From dda4d99f102dee7e789b243c94ee3d0938599b61 Mon Sep 17 00:00:00 2001 From: Giulio Coa Date: Tue, 9 Aug 2022 10:09:25 +0200 Subject: [PATCH] refactor: improve code style Improve the code style of some pieces of code --- auto_install/install.sh | 134 ++++++++++---------------------- scripts/openvpn/clientStat.sh | 4 +- scripts/openvpn/makeOVPN.sh | 6 +- scripts/openvpn/pivpnDebug.sh | 3 +- scripts/openvpn/removeOVPN.sh | 3 +- scripts/self_check.sh | 12 +-- scripts/uninstall.sh | 6 +- scripts/wireguard/pivpnDEBUG.sh | 3 +- scripts/wireguard/removeCONF.sh | 11 +-- 9 files changed, 54 insertions(+), 128 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 49a0a0f..1d1885b 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -32,8 +32,7 @@ PKG_MANAGER="apt-get" ### shellcheck SC2086 UPDATE_PKG_CACHE="${PKG_MANAGER} update -y" PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install" -PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | " -PKG_COUNT="${PKG_COUNT} grep -c ^Inst || true" +PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" CHECK_PKG_INSTALLED='dpkg-query -s' # Dependencies that are required by the script, @@ -53,9 +52,7 @@ INSTALLED_PACKAGES=() ######## URLs ######## easyrsaVer="3.1.0" -easyrsaRel="https://github.com/OpenVPN/easy-rsa" -easyrsaRel="${easyrsaRel}/releases/download/v${easyrsaVer}" -easyrsaRel="${easyrsaRel}/EasyRSA-${easyrsaVer}.tgz" +easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-${easyrsaVer}.tgz" ######## Undocumented Flags. Shhh ######## runUnattended=false @@ -722,10 +719,7 @@ preconfigurePackages() { fi ## download binaries - curl \ - -f \ - -L \ - -o "${down_dir}/master.tar.gz" \ + curl -fLo "${down_dir}/master.tar.gz" \ https://github.com/pivpn/grepcidr/archive/master.tar.gz tar -xzC "${down_dir}" -f "${down_dir}/master.tar.gz" @@ -1385,12 +1379,10 @@ chooseUser() { # Choose the user for the ovpns if [[ "${runUnattended}" == 'true' ]]; then if [[ -z "${install_user}" ]]; then - if [[ "$(awk \ - -F':' \ + if [[ "$(awk -F ':' \ 'BEGIN {count=0} $3>=1000 && $3<=60000 { count++ } END{ print count }' \ /etc/passwd)" -eq 1 ]]; then - install_user="$(awk \ - -F':' \ + install_user="$(awk -F ':' \ '$3>=1000 && $3<=60000 {print $1}' \ /etc/passwd)" echo -n "::: No user specified, but only ${install_user} is available, " @@ -1438,8 +1430,7 @@ chooseUser() { "${r}" \ "${c}" # First, let's check if there is a user available. - numUsers="$(awk \ - -F':' \ + numUsers="$(awk -F ':' \ 'BEGIN {count=0} $3>=1000 && $3<=60000 { count++ } END{ print count }' \ /etc/passwd)" @@ -1562,8 +1553,7 @@ updateRepo() { # Go back to /usr/local/src otherwise git will complain when the current # working directory has just been deleted (/usr/local/src/pivpn). cd /usr/local/src \ - && ${SUDO} git clone \ - -q \ + && ${SUDO} git clone -q \ --depth 1 \ --no-single-branch \ "${2}" \ @@ -1600,8 +1590,7 @@ makeRepo() { # Go back to /usr/local/src otherwhise git will complain when the current # working directory has just been deleted (/usr/local/src/pivpn). cd /usr/local/src \ - && ${SUDO} git clone \ - -q \ + && ${SUDO} git clone -q \ --depth 1 \ --no-single-branch \ "${2}" \ @@ -2761,14 +2750,12 @@ confOpenVPN() { ${SUDOE} cp vars.example pki/vars # Set elliptic curve certificate or traditional rsa certificates - ${SUDOE} sed \ - -i \ + ${SUDOE} sed -i \ "s/#set_var EASYRSA_ALGO.