Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update install.sh

Browse source
This commit is contained in:
Orazio 2018-09-04 14:38:21 +02:00 committed by GitHub
parent 46712e6609
commit 66a937f04d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
auto_install/install.sh
View file

@ -30,7 +30,7 @@ PIVPN_DEPS=(openvpn git tar wget grep iptables-persistent dnsutils expect whipta
pivpnGitUrl="https://github.com/pivpn/pivpn.git" pivpnGitUrl="https://github.com/pivpn/pivpn.git"
pivpnFilesDir="/etc/.pivpn" pivpnFilesDir="/etc/.pivpn"
easyrsaVer="3.0.4" easyrsaVer="3.0.4"
easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/${easyrsaVer}/EasyRSA-${easyrsaVer}.tgz" easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-${easyrsaVer}.tgz"
# Raspbian's unattended-upgrades package downloads Debian's config, so this is the link for the proper config # Raspbian's unattended-upgrades package downloads Debian's config, so this is the link for the proper config
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/1.4.tar.gz" UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/1.4.tar.gz"
@ -466,22 +466,28 @@ notify_package_updates_available() {
} }
install_dependent_packages() { install_dependent_packages() {
# Install packages passed in via argument array # Install packages passed in via argument array
# No spinner - conflicts with set -e # No spinner - conflicts with set -e
declare -a argArray1=("${!1}") declare -a argArray1=("${!1}")
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections
if command -v debconf-apt-progress &> /dev/null; then if command -v debconf-apt-progress &> /dev/null; then
$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
else # Use appropriate argument if the package manager uses https otherwise the installation will silently fail
for i in "${argArray1[@]}"; do if grep -q https /etc/apt/sources.list; then
echo -n "::: Checking for $i..." $SUDO debconf-apt-progress -- ${PKG_INSTALL} -y apt-transport-https "${argArray1[@]}"
$SUDO package_check_install "${i}" &> /dev/null else
echo " installed!" $SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
done fi
fi else
for i in "${argArray1[@]}"; do
echo -n "::: Checking for $i..."
$SUDO package_check_install "${i}" &> /dev/null
echo " installed!"
done
fi
} }
unattendedUpgrades() { unattendedUpgrades() {
@ -708,7 +714,7 @@ confOpenVPN() {
if [[ ${PLAT} == "Raspbian" ]] && [[ ${OSCN} != "stretch" ]]; then if [[ ${PLAT} == "Raspbian" ]] && [[ ${OSCN} != "stretch" ]]; then
APPLY_TWO_POINT_FOUR=false APPLY_TWO_POINT_FOUR=false
else else
if (whiptail --backtitle "Setup OpenVPN" --title "Installation mode" --yesno --defaultyes "OpenVPN 2.4 brings support for stronger authentication and key exchange using Elliptic Curves, along with encrypted control channel.\n\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then if (whiptail --backtitle "Setup OpenVPN" --title "Installation mode" --yesno "OpenVPN 2.4 brings support for stronger authentication and key exchange using Elliptic Curves, along with encrypted control channel.\n\nIf your clients do run OpenVPN 2.4 or later you can enable these features, otherwise choose 'No' for best compatibility.\n\nNOTE: Current mobile app, that is OpenVPN connect, is supported." ${r} ${c}); then
APPLY_TWO_POINT_FOUR=true APPLY_TWO_POINT_FOUR=true
$SUDO touch /etc/pivpn/TWO_POINT_FOUR $SUDO touch /etc/pivpn/TWO_POINT_FOUR
else else
@ -776,11 +782,11 @@ EOF
# Set certificate type # Set certificate type
if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then
echo "set_var EASYRSA_ALGO rsa" >> vars echo "set_var EASYRSA_ALGO rsa" | $SUDO tee -a vars
echo "set_var EASYRSA_KEY_SIZE ${ENCRYPT}" >> vars echo "set_var EASYRSA_KEY_SIZE ${ENCRYPT}" | $SUDO tee -a vars
else else
echo "set_var EASYRSA_ALGO ec" >> vars echo "set_var EASYRSA_ALGO ec" | $SUDO tee -a vars
echo "set_var EASYRSA_CURVE ${ECDSA_MAP["${ENCRYPT}"]}" >> vars echo "set_var EASYRSA_CURVE ${ECDSA_MAP["${ENCRYPT}"]}" | $SUDO tee -a vars
fi fi
# Remove any previous keys # Remove any previous keys
@ -877,9 +883,14 @@ confUnattendedUpgrades() {
APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::Unattended-Upgrade "1";
EOT EOT
else else
wget -q -O - "$UNATTUPG_CONFIG" | $SUDO tar xz # Fix Raspbian config
$SUDO cp unattended-upgrades-1.4/data/50unattended-upgrades.Raspbian 50unattended-upgrades if [[ $PLAT == "Raspbian" ]]; then
$SUDO rm -rf unattended-upgrades-1.4 wget -q -O - "$UNATTUPG_CONFIG" | $SUDO tar xz
$SUDO cp unattended-upgrades-1.4/data/50unattended-upgrades.Raspbian 50unattended-upgrades
$SUDO rm -rf unattended-upgrades-1.4
fi
# Add the remaining settings for all other distributions
cat << EOT | $SUDO tee 02periodic >/dev/null cat << EOT | $SUDO tee 02periodic >/dev/null
APT::Periodic::Enable "1"; APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Update-Package-Lists "1";