Added uninstall and Pi-hole detection

This commit is contained in:
Orazio 2019-11-07 17:29:21 +01:00
parent e77f668021
commit 84f90b00a4
9 changed files with 275 additions and 42 deletions

View file

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# PiVPN: Trivial OpenVPN or WireGUard setup and configuration # PiVPN: Trivial OpenVPN or WireGuard setup and configuration
# Easiest setup and mangement of OpenVPN or WireGuard on Raspberry Pi # Easiest setup and mangement of OpenVPN or WireGuard on Raspberry Pi
# http://pivpn.io # http://pivpn.io
# Heavily adapted from the pi-hole.net project and... # Heavily adapted from the pi-hole.net project and...
@ -20,7 +20,12 @@ PKG_CACHE="/var/lib/apt/lists/"
UPDATE_PKG_CACHE="${PKG_MANAGER} update" UPDATE_PKG_CACHE="${PKG_MANAGER} update"
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install" PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
# Dependencies that are required by the script, regardless of the VPN protocol chosen
BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5) BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5)
# Dependencies that where actually installed by the script. For example if the script requires
# grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling
# PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons
TO_INSTALL=()
pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git" pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git"
easyrsaVer="3.0.6" easyrsaVer="3.0.6"
@ -30,7 +35,7 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}
UNATTUPG_RELEASE="1.14" UNATTUPG_RELEASE="1.14"
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz" UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
WG_SNAPSHOT="0.0.20190913" WG_SNAPSHOT="0.0.20191012"
WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz" WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz"
# Find the rows and columns. Will default to 80x24 if it can not be detected. # Find the rows and columns. Will default to 80x24 if it can not be detected.
@ -212,10 +217,6 @@ notifyPackageUpdatesAvailable(){
fi fi
} }
packageCheckInstall(){
dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
}
preconfigurePackages(){ preconfigurePackages(){
# Add support for https repositories if there are any that use it otherwise the installation will silently fail # Add support for https repositories if there are any that use it otherwise the installation will silently fail
if grep -q https /etc/apt/sources.list; then if grep -q https /etc/apt/sources.list; then
@ -236,14 +237,20 @@ installDependentPackages(){
# No spinner - conflicts with set -e # No spinner - conflicts with set -e
declare -a argArray1=("${!1}") declare -a argArray1=("${!1}")
for i in "${argArray1[@]}"; do
echo -n "::: Checking for $i..."
if dpkg-query -W -f='${Status}' "${i}" 2>/dev/null | grep -q "ok installed"; then
echo " installed!"
else
TO_INSTALL+=("${i}")
echo " not installed!"
fi
done
if command -v debconf-apt-progress &> /dev/null; then if command -v debconf-apt-progress &> /dev/null; then
$SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}" $SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
else else
for i in "${argArray1[@]}"; do ${PKG_INSTALL} "${argArray1[@]}"
echo -n "::: Checking for $i..."
$SUDO packageCheckInstall "${i}" &> /dev/null
echo " installed!"
done
fi fi
} }
@ -559,13 +566,13 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138 $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(raspberrypi-kernel-headers wireguard) PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
elif [ "$(uname -m)" = "armv6l" ]; then elif [ "$(uname -m)" = "armv6l" ]; then
echo "::: Installing WireGuard from source... " echo "::: Installing WireGuard from source... "