*/set_var EASYRSA_ALGO ${pivpnCERT}/" \ pki/vars # Set expiration for the CRL to 10 years - ${SUDOE} sed \ - -i \ + ${SUDOE} sed -i \ 's/#set_var EASYRSA_CRL_DAYS.*/set_var EASYRSA_CRL_DAYS 3650/' \ pki/vars @@ -2776,10 +2763,7 @@ confOpenVPN() { # Set custom key size if different from the default sed_pattern="s/#set_var EASYRSA_KEY_SIZE.*/" sed_pattern="${sed_pattern} set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}/" - ${SUDOE} sed \ - -i \ - "${sed_pattern}" \ - pki/vars + ${SUDOE} sed -i "${sed_pattern}" pki/vars else # If less than 2048, then it must be 521 or lower, # which means elliptic curve certificate was selected. @@ -2791,10 +2775,7 @@ confOpenVPN() { sed_pattern="s/#set_var EASYRSA_CURVE.*/" sed_pattern="${sed_pattern} set_var EASYRSA_CURVE" sed_pattern="${sed_pattern} ${ECDSA_MAP["${pivpnENCRYPT}"]}/" - ${SUDOE} sed \ - -i \ - "${sed_pattern}" \ - pki/vars + ${SUDOE} sed -i "${sed_pattern}" pki/vars fi # Build the certificate authority @@ -2843,9 +2824,7 @@ and HMAC key will now be generated." \ file_pattern="${pivpnFilesDir}/files/etc/openvpn" file_pattern="${file_pattern}/easy-rsa/pki/ffdhe${pivpnENCRYPT}.pem" # Use Diffie-Hellman parameters from RFC 7919 (FFDHE) - ${SUDOE} install \ - -m 644 \ - "${file_pattern}" \ + ${SUDOE} install -m 644 "${file_pattern}" \ "pki/dh${pivpnENCRYPT}.pem" else # Generate Diffie-Hellman key exchange @@ -2863,9 +2842,7 @@ and HMAC key will now be generated." \ if ! getent passwd "${ovpnUserGroup%:*}"; then if [[ "${PLAT}" == 'Alpine' ]]; then - ${SUDOE} adduser \ - -S \ - -D \ + ${SUDOE} adduser -SD \ -h /var/lib/openvpn/ \ -s /sbin/nologin \ "${ovpnUserGroup%:*}" @@ -2881,29 +2858,25 @@ and HMAC key will now be generated." \ ${SUDOE} chown "${ovpnUserGroup}" /etc/openvpn/crl.pem # Write config file for server using the template.txt file - ${SUDO} install \ - -m 644 \ + ${SUDO} install -m 644 \ "${pivpnFilesDir}/files/etc/openvpn/server_config.txt" \ /etc/openvpn/server.conf # Apply client DNS settings - ${SUDOE} sed \ - -i \ + ${SUDOE} sed -i \ "0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1${pivpnDNS1}\"/" \ /etc/openvpn/server.conf if [[ -z "${pivpnDNS2}" ]]; then ${SUDOE} sed -i '/\(dhcp-option DNS \)/{n;N;d}' /etc/openvpn/server.conf else - ${SUDOE} sed \ - -i \ + ${SUDOE} sed -i \ "0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1${pivpnDNS2}\"/" \ /etc/openvpn/server.conf fi # Set the user encryption key size - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s#\\(dh /etc/openvpn/easy-rsa/pki/dh\\).*#\\1${pivpnENCRYPT}.pem#" \ /etc/openvpn/server.conf @@ -2923,14 +2896,12 @@ and HMAC key will now be generated." \ sed_pattern="s/\(dh \/etc\/openvpn\/easy-rsa\/pki\/dh\).*/dh" sed_pattern="${sed_pattern} none\necdh-curve" sed_pattern="${sed_pattern} ${ECDSA_MAP["${pivpnENCRYPT}"]}/" - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "${sed_pattern}" \ /etc/openvpn/server.conf elif [[ "${pivpnCERT}" == "rsa" ]]; then # Otherwise set the user encryption key size - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s#\\(dh /etc/openvpn/easy-rsa/pki/dh\\).*#\\1${pivpnENCRYPT}.pem#" \ /etc/openvpn/server.conf fi @@ -2942,8 +2913,7 @@ and HMAC key will now be generated." \ # if they modified VPN subnet class put value in server.conf if [[ "$(cidrToMask "${subnetClass}")" != "255.255.255.0" ]]; then - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s/255.255.255.0/$(cidrToMask "${subnetClass}")/g" \ /etc/openvpn/server.conf fi @@ -2962,19 +2932,16 @@ and HMAC key will now be generated." \ sed_pattern="0,/\\(.