Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 10:50:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Cleanup (#111)

Browse source 
* Tab completion for nopass, no further completion after one argument

* Cleaned up install.sh
This commit is contained in:
redfast00 2016-10-25 20:11:32 +02:00 committed by GitHub
parent 516b93ee43
commit 1cdd5d1494
2 changed files with 63 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
auto_install/install.sh
View file

@ -12,9 +12,6 @@
######## VARIABLES #########
tmpLog=/tmp/pivpn-install.log
instalLogLoc=/etc/pivpn/install.log
pivpnGitUrl="https://github.com/pivpn/pivpn.git"
pivpnFilesDir="/etc/.pivpn"
@ -89,8 +86,8 @@ if hash lsb_release 2>/dev/null; then
noOS_Support
fi
# else get info from os-release
elif [[ "$(cat /etc/os-release | grep raspbian)" ]]; then
if [[ "$(cat /etc/os-release | grep jessie)" ]]; then
elif grep -q debian /etc/os-release; then
if grep -q jessie /etc/os-release; then
PLAT="Raspbian"
OSCN="jessie"
else
@ -111,7 +108,8 @@ spinner()
local pid=$1
local delay=0.50
local spinstr='/-\|'
while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do
while ps a | awk '{print $1}' | grep -q "$pid"
do
local temp=${spinstr#?}
printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
@ -151,8 +149,8 @@ chooseUser() {
# Find out how many users are available to choose from
userCount=$(echo "$availableUsers" | wc -l)
chooseUserCmd=(whiptail --title "Choose A User" --separate-output --radiolist "Choose:" $r $c $userCount)
chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty)
if [[ $? = 0 ]]; then
if chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty)
then
for desiredUser in $chooseUserOptions
do
pivpnUser=$desiredUser
@ -202,8 +200,8 @@ chooseInterface() {
# Find out how many interfaces are available to choose from
interfaceCount=$(echo "$availableInterfaces" | wc -l)
chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface" $r $c $interfaceCount)
chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty)
if [[ $? = 0 ]]; then
if chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty)
then
for desiredInterface in $chooseInterfaceOptions
do
pivpnInterface=$desiredInterface
@ -239,12 +237,12 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
until [[ $ipSettingsCorrect = True ]]
do
# Ask for the IPv4 address
IPv4addr=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" $r $c "$IPv4addr" 3>&1 1>&2 2>&3)
if [[ $? = 0 ]];then
if IPv4addr=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" $r $c "$IPv4addr" 3>&1 1>&2 2>&3)
then
echo "::: Your static IPv4 address: $IPv4addr"
# Ask for the gateway
IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" $r $c "$IPv4gw" 3>&1 1>&2 2>&3)
if [[ $? = 0 ]];then
if IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" $r $c "$IPv4gw" 3>&1 1>&2 2>&3)
then
echo "::: Your static IPv4 gateway: $IPv4gw"
# Give the user a chance to review their settings before moving on
if (whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct?
@ -454,10 +452,10 @@ make_repo() {
echo -n "::: Cloning $2 into $1..."
$SUDO rm -rf "$1"
$SUDO git clone -q "$2" "$1" > /dev/null & spinner $!
if [ -z ${TESTING+x} ]; then
if [ -z "${TESTING+x}" ]; then
:
else
$SUDO git -C $1 checkout test
$SUDO git -C "$1" checkout test
fi
echo " done!"
}
@ -467,7 +465,7 @@ update_repo() {
echo -n "::: Updating repo in $1..."
cd "$1" || exit
$SUDO git pull -q > /dev/null & spinner $!
if [ -z ${TESTING+x} ]; then
if [ -z "${TESTING+x}" ]; then
:
else
${SUDOE} git checkout test
@ -477,11 +475,11 @@ update_repo() {
setCustomProto() {
# Set the available protocols into an array so it can be used with a whiptail dialog
protocol=$(whiptail --title "Protocol" --radiolist \
if protocol=$(whiptail --title "Protocol" --radiolist \
"Choose a protocol. Please only choose TCP if you know why you need TCP." $r $c 2 \
"UDP" "" ON \
"TCP" "" OFF 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then
then
# Convert option into lowercase (UDP->udp)
pivpnProto="${protocol,,}"
echo "::: Using protocol: $pivpnProto"
@ -501,16 +499,15 @@ setCustomPort() {
do
portInvalid="Invalid"
PROTO=`cat /etc/pivpn/INSTALL_PROTO`
PROTO=$(cat /etc/pivpn/INSTALL_PROTO)