PIVPN_DEPS=(libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode) PIVPN_DEPS=(checkinstall dkms libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
# Delete any leftover code # Delete any leftover code
@ -591,8 +598,12 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
exit 1 exit 1
fi fi
# Use checkinstall to install userspace tools so if the user wants to uninstall
# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
# files from the file system
echo "::: Installing WireGuard tools... " echo "::: Installing WireGuard tools... "
if $SUDO make install tools; then if $SUDO checkinstall --pkgname wireguard-tools --pkgversion "${WG_SNAPSHOT}" -y make tools-install; then
TO_INSTALL+=("wireguard-tools")
echo "done!" echo "done!"
else else
echo "failed!" echo "failed!"
@ -619,6 +630,7 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
echo "::: Installing WireGuard modules via DKMS... " echo "::: Installing WireGuard modules via DKMS... "
if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
TO_INSTALL+=("wireguard-dkms")
echo "done!" echo "done!"
else else
echo "failed!" echo "failed!"
@ -628,12 +640,14 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
echo "::: Installing WireGuard from Debian package... "
echo "::: Adding Debian repository... "
echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
echo "Package: * echo "Package: *
Pin: release a=unstable Pin: release a=unstable
Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null $SUDO ${UPDATE_PKG_CACHE} &> /dev/null
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard) PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
fi fi
@ -727,6 +741,24 @@ askCustomPort(){
} }
askClientDNS(){ askClientDNS(){
# Detect and offer to use Pi-hole
if command -v pihole &>/dev/null; then
if (whiptail --backtitle "Setup PiVPN" --title "Pi-hole" --yesno "We have detected a Pi-hole installation, do you want to use it as the DNS server for the VPN, so you get ad blocking on the go?" ${r} ${c}); then
if [ "$VPN" = "WireGuard" ]; then
pivpnDEV="wg0"
elif [ "$VPN" = "OpenVPN" ]; then
pivpnDEV="tun0"
fi
pivpnDNS1="$IPv4addr"
echo "interface=$pivpnDNS" | $SUDO tee /etc/dnsmasq.d/02-pivpn.conf > /dev/null
$SUDO pihole restartdns
echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf
return
fi
fi
DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients (press space to select). To use your own, select Custom." ${r} ${c} 6) DNSChoseCmd=(whiptail --separate-output --radiolist "Select the DNS Provider for your VPN Clients (press space to select). To use your own, select Custom." ${r} ${c} 6)
DNSChooseOptions=(Google "" on DNSChooseOptions=(Google "" on
OpenDNS "" off OpenDNS "" off
@ -799,6 +831,7 @@ askClientDNS() {
exit 1 exit 1
fi fi
echo "USING_PIHOLE=${USING_PIHOLE}" >> /tmp/setupVars.conf
echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf
echo "pivpnDNS2=${pivpnDNS2}" >> /tmp/setupVars.conf echo "pivpnDNS2=${pivpnDNS2}" >> /tmp/setupVars.conf
} }
@ -1221,6 +1254,7 @@ installScripts(){
fi fi
FOLDER=$(tr '[:upper:]' '[:lower:]' <<< "$VPN") FOLDER=$(tr '[:upper:]' '[:lower:]' <<< "$VPN")
$SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/
$SUDO cp /etc/.pivpn/scripts/$FOLDER/*.sh /opt/pivpn/ $SUDO cp /etc/.pivpn/scripts/$FOLDER/*.sh /opt/pivpn/
$SUDO chmod 0755 /opt/pivpn/*.sh $SUDO chmod 0755 /opt/pivpn/*.sh
$SUDO cp /etc/.pivpn/scripts/$FOLDER/pivpn /usr/local/bin/pivpn $SUDO cp /etc/.pivpn/scripts/$FOLDER/pivpn /usr/local/bin/pivpn
@ -1344,6 +1378,8 @@ main(){
askUnattendedUpgrades askUnattendedUpgrades
confUnattendedUpgrades confUnattendedUpgrades
echo "TO_INSTALL=(${TO_INSTALL[*]})" >> /tmp/setupVars.conf
$SUDO cp /tmp/setupVars.conf "$setupVars" $SUDO cp /tmp/setupVars.conf "$setupVars"
installScripts installScripts

