Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2025-03-23 16:54:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #877 from corbolais/debian-ownership

Browse source 
debian openvpn has dedicated user and group, so rather use those than…
This commit is contained in:
Orazio 2019-12-10 14:49:23 +01:00 committed by GitHub
commit 8936dd2b08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
auto_install/install.sh
View file

@ -14,6 +14,8 @@
setupVars=/etc/pivpn/setupVars.conf setupVars=/etc/pivpn/setupVars.conf
pivpnFilesDir="/etc/.pivpn" pivpnFilesDir="/etc/.pivpn"
debianOvpnUserGroup="openvpn:openvpn"
### PKG Vars ### ### PKG Vars ###
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
PKG_CACHE="/var/lib/apt/lists/" PKG_CACHE="/var/lib/apt/lists/"
@ -1299,7 +1301,10 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
# Generate an empty Certificate Revocation List # Generate an empty Certificate Revocation List
${SUDOE} ./easyrsa gen-crl ${SUDOE} ./easyrsa gen-crl
${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem if ! getent passwd openvpn; then
${SUDOE} adduser --system --home /var/lib/openvpn/ --no-create-home --group --disabled-login ${debianOvpnUserGroup%:*}
fi
${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
# Write config file for server using the template.txt file # Write config file for server using the template.txt file
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf $SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf

