Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-10-18 13:43:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

Resolves #19 - Implement unattended-upgrade option for users

Browse source
This commit is contained in:
Kaladin Light 2016-05-03 10:32:17 -04:00
parent 6956fcb99b
commit bf81405d6c
2 changed files with 48 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
auto_install/install.sh
View file

@ -297,6 +297,17 @@ installScripts() {
$SUDO echo " done." $SUDO echo " done."
} }
unattendedUpgrades() {
whiptail --msgbox --backtitle "Security Updates" --title "Unattended Upgrades" "Since this server will have at least one port open to the internet, it is recommended you enable unattended-upgrades.\n This feature will check daily for security package updates only and apply them when necessary.
It will NOT automatically reboot the server so to fully apply some updates you should periodically reboot." $r $c
if (whiptail --backtitle "Security Updates" --title "Unattended Upgrades" --yesno "Do you want to enable unattended upgrades of security patches to this server?" $r $c) then
UNATTUPG="unattended-upgrades"
else
UNATTUPG=""
fi
}
stopServices() { stopServices() {
# Stop openvpn # Stop openvpn
$SUDO echo ":::" $SUDO echo ":::"
@ -343,7 +354,7 @@ checkForDependencies() {
echo ":::" echo ":::"
echo "::: Checking dependencies:" echo "::: Checking dependencies:"
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect ) dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect $UNATTUPG )
for i in "${dependencies[@]}"; do for i in "${dependencies[@]}"; do
echo -n "::: Checking for $i..." echo -n "::: Checking for $i..."
if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
@ -353,7 +364,7 @@ checkForDependencies() {
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | $SUDO debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean false | $SUDO debconf-set-selections
fi fi
if [[ $i -eq "expect" ]]; then if [[ $i = "expect" ]] || [[ $i = "unattended-upgrades" ]]; then
$SUDO apt-get -y -qq --no-install-recommends install "$i" > /dev/null & spinner $! $SUDO apt-get -y -qq --no-install-recommends install "$i" > /dev/null & spinner $!
else else
$SUDO apt-get -y -qq install "$i" > /dev/null & spinner $! $SUDO apt-get -y -qq install "$i" > /dev/null & spinner $!
@ -680,6 +691,32 @@ confOpenVPN() {
$SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf $SUDO sed -i "s/\(cert \/etc\/openvpn\/easy-rsa\/keys\/\).*/\1${SERVER_NAME}.crt/" /etc/openvpn/server.conf
} }
confUnattendedUpgrades() {
if [[ $UNATTUPG == "unattended-upgrades" ]]; then
if [[ $PLAT == "ubuntu" ]]; then
# Ubuntu 50unattended-upgrades should already just have security enabled
# so we just need to configure the 10periodic file
cat << EOT | $SUDO tee /etc/apt/apt.conf.d/10periodic >/dev/null
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
EOT
else
$SUDO sed -i '/\(o=Raspbian,n=jessie\)/c\"o=Raspbian,n=jessie,l=Raspbian-Security";\' /etc/apt/apt.conf.d/50unattended-upgrades
cat << EOT | $SUDO tee /etc/apt/apt.conf.d/02periodic >/dev/null
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Verbose "0";
EOT
fi
fi
}
confNetwork() { confNetwork() {
# Enable forwarding of internet traffic # Enable forwarding of internet traffic
$SUDO sed -i '/net.ipv4.ip_forward=1/s/^#//g' /etc/sysctl.conf $SUDO sed -i '/net.ipv4.ip_forward=1/s/^#//g' /etc/sysctl.conf
@ -797,6 +834,9 @@ fi
# Choose the user for the ovpns # Choose the user for the ovpns
chooseUser chooseUser
# Ask if unattended-upgrades will be enabled
unattendedUpgrades
# Install and log everything to a file # Install and log everything to a file
installPiVPN installPiVPN

7
scripts/uninstall.sh
View file

@ -44,7 +44,7 @@ spinner()
function removeAll { function removeAll {
# Purge dependencies # Purge dependencies
echo ":::" echo ":::"
dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect ) dependencies=( openvpn easy-rsa git iptables-persistent dnsutils expect unattended-upgrades )
for i in "${dependencies[@]}"; do for i in "${dependencies[@]}"; do
if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
while true; do while true; do
@ -52,6 +52,7 @@ echo ":::"
case $yn in case $yn in
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n";
if [ "$i" == "openvpn" ]; then UINST_OVPN=1 ; fi if [ "$i" == "openvpn" ]; then UINST_OVPN=1 ; fi
if [ "$i" == "unattended-upgrades" ]; then UINST_UNATTUPG=1 ; fi
break;; break;;
[Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;; [Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;;
* ) printf "::: You must answer yes or no!\n";; * ) printf "::: You must answer yes or no!\n";;
@ -81,6 +82,10 @@ echo ":::"
if [[ $UINST_OVPN = 1 ]]; then if [[ $UINST_OVPN = 1 ]]; then
$SUDO rm -rf /etc/openvpn &> /dev/null $SUDO rm -rf /etc/openvpn &> /dev/null
fi fi
if [[ $UINST_UNATTUPG = 1 ]]; then
$SUDO rm -rf /var/log/unattended-upgrades
$SUDO rm -rf /etc/apt/apt.conf.d/*periodic
fi
$SUDO rm /usr/local/bin/pivpn &> /dev/null $SUDO rm /usr/local/bin/pivpn &> /dev/null
$SUDO rm /etc/bash_completion.d/pivpn $SUDO rm /etc/bash_completion.d/pivpn