed'
        exit 62429
    fi

    apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
    apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi

    pip install --upgrade pip

    pip install certifi
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install certifi'
        exit 737692
    fi

    pip install pyyaml
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install pyyaml'
        exit 469242
    fi

    pip install flask --upgrade
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install flask'
        exit 888575
    fi

    pip install flask_restless --upgrade
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install flask_restless'
        exit 54835
    fi

    pip install flask_babel --upgrade
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install flask_babel'
        exit 63738
    fi

    if [ ! -d $SEARX_PATH ]; then
        mkdir -p $SEARX_PATH
    fi

    # clone the repo
    cd $SEARX_PATH
    function_check git_clone
    git_clone $SEARX_REPO searx
    git checkout $SEARX_COMMIT -b $SEARX_COMMIT
    set_completion_param "searx commit" "$SEARX_COMMIT"

    # create an onion service
    SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})

    # an unprivileged user to run as
    useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
    adduser searx debian-tor

    # daemon
    echo '[Unit]' > /etc/systemd/system/searx.service
    echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
    echo 'After=syslog.target' >> /etc/systemd/system/searx.service
    echo 'After=network.target' >> /etc/systemd/system/searx.service
    echo '' >> /etc/systemd/system/searx.service
    echo '[Service]' >> /etc/systemd/system/searx.service
    echo 'Type=simple' >> /etc/systemd/system/searx.service
    echo 'User=searx' >> /etc/systemd/system/searx.service
    echo 'Group=searx' >> /etc/systemd/system/searx.service
    echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
    echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
    echo 'Restart=always' >> /etc/systemd/system/searx.service
    echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
    echo '' >> /etc/systemd/system/searx.service
    echo '[Install]' >> /etc/systemd/system/searx.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service

    # create a webserver file
    echo 'server {' > /etc/nginx/sites-available/searx
    echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
    echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
    echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/searx
    echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
    echo '' >> /etc/nginx/sites-available/searx
    function_check nginx_disable_sniffing
    nginx_disable_sniffing searx
    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
    echo '' >> /etc/nginx/sites-available/searx
    echo '    location / {' >> /etc/nginx/sites-available/searx
    function_check nginx_limits
    nginx_limits searx '1M'
    echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
    echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
    echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
    echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
    echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
    echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
    echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx

    echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
    echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
    echo '    }' >> /etc/nginx/sites-available/searx
    echo '' >> /etc/nginx/sites-available/searx
    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
    echo '' >> /etc/nginx/sites-available/searx
    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
    echo '' >> /etc/nginx/sites-available/searx
    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
    echo '        allow all;' >> /etc/nginx/sites-available/searx
    echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/searx
    echo '    }' >> /etc/nginx/sites-available/searx
    echo '}' >> /etc/nginx/sites-available/searx

    # replace the secret key
    if ! grep "searx key" $COMPLETION_FILE; then
        SEARX_SECRET_KEY="$(create_password 30)"
    fi
    set_completion_param "searx key" "${SEARX_SECRET_KEY}"
    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml

    # note: this might change to a --tor option in a later version
    if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
        echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
        echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
        echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
        echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
    fi

    chown -R searx:searx ${SEARX_PATH}/searx

    # enable the site
    nginx_ensite searx

    # restart the web server
    systemctl restart php5-fpm
    systemctl restart nginx

    # start the daemon
    systemctl enable searx.service
    systemctl daemon-reload
    systemctl start searx.service

    if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
        if [ ${#SEARX_PASSWORD} -lt 8 ]; then
            if [ -f $IMAGE_PASSWORD_FILE ]; then
                SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
            else
                SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
            fi
        fi
        echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
        echo '' >> /home/$MY_USERNAME/README
        echo '' >> /home/$MY_USERNAME/README
        echo $'# Search Engine' >> /home/$MY_USERNAME/README
        echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
        echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
        chmod 600 /home/$MY_USERNAME/README
    fi
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0