View file

@ -1,4 +1,4 @@
#/bin/bash #!/bin/bash
###Updates pivpn scripts (Not PiVPN) ###Updates pivpn scripts (Not PiVPN)
###Main Vars ###Main Vars

197
scripts/uninstall.sh Executable file
View file

@ -0,0 +1,197 @@
#!/usr/bin/env bash
# PiVPN: Uninstall Script
PKG_MANAGER="apt-get"
WG_SNAPSHOT="0.0.20191012"
setupVars="/etc/pivpn/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
fi
source "${setupVars}"
# Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo $screen_size | awk '{print $1}')
columns=$(echo $screen_size | awk '{print $2}')
# Divide by two so the dialogs take up half of the screen, which looks nice.
r=$(( rows / 2 ))
c=$(( columns / 2 ))
# Unless the screen is tiny
r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c ))
spinner(){
local pid=$1
local delay=0.50
local spinstr='/-\|'
while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do
local temp=${spinstr#?}
printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
printf "\b\b\b\b\b\b"
done
printf " \b\b\b\b"
}
removeAll(){
# Stopping and disabling services
echo "::: Stopping and disabling services..."
if [ "$VPN" = "WireGuard" ]; then
systemctl stop wg-quick@wg0
systemctl disable wg-quick@wg0 &> /dev/null
elif [ "$VPN" = "OpenVPN" ]; then
systemctl stop openvpn
systemctl disable openvpn &> /dev/null
fi
# Removing firewall rules.
echo "::: Removing firewall rules..."
if [ "$VPN" = "WireGuard" ]; then
pivpnDEV="wg0"
pivpnNET="10.6.0.0/24"
elif [ "$VPN" = "OpenVPN" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0/24"
fi
if [ "$USING_UFW" -eq 1 ]; then
ufw delete allow "${pivpnPORT}"/udp > /dev/null
ufw route delete allow in on "$pivpnDEV" from "$pivpnNET" out on "${IPv4dev}" to any > /dev/null
sed -z "s/*nat\n:POSTROUTING ACCEPT \[0:0\]\n-I POSTROUTING -s 10.6.0.0\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n\n//" -i /etc/ufw/before.rules
ufw reload &> /dev/null
elif [ "$USING_UFW" -eq 0 ]; then
if [ "$INPUT_CHAIN_EDITED" -eq 1 ]; then
iptables -D INPUT -i "${IPv4dev}" -p udp --dport "${pivpnPORT}" -j ACCEPT
fi
if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then
iptables -D FORWARD -d "$pivpnNET" -i "${IPv4dev}" -o "$pivpnDEV" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -s "$pivpnNET" -i "$pivpnDEV" -o "${IPv4dev}" -j ACCEPT
fi
iptables -t nat -D POSTROUTING -s "$pivpnNET" -o "${IPv4dev}" -j MASQUERADE
iptables-save > /etc/iptables/rules.v4
fi
# Disable IPv4 forwarding
sed -i '/net.ipv4.ip_forward=1/c\#net.ipv4.ip_forward=1' /etc/sysctl.conf
sysctl -p
# Purge dependencies
echo "::: Purge dependencies..."
for i in "${TO_INSTALL[@]}"; do
while true; do
read -rp "::: Do you wish to remove $i from your system? [Y/n]: " yn
case $yn in
[Yy]* ) if [ "${i}" = "wireguard" ]; then
if [ "$(uname -m)" = "armv7l" ] || [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
rm /etc/apt/sources.list.d/unstable.list
rm /etc/apt/preferences.d/limit-unstable
$PKG_MANAGER update &> /dev/null
fi
rm -rf /etc/wireguard
rm -rf $install_home/configs
elif [ "${i}" = "wireguard-dkms" ]; then
# If we installed wireguard-dkms and we are on armv6l, then we manually need
# to remove the kernel module and skip the apt uninstallation (since it's not an
# actual package)
if [ "$(uname -m)" = "armv6l" ]; then
dkms remove wireguard/"${WG_SNAPSHOT}" --all
rm -rf /usr/src/wireguard-*
break
fi
elif [ "${i}" = "dirmngr" ]; then
# If dirmngr was installed, then we had previously installed wireguard on armv7l
# so we remove the repository keys
apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null
elif [ "${i}" = "openvpn" ]; then
rm -rf /var/log/*openvpn*
rm -rf /etc/openvpn
rm -rf $install_home/ovpns
elif [ "${i}" = "unattended-upgrades" ]; then
rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
fi
printf ":::\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
break
;;
[Nn]* ) printf ":::\tSkipping %s\n" "$i";
break
;;
* ) printf "::: You must answer yes or no!\n";;
esac
done
done
# Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..."
$PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\n";
printf "::: Auto cleaning remaining dependencies..."
$PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\n";
echo ":::"
# Removing pivpn files
echo "::: Removing pivpn system files..."
if [ -f /etc/dnsmasq.d/02-pivpn.conf ]; then
rm /etc/dnsmasq.d/02-pivpn.conf
pihole restartdns
fi
rm -rf /opt/pivpn
rm -rf /etc/.pivpn
rm -rf /etc/pivpn
rm -rf /var/log/*pivpn*
rm /usr/local/bin/pivpn
rm /etc/bash_completion.d/pivpn
echo ":::"
printf "::: Finished removing PiVPN from your system.\n"
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n"
}
askreboot(){
printf "It is \e[1mstrongly\e[0m recommended to reboot after un-installation.\n"
read -p "Would you like to reboot now? [y/n]: " -n 1 -r
echo
if [[ ${REPLY} =~ ^[Yy]$ ]]; then
printf "\nRebooting system...\n"
sleep 3
shutdown -r now
fi
}
######### SCRIPT ###########
echo "::: Preparing to remove packages, be sure that each may be safely removed depending on your operating system."
echo "::: (SAFE TO REMOVE ALL ON RASPBIAN)"
while true; do
read -rp "::: Do you wish to completely remove PiVPN configuration and installed packages from your system? (You will be prompted for each package) [y/n]: " yn
case $yn in
[Yy]* ) removeAll; askreboot; break;;
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;;
esac
done

View file

@ -29,7 +29,7 @@ done
cd /etc/wireguard/configs cd /etc/wireguard/configs
if [ ! -s clients.txt ]; then if [ ! -s clients.txt ]; then
echo "::: There are no clients to remove" echo "::: There are no clients to show"
exit 1 exit 1
fi fi