From e09f3a04bdde3c5a2b34aaf096a8d28e29782a8a Mon Sep 17 00:00:00 2001 From: Giulio Coa Date: Fri, 5 Aug 2022 23:11:22 +0200 Subject: [PATCH] fix(installer): fix some code style errors Fix some code style error about the pipelines --- auto_install/install.sh | 465 ++++++++++++++++---------------- ciscripts/startup.sh | 16 +- scripts/backup.sh | 4 +- scripts/openvpn/bash-completion | 4 +- scripts/openvpn/listOVPN.sh | 8 +- scripts/openvpn/makeOVPN.sh | 54 ++-- scripts/openvpn/pivpnDebug.sh | 8 +- scripts/openvpn/removeOVPN.sh | 6 +- scripts/self_check.sh | 12 +- scripts/uninstall.sh | 8 +- scripts/update.sh | 4 +- scripts/wireguard/clientSTAT.sh | 4 +- scripts/wireguard/makeCONF.sh | 24 +- scripts/wireguard/removeCONF.sh | 8 +- 14 files changed, 316 insertions(+), 309 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 3e96b0d..e2a66da 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -139,13 +139,13 @@ main() { echo "::: Forced IPv6 config, skipping IPv6 uplink check!" pivpnenableipv6=1 else - if [[ -z "${pivpnenableipv6}" ]] || - [[ "${pivpnenableipv6}" -eq 1 ]]; then + if [[ -z "${pivpnenableipv6}" ]] \ + || [[ "${pivpnenableipv6}" -eq 1 ]]; then checkipv6uplink fi - if [[ "${pivpnenableipv6}" -eq 0 ]] && - [[ "${pivpnforceipv6route}" -eq 1 ]]; then + if [[ "${pivpnenableipv6}" -eq 0 ]] \ + && [[ "${pivpnforceipv6route}" -eq 1 ]]; then askforcedipv6route fi fi @@ -155,8 +155,8 @@ main() { if checkStaticIpSupported; then getStaticIPv4Settings - if [[ -z "${dhcpReserv}" ]] || - [[ "${dhcpReserv}" -ne 1 ]]; then + if [[ -z "${dhcpReserv}" ]] \ + || [[ "${dhcpReserv}" -ne 1 ]]; then setStaticIPv4 fi else @@ -294,8 +294,8 @@ checkExistingInstall() { fi fi - if [[ -z "${UpdateCmd}" ]] || - [[ "${UpdateCmd}" == "Reconfigure" ]]; then + if [[ -z "${UpdateCmd}" ]] \ + || [[ "${UpdateCmd}" == "Reconfigure" ]]; then : elif [[ "${UpdateCmd}" == "Update" ]]; then ${SUDO} "${pivpnScriptDir}/update.sh" "$@" @@ -328,8 +328,8 @@ Please choose from the following options \ "${opt1a}" "${opt1b}" \ "${opt2a}" "${opt2b}" \ "${opt3a}" "${opt3b}" \ - 3>&2 2>&1 1>&3)" || - { + 3>&2 2>&1 1>&3)" \ + || { err "::: Cancel selected. Exiting" exit 1 } @@ -447,8 +447,8 @@ checkHostname() { exit 1 fi - until [[ "${#host_name}" -le 28 ]] && - [[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; do + until [[ "${#host_name}" -le 28 ]] \ + && [[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; do host_name="$(whiptail \ --title "Hostname too long" \ --inputbox "Your hostname is too long. @@ -457,8 +457,8 @@ No special characters allowed." "${r}" "${c}" \ 3>&1 1>&2 2>&3)" ${SUDO} hostnamectl set-hostname "${host_name}" - if [[ "${#host_name}" -le 28 ]] && - [[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; then + if [[ "${#host_name}" -le 28 ]] \ + && [[ "${host_name}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$ ]]; then echo "::: Hostname valid and length