59
scripts/uninstall.sh
View file

@ -1,6 +1,9 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# PiVPN: Uninstall Script # PiVPN: Uninstall Script
### FIXME: global: config storage, refactor all scripts to adhere to the storage
### FIXME: use variables where appropriate, reduce magic numbers by 99.9%, at least.
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
@ -9,12 +12,13 @@ if [ ! -f "${setupVars}" ]; then
exit 1 exit 1
fi fi
# shellcheck disable=SC1090
source "${setupVars}" source "${setupVars}"
# Find the rows and columns. Will default to 80x24 if it can not be detected. # Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80) screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo $screen_size | awk '{print $1}') rows=$(echo "$screen_size" | awk '{print $1}')
columns=$(echo $screen_size | awk '{print $2}') columns=$(echo "$screen_size" | awk '{print $2}')
# Divide by two so the dialogs take up half of the screen, which looks nice. # Divide by two so the dialogs take up half of the screen, which looks nice.
r=$(( rows / 2 )) r=$(( rows / 2 ))
@ -23,18 +27,19 @@ c=$(( columns / 2 ))
r=$(( r < 20 ? 20 : r )) r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c )) c=$(( c < 70 ? 70 : c ))
### FIXME: introduce global lib
spinner(){ spinner(){
local pid=$1 local pid=$1
local delay=0.50 local delay=0.50
local spinstr='/-\|' local spinstr='/-\|'
while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do while ps a | awk '{print $1}' | grep "$pid"; do
local temp=${spinstr#?} local temp=${spinstr#?}
printf " [%c] " "$spinstr" printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"} local spinstr=$temp${spinstr%"$temp"}
sleep $delay sleep $delay
printf "\b\b\b\b\b\b" printf "\\b\\b\\b\\b\\b\\b"
done done
printf " \b\b\b\b" printf " \\b\\b\\b\\b"
} }
removeAll(){ removeAll(){
@ -52,6 +57,7 @@ removeAll(){
# Removing firewall rules. # Removing firewall rules.
echo "::: Removing firewall rules..." echo "::: Removing firewall rules..."
### FIXME: introduce global config space!
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
pivpnPROTO="udp" pivpnPROTO="udp"
pivpnDEV="wg0" pivpnDEV="wg0"
@ -63,9 +69,11 @@ removeAll(){
if [ "$USING_UFW" -eq 1 ]; then if [ "$USING_UFW" -eq 1 ]; then
### FIXME: SC2154
ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null
### FIXME: SC2154
ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any > /dev/null ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any > /dev/null
sed -z "s/*nat\n:POSTROUTING ACCEPT \[0:0\]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n\n//" -i /etc/ufw/before.rules sed -z "s/*nat\\n:POSTROUTING ACCEPT \\[0:0\\]\\n-I POSTROUTING -s ${pivpnNET}\\/24 -o ${IPv4dev} -j MASQUERADE\\nCOMMIT\\n\\n//" -i /etc/ufw/before.rules
iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE
ufw reload &> /dev/null ufw reload &> /dev/null
@ -100,6 +108,7 @@ removeAll(){
# On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian # On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian
# there is no wireguard package). On Ubuntu, remove the PPA. # there is no wireguard package). On Ubuntu, remove the PPA.
### FIXME: unconditionally rm'ing unstable.list isn't a good idea, it appears. What if someone else put it there manually?
if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then
rm /etc/apt/sources.list.d/unstable.list rm /etc/apt/sources.list.d/unstable.list
rm /etc/apt/preferences.d/limit-unstable rm /etc/apt/preferences.d/limit-unstable
@ -126,27 +135,30 @@ removeAll(){
elif [ "${i}" = "unattended-upgrades" ]; then elif [ "${i}" = "unattended-upgrades" ]; then
### REALLY???
rm -rf /var/log/unattended-upgrades rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
elif [ "${i}" = "openvpn" ]; then
deluser openvpn
fi fi
printf ":::\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; printf ":::\\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\\n";
break break
;; ;;
[Nn]* ) printf ":::\tSkipping %s\n" "$i"; [Nn]* ) printf ":::\\tSkipping %s\\n" "$i";
break break
;; ;;
* ) printf "::: You must answer yes or no!\n";; * ) printf "::: You must answer yes or no!\\n";;
esac esac
done done
done done
# Take care of any additional package cleaning # Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..." printf "::: Auto removing remaining dependencies..."
$PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\n"; $PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\\n";
printf "::: Auto cleaning remaining dependencies..." printf "::: Auto cleaning remaining dependencies..."
$PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\n"; $PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\\n";
echo ":::" echo ":::"
# Removing pivpn files # Removing pivpn files
@ -160,7 +172,7 @@ removeAll(){
rm -rf /opt/pivpn rm -rf /opt/pivpn
rm -rf /etc/.pivpn rm -rf /etc/.pivpn
rm -rf /etc/pivpn rm -rf /etc/pivpn
rm -rf /var/log/*pivpn* rm -f /var/log/*pivpn*
rm -f /usr/local/bin/pivpn rm -f /usr/local/bin/pivpn
rm -f /etc/bash_completion.d/pivpn rm -f /etc/bash_completion.d/pivpn
@ -169,28 +181,29 @@ removeAll(){
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
rm -f /etc/wireguard/wg0.conf rm -f /etc/wireguard/wg0.conf
rm -rf /etc/wireguard/configs rm -f /etc/wireguard/configs
rm -rf /etc/wireguard/keys rm -f /etc/wireguard/keys
rm -rf $install_home/configs ### FIXME SC2154
rm -f "$install_home/configs"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
rm -rf /var/log/*openvpn* rm -f /var/log/*openvpn*
rm -f /etc/openvpn/server.conf rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem rm -f /etc/openvpn/crl.pem
rm -rf /etc/openvpn/easy-rsa rm -f /etc/openvpn/easy-rsa
rm -rf $install_home/ovpns rm -f "$install_home/ovpns"
fi fi
echo ":::" echo ":::"
printf "::: Finished removing PiVPN from your system.\n" printf "::: Finished removing PiVPN from your system.\\n"
printf "::: Reinstall by simpling running\n:::\n:::\tcurl -L https://install.pivpn.io | bash\n:::\n::: at any time!\n:::\n" printf "::: Reinstall by simpling running\\n:::\\n:::\\tcurl -L https://install.pivpn.io | bash\\n:::\\n::: at any time!\\n:::\\n"
} }
askreboot(){ askreboot(){
printf "It is \e[1mstrongly\e[0m recommended to reboot after un-installation.\n" printf "It is \\e[1mstrongly\\e[0m recommended to reboot after un-installation.\\n"
read -p "Would you like to reboot now? [y/n]: " -n 1 -r read -p "Would you like to reboot now? [y/n]: " -n 1 -r
echo echo
if [[ ${REPLY} =~ ^[Yy]$ ]]; then if [[ ${REPLY} =~ ^[Yy]$ ]]; then
printf "\nRebooting system...\n" printf "\\nRebooting system...\\n"
sleep 3 sleep 3
shutdown -r now shutdown -r now
fi fi
@ -204,6 +217,6 @@ while true; do
case $yn in case $yn in
[Yy]* ) removeAll; askreboot; break;; [Yy]* ) removeAll; askreboot; break;;
[Nn]* ) printf "::: Not removing anything, exiting...\n"; break;; [Nn]* ) printf "::: Not removing anything, exiting...\\n"; break;;
esac esac
done done