if [ "$PROTO" = "udp" ]; then
DEFAULT_PORT=1194
else
DEFAULT_PORT=443
fi
PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3)
if [[ $? = 0 ]]; then
if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 -a "$PORT" -le 65535 ]; then
if PORT=$(whiptail --title "Default OpenVPN Port" --inputbox "You can modify the default OpenVPN port. \nEnter a new value or hit 'Enter' to retain the default" $r $c $DEFAULT_PORT 3>&1 1>&2 2>&3)
then
if [[ "$PORT" =~ ^[0-9]+$ ]] && [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ]; then
:
else
PORT=$portInvalid
@ -544,8 +541,9 @@ setClientDNS() {
Level3 "" off
Norton "" off
Custom "" off)
DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
if [[ $? = 0 ]];then
if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
then
case $DNSchoices in
Google)
echo "::: Using Google DNS servers."
@ -578,8 +576,9 @@ setClientDNS() {
until [[ $DNSSettingsCorrect = True ]]
do
strInvalid="Invalid"
OVPNDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" $r $c "" 3>&1 1>&2 2>&3)
if [[ $? = 0 ]];then
if OVPNDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" $r $c "" 3>&1 1>&2 2>&3)
then
OVPNDNS1=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}')
OVPNDNS2=$(echo "$OVPNDNS" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}')
if ! valid_ip "$OVPNDNS1" || [ ! "$OVPNDNS1" ]; then
@ -642,7 +641,7 @@ confOpenVPN() {
# Edit the EASY_RSA variable in the vars file to point to the new easy-rsa directory,
# And set the chosen key size
cd /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa || exit
$SUDO sed -i 's:"`pwd`":"/etc/openvpn/easy-rsa":' vars
$SUDO sed -i "s/\(KEY_SIZE=\).*/\1${ENCRYPT}/" vars
@ -676,39 +675,39 @@ confOpenVPN() {
for i in $CERTVAL
do
if [ $i == '"COUNTRY"' ]; then
if [ "$i" == '"COUNTRY"' ]; then
COUNTRY=$(whiptail --title "Certificate Country" --inputbox \
"Enter a 2 letter abbreviation for Country" $r $c US 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_COUNTRY=\"\).*/\1${COUNTRY}\"/" vars
fi
if [ $i == '"STATE"' ]; then
if [ "$i" == '"STATE"' ]; then
STATE=$(whiptail --title "Certificate State" --inputbox \
"Enter a 2 letter abbreviated State or Province" $r $c CA 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_PROVINCE=\"\).*/\1${STATE}\"/" vars
fi
if [ $i == '"CITY"' ]; then
if [ "$i" == '"CITY"' ]; then
CITY=$(whiptail --title "Certificate City" --inputbox \
"Enter a City name" $r $c SanFrancisco 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_CITY=\"\).*/\1${CITY}\"/" vars
fi
if [ $i == '"ORG"' ]; then
if [ "$i" == '"ORG"' ]; then
ORG=$(whiptail --title "Certificate Org" --inputbox \
"Enter an Organization name" $r $c Fort-Funston 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_ORG=\"\).*/\1${ORG}\"/" vars
fi
if [ $i == '"EMAIL"' ]; then
if [ "$i" == '"EMAIL"' ]; then
EMAIL=$(whiptail --title "Certificate Email" --inputbox \
"Enter an Email Address" $r $c "me@myhost.mydomain" 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_EMAIL=\"\).*/\1${EMAIL}\"/" vars
fi
if [ $i == '"SERVER_NAME"' ]; then
if [ "$i" == '"SERVER_NAME"' ]; then
SERVER_NAME=$(whiptail --title "Server Name" --inputbox \
"Enter a Server Name" $r $c "pivpn" 3>&1 1>&2 2>&3)
# This began a rabbit hole of errors. Nope.
#sed -i '/export KEY_CN/s/^#//g' vars
#sed -i "s/\(KEY_CN=\"\).*/\1${SERVER_NAME}\"/" vars
fi
if [ $i == '"KEY_NAME"' ]; then
if [ "$i" == '"KEY_NAME"' ]; then
KEY_NAME=$(whiptail --title "Key Name" --inputbox \
"Enter a Key Name" $r $c "EasyRSA" 3>&1 1>&2 2>&3)
$SUDO sed -i "s/\(KEY_NAME=\"\).*/\1${KEY_NAME}\"/" vars
@ -741,7 +740,7 @@ confOpenVPN() {
whiptail --msgbox --backtitle "Setup OpenVPN" --title "Server Information" "The server key, Diffie-Hellman key, and HMAC key will now be generated." $r $c
# Build the server
${SUDOE} ./build-key-server --batch $SERVER_NAME
${SUDOE} ./build-key-server --batch "$SERVER_NAME"
if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." $r $c)
then
@ -757,7 +756,7 @@ fi
${SUDOE} openvpn --genkey --secret keys/ta.key
# Write config file for server using the template .txt file
LOCALIP=$(ifconfig $pivpnInterface | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