*dhcp-option.*\\)/" sed_pattern="${sed_pattern}s//push \"dhcp-option " sed_pattern="${sed_pattern}DOMAIN ${pivpnSEARCHDOMAIN}\" \\n&/" - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "${sed_pattern}" \ /etc/openvpn/server.conf fi # write out server certs to conf file - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s#\\(key /etc/openvpn/easy-rsa/pki/private/\\).*#\\1${SERVER_NAME}.key#" \ /etc/openvpn/server.conf - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s#\\(cert /etc/openvpn/easy-rsa/pki/issued/\\).*#\\1${SERVER_NAME}.crt#" \ /etc/openvpn/server.conf @@ -2982,9 +2949,7 @@ and HMAC key will now be generated." \ # "/etc/openvpn/openvpn.conf". # To avoid crash thorugh OpenRC, we symlink this file. if [[ "${PLAT}" == 'Alpine' ]]; then - ${SUDO} ln -s \ - -f \ - -T \ + ${SUDO} ln -sfT \ /etc/openvpn/server.conf \ /etc/openvpn/openvpn.conf \ > /dev/null @@ -2992,42 +2957,36 @@ and HMAC key will now be generated." \ } confOVPN() { - ${SUDO} install \ - -m 644 \ + ${SUDO} install -m 644 \ "${pivpnFilesDir}/files/etc/openvpn/easy-rsa/pki/Default.txt" \ /etc/openvpn/easy-rsa/pki/Default.txt - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s/IPv4pub/${pivpnHOST}/" \ /etc/openvpn/easy-rsa/pki/Default.txt # if they modified port put value in Default.txt for clients to use if [[ "${pivpnPORT}" -ne 1194 ]]; then - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s/1194/${pivpnPORT}/g" \ /etc/openvpn/easy-rsa/pki/Default.txt fi # if they modified protocol put value in Default.txt for clients to use if [[ "${pivpnPROTO}" != "udp" ]]; then - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s/proto udp/proto tcp/g" \ /etc/openvpn/easy-rsa/pki/Default.txt fi # verify server name to strengthen security - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "s/SRVRNAME/${SERVER_NAME}/" \ /etc/openvpn/easy-rsa/pki/Default.txt if [[ "${pivpnTLSPROT}" == "tls-crypt" ]]; then # If they enabled 2.4 remove key-direction options since it's not required - ${SUDO} sed \ - -i \ + ${SUDO} sed -i \ "/key-direction 1/d" \ /etc/openvpn/easy-rsa/pki/Default.txt fi @@ -3038,8 +2997,7 @@ confWireGuard() { # Ubuntu 20.04 if [[ "${PLAT}" == 'Alpine' ]]; then echo '::: Adding wg-quick unit' - ${SUDO} install \ - -m 0755 \ + ${SUDO} install -m 0755 \ "${pivpnFilesDir}/files/etc/init.d/wg-quick" \ /etc/init.d/wg-quick else @@ -3049,9 +3007,7 @@ confWireGuard() { wireguard_service_path="${wireguard_service_path}/wg-quick@.service.d" wireguard_service_path="${wireguard_service_path}/override.conf" echo "::: Adding additional reload job type for wg-quick unit" - ${SUDO} install \ - -D \ - -m 644 \ + ${SUDO} install -Dm 644 \ "${wireguard_service_path}" \ /etc/systemd/system/wg-quick@.service.d/override.conf ${SUDO} systemctl daemon-reload @@ -3562,8 +3518,7 @@ confUnattendedUpgrades() { # https://github.com/mvo5/unattended-upgrades/blob/master/data/50unattended-upgrades.Raspbian # Add the remaining settings for all other distributions if [[ "${PLAT}" == "Raspbian" ]]; then - ${SUDO} install \ - -m 644 \ + ${SUDO} install -m 644 \ "${pivpnFilesDir}/files${aptConfDir}/50unattended-upgrades.Raspbian" \ "${aptConfDir}/50unattended-upgrades" fi @@ -3594,9 +3549,7 @@ confUnattendedUpgrades() { # when installing