LOCALIP=$(ifconfig "$pivpnInterface" | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf
$SUDO sed -i "s/LOCALIP/${LOCALIP}/g" /etc/openvpn/server.conf
@ -771,7 +770,7 @@ fi
fi
# if they modified protocol put value in server.conf
if [ $PROTO != "udp" ]; then
if [ "$PROTO" != "udp" ]; then
$SUDO sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf
fi
@ -813,17 +812,17 @@ confNetwork() {
# if ufw enabled, configure that
if hash ufw 2>/dev/null; then
$SUDO ufw status | grep inactive &>/dev/null
if [[ $? -eq 0 ]]; then
if $SUDO ufw status | grep -q inactive
then
noUFW=1
else
echo "::: Detected UFW is enabled."
echo "::: Adding UFW rules..."
$SUDO cp /etc/.pivpn/ufw_add.txt /tmp/ufw_add.txt
$SUDO sed -i 's/IPv4dev/'$IPv4dev'/' /tmp/ufw_add.txt
$SUDO sed -i 's/IPv4dev/'"$IPv4dev"'/' /tmp/ufw_add.txt
$SUDO sed -i "s/\(DEFAULT_FORWARD_POLICY=\).*/\1\"ACCEPT\"/" /etc/default/ufw
$SUDO sed -i -e '/delete these required/r /tmp/ufw_add.txt' -e//N /etc/ufw/before.rules
$SUDO ufw allow ${PORT}/${PROTO}
$SUDO ufw allow "${PORT}/${PROTO}"
$SUDO ufw allow from 10.8.0.0/24
$SUDO ufw reload
echo "::: UFW configuration completed."
@ -834,7 +833,7 @@ confNetwork() {
# else configure iptables
if [[ $noUFW -eq 1 ]]; then
echo 1 > /tmp/noUFW
$SUDO iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $IPv4dev -j MASQUERADE
$SUDO iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "$IPv4dev" -j MASQUERADE
if [[ $PLAT == "Ubuntu" || $PLAT == "Debian" ]]; then
$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null
else
@ -848,12 +847,10 @@ confNetwork() {
}
confOVPN() {
IPv4pub=$(dig +short myip.opendns.com @resolver1.opendns.com)
if [ $? -ne 0 ]
if ! IPv4pub=$(dig +short myip.opendns.com @resolver1.opendns.com)
then
echo "dig failed, now trying to curl eth0.me"
IPv4pub=$(curl eth0.me)
if [ $? -ne 0 ]
if ! IPv4pub=$(curl eth0.me)
then
echo "eth0.me failed, please check your internet connection/DNS"
exit $?
@ -879,7 +876,7 @@ confOVPN() {
$SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/keys/Default.txt
if [ "$METH" == "$IPv4pub" ]; then
$SUDO sed -i 's/IPv4pub/'$IPv4pub'/' /etc/openvpn/easy-rsa/keys/Default.txt
$SUDO sed -i 's/IPv4pub/'"$IPv4pub"'/' /etc/openvpn/easy-rsa/keys/Default.txt
else
until [[ $publicDNSCorrect = True ]]
do
@ -891,7 +888,7 @@ confOVPN() {
fi
if (whiptail --backtitle "Confirm DNS Name" --title "Confirm DNS Name" --yesno "Is this correct?\n\n Public DNS Name: $PUBLICDNS" $r $c) then
publicDNSCorrect=True
$SUDO sed -i 's/IPv4pub/'$PUBLICDNS'/' /etc/openvpn/easy-rsa/keys/Default.txt
$SUDO sed -i 's/IPv4pub/'"$PUBLICDNS"'/' /etc/openvpn/easy-rsa/keys/Default.txt
else
publicDNSCorrect=False
@ -905,15 +902,15 @@ confOVPN() {
fi
# if they modified protocol put value in Default.txt for clients to use
if [ $PROTO != "udp" ]; then
if [ "$PROTO" != "udp" ]; then
$SUDO sed -i -e "s/proto udp/proto tcp/g" /etc/openvpn/easy-rsa/keys/Default.txt
fi
# verify server name to strengthen security
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/keys/Default.txt
$SUDO mkdir /home/$pivpnUser/ovpns
$SUDO chmod 0777 -R /home/$pivpnUser/ovpns
$SUDO mkdir "/home/$pivpnUser/ovpns"
$SUDO chmod 0777 -R "/home/$pivpnUser/ovpns"
}
installPiVPN() {
@ -975,11 +972,9 @@ chooseUser
# Ask if unattended-upgrades will be enabled
unattendedUpgrades
# Install and log everything to a file
# Install
installPiVPN
# Move the log file into /etc/pivpn for storage
#$SUDO mv $tmpLog $installLogLoc
displayFinalMessage

20
scripts/bash-completion
View file

@ -1,18 +1,22 @@
_pivpn()
_pivpn()
{
local cur prev opts
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
dashopts="-a -d -l -r -h -u"
opts="debug add list revoke uninstall help"
if [[ ${cur} == -* ]] ; then
opts="-a -d -l -r -h -u"
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
return 0
if [ "${#COMP_WORDS[@]}" -eq 2 ]
then
if [[ ${cur} == -* ]] ; then
COMPREPLY=( $(compgen -W "${dashopts}" -- "${cur}") )
else
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
fi
elif [[ ( "$prev" == "add" || "$prev" == "-a" ) && "${#COMP_WORDS[@]}" -eq 3 ]]
then
COMPREPLY=( $(compgen -W "nopass" -- "${cur}") )
fi
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
return 0
}
complete -F _pivpn pivpn