from debian package if [[ "${VPN}" == "wireguard" ]]; then if [[ -f /etc/apt/sources.list.d/pivpn-bullseye-repo.list ]]; then - if ! grep \ - -q \ - "\"o=${PLAT},n=bullseye\";" \ + if ! grep -q "\"o=${PLAT},n=bullseye\";" \ "${aptConfDir}/50unattended-upgrades"; then local sed_pattern sed_pattern=" {/a\"o=${PLAT},n=bullseye\";" @@ -3617,10 +3570,7 @@ confUnattendedUpgrades() { fi ## download binaries - curl \ - -f \ - -L \ - -o "${down_dir}/master.zip" \ + curl -fLo "${down_dir}/master.zip" \ https://github.com/jirutka/apk-autoupdate/archive/refs/heads/master.zip unzip -qd "${down_dir}" "${down_dir}/master.zip" @@ -3639,8 +3589,7 @@ confUnattendedUpgrades() { fi ) || exit 1 - ${SUDO} install \ - -m 0755 \ + ${SUDO} install -m 0755 \ "${pivpnFilesDir}/files/etc/apk/personal_autoupdate.conf" \ /etc/apk/personal_autoupdate.conf ${SUDO} apk-autoupdate /etc/apk/personal_autoupdate.conf @@ -3683,15 +3632,10 @@ installScripts() { # Only one protocol is installed, symlink bash completion, the pivpn script # and the script directory - ${SUDO} ln -s \ - -f \ - -T \ + ${SUDO} ln -sfT \ "${pivpnFilesDir}/scripts/${VPN}/bash-completion" \ /etc/bash_completion.d/pivpn - ${SUDO} ln \ - -s \ - -f \ - -T \ + ${SUDO} ln -sfT \ "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" \ /usr/local/bin/pivpn ${SUDO} ln -sf "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}" diff --git a/scripts/openvpn/clientStat.sh b/scripts/openvpn/clientStat.sh index c810d79..b2da6f8 100755 --- a/scripts/openvpn/clientStat.sh +++ b/scripts/openvpn/clientStat.sh @@ -58,9 +58,7 @@ listClients() { printf "- %s\n" "${array[9]}" done < "${STATUS_LOG}" else - awk \ - -F' ' \ - -v s='CLIENT_LIST' \ + awk -F ' ' -v s='CLIENT_LIST' \ '$1 == s { print $2"\t\t"$3"\t"$4"\t"$5"\t\t"$6"\t\t"$8" "$9" "$11" - "$10"\n" }' \ diff --git a/scripts/openvpn/makeOVPN.sh b/scripts/openvpn/makeOVPN.sh index 2d3a1a9..2e5d209 100755 --- a/scripts/openvpn/makeOVPN.sh +++ b/scripts/openvpn/makeOVPN.sh @@ -443,8 +443,7 @@ echo "tls Private Key found: ${TA}" # Next append the client Public Cert echo "" - sed \ - -n \ + sed -n \ -e '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \ < "issued/${NAME}${CRT}" echo "" @@ -517,8 +516,7 @@ for i in {2..254}; do # disabling SC2514, variable sourced externaly # shellcheck disable=SC2154 if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] \ - || ! find /etc/openvpn/ccd \ - -type f \ + || ! find /etc/openvpn/ccd -type f \ -exec grep -q "${NET_REDUCED}.${i}" {} +; then COUNT="${i}" echo -n "ifconfig-push ${NET_REDUCED}.${i}" >> /etc/openvpn/ccd/"${NAME}" diff --git a/scripts/openvpn/pivpnDebug.sh b/scripts/openvpn/pivpnDebug.sh index 0df047c..bff2b8f 100755 --- a/scripts/openvpn/pivpnDebug.sh +++ b/scripts/openvpn/pivpnDebug.sh @@ -22,8 +22,7 @@ echo -n "Branch: " git --git-dir /usr/local/src/pivpn/.git rev-parse --abbrev-ref HEAD git \ - --git-dir /usr/local/src/pivpn/.git log \ - -n 1 \ + --git-dir /usr/local/src/pivpn/.git log -n 1 \ --format='Commit: %H%nAuthor: %an%nDate: %ad%nSummary: %s' printf "=============================================\n" diff --git a/scripts/openvpn/removeOVPN.sh b/scripts/openvpn/removeOVPN.sh index bc523c6..168a53b 100755 --- a/scripts/openvpn/removeOVPN.sh +++ b/scripts/openvpn/removeOVPN.sh @@ -181,8 +181,7 @@ for ((ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do if [[ -f /etc/pivpn/hosts.openvpn ]]; then sed \ -e "\#${STATIC_IP} ${CERTS_TO_REVOKE[ii]}.pivpn#d" \ - -i \ - /etc/pivpn/hosts.openvpn + -i /etc/pivpn/hosts.openvpn if killall -SIGHUP pihole-FTL; then echo "::: Updated hosts file for Pi-hole" diff --git a/scripts/self_check.sh b/scripts/self_check.sh index 218b502..6b0ed1f 100755 --- a/scripts/self_check.sh +++ b/scripts/self_check.sh @@ -37,8 +37,7 @@ if [[ "$(< /proc/sys/net/ipv4/ip_forward)" -eq 1 ]]; then echo ":: [OK] IP forwarding is enabled" else ERR=1 - read \ - -r \ + read -r \ -p ":: [ERR] IP forwarding is not enabled, attempt fix now? [Y/n] " \ REPLY @@ -98,8 +97,7 @@ if [[ "${USING_UFW}" -eq 0 ]]; then echo ":: [OK] Iptables INPUT rule set" else ERR=1 - read \ - -r \ + read -r \ -p ":: [ERR] Iptables INPUT rule is not set, attempt fix now? [Y/n] " \ REPLY @@ -219,8 +217,7 @@ else echo ":: [OK] Ufw input rule set" else ERR=1 - read \ - -r \ + read -r \ -p ":: [ERR] Ufw input rule is not set, attempt fix now? [Y/n] " \ REPLY @@ -240,8 +237,7 @@ else echo ":: [OK] Ufw forwarding rule set" else ERR=1 - read \ - -r \ + read -r \ -p ":: [ERR] Ufw forwarding rule is not set, attempt fix now? [Y/n] " \ REPLY diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 824556a..9acec1b 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -358,13 +358,11 @@ removeAll() { ${SUDO} unlink /usr/local/bin/pivpn ${SUDO} ln \ - -s \ - -T "${pivpnFilesDir}/scripts/${othervpn}/pivpn.sh" \ + -sT "${pivpnFilesDir}/scripts/${othervpn}/pivpn.sh" \ /usr/local/bin/pivpn ${SUDO} ln \ - -s \ - -T "${pivpnFilesDir}/scripts/${othervpn}/bash-completion" \ + -sT "${pivpnFilesDir}/scripts/${othervpn}/bash-completion" \ /etc/bash_completion.d/pivpn # shellcheck disable=SC1091 diff --git a/scripts/wireguard/pivpnDEBUG.sh b/scripts/wireguard/pivpnDEBUG.sh index 2ecc011..28e44f3 100755 --- a/scripts/wireguard/pivpnDEBUG.sh +++ b/scripts/wireguard/pivpnDEBUG.sh @@ -22,8 +22,7 @@ echo -n "Branch: " git --git-dir /usr/local/src/pivpn/.git rev-parse --abbrev-ref HEAD git \ - --git-dir /usr/local/src/pivpn/.git log \ - -n 1 \ + --git-dir /usr/local/src/pivpn/.git log -n 1 \ --format='Commit: %H%nAuthor: %an%nDate: %ad%nSummary: %s' printf "=============================================\n" diff --git a/scripts/wireguard/removeCONF.sh b/scripts/wireguard/removeCONF.sh index c10b10c..50c2492 100755 --- a/scripts/wireguard/removeCONF.sh +++ b/scripts/wireguard/removeCONF.sh @@ -109,8 +109,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do # Then remove the client matching the variables above sed \ -e "\#${CLIENT_NAME} ${PUBLIC_KEY} ${CREATION_DATE} ${COUNT}#d" \ - -i \ - configs/clients.txt + -i configs/clients.txt # Remove the peer section from the server config sed_pattern="/### begin ${CLIENT_NAME} ###/," @@ -136,10 +135,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do rm "${CONFIG}" fi done < <(find "${install_home}" \ - -maxdepth 3 \ - -type f \ - -name '*.conf' \ - -print0) + -maxdepth 3 -type f -name '*.conf' -print0) ((DELETED_COUNT++)) echo "::: Successfully deleted ${CLIENT_NAME}" @@ -152,8 +148,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do sed \ -e "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" \ -e "\#${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn#d" \ - -i \ - /etc/pivpn/hosts.wireguard + -i /etc/pivpn/hosts.wireguard if killall -SIGHUP pihole-FTL; then echo "::: Updated hosts file for Pi-hole"