OK, proceeding..." fi done @@ -489,9 +489,9 @@ verifyFreeDiskSpace() { echo "::: Verifying free disk space..." local required_free_kilobytes=76800 local existing_free_kilobytes - existing_free_kilobytes="$(df -Pk | - grep -m1 '\/$' | - awk '{print $4}')" + existing_free_kilobytes="$(df -Pk \ + | grep -m1 '\/$' \ + | awk '{print $4}')" # - Unknown free disk space , not a integer if [[ ! "${existing_free_kilobytes}" =~ ^([0-9])+$ ]]; then @@ -563,12 +563,12 @@ preconfigurePackages() { # Install packages used by this installation script # If apt is older than 1.5 we need to install an additional package to add # support for https repositories that will be used later on - if [[ "${PKG_MANAGER}" == 'apt-get' ]] && - [[ -f /etc/apt/sources.list ]]; then - INSTALLED_APT="$(apt-cache policy apt | - grep -m1 'Installed: ' | - grep -v '(none)' | - awk '{print $2}')" + if [[ "${PKG_MANAGER}" == 'apt-get' ]] \ + && [[ -f /etc/apt/sources.list ]]; then + INSTALLED_APT="$(apt-cache policy apt \ + | grep -m1 'Installed: ' \ + | grep -v '(none)' \ + | awk '{print $2}')" if dpkg --compare-versions "${INSTALLED_APT}" lt 1.5; then BASE_DEPS+=("apt-transport-https") @@ -587,13 +587,13 @@ preconfigurePackages() { fi if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then - AVAILABLE_OPENVPN="$(apt-cache policy openvpn | - grep -m1 'Candidate: ' | - grep -v '(none)' | - awk '{print $2}')" + AVAILABLE_OPENVPN="$(apt-cache policy openvpn \ + | grep -m1 'Candidate: ' \ + | grep -v '(none)' \ + | awk '{print $2}')" elif [[ "${PKG_MANAGER}" == 'apk' ]]; then - AVAILABLE_OPENVPN="$(apk search -e openvpn | - sed -E -e 's/openvpn\-(.*)/\1/')" + AVAILABLE_OPENVPN="$(apk search -e openvpn \ + | sed -E -e 's/openvpn\-(.*)/\1/')" fi OPENVPN_SUPPORT=0 @@ -603,14 +603,14 @@ preconfigurePackages() { # repositories but we are running x86 Debian or Ubuntu, add the official repo # which provides the updated package. if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then - if [[ -n "${AVAILABLE_OPENVPN}" ]] && - dpkg --compare-versions "${AVAILABLE_OPENVPN}" ge 2.4; then + if [[ -n "${AVAILABLE_OPENVPN}" ]] \ + && dpkg --compare-versions "${AVAILABLE_OPENVPN}" ge 2.4; then OPENVPN_SUPPORT=1 else - if [[ "${PLAT}" == "Debian" ]] || - [[ "${PLAT}" == "Ubuntu" ]]; then - if [[ "${DPKG_ARCH}" == "amd64" ]] || - [[ "${DPKG_ARCH}" == "i386" ]]; then + if [[ "${PLAT}" == "Debian" ]] \ + || [[ "${PLAT}" == "Ubuntu" ]]; then + if [[ "${DPKG_ARCH}" == "amd64" ]] \ + || [[ "${DPKG_ARCH}" == "i386" ]]; then NEED_OPENVPN_REPO=1 OPENVPN_SUPPORT=1 else @@ -621,8 +621,8 @@ preconfigurePackages() { fi fi elif [[ "${PKG_MANAGER}" == 'apk' ]]; then - if [[ -n "${AVAILABLE_OPENVPN}" ]] && - [[ "$(apk version -t "${AVAILABLE_OPENVPN}" 2.4)" == '>' ]]; then + if [[ -n "${AVAILABLE_OPENVPN}" ]] \ + && [[ "$(apk version -t "${AVAILABLE_OPENVPN}" 2.4)" == '>' ]]; then OPENVPN_SUPPORT=1 else OPENVPN_SUPPORT=0 @@ -630,13 +630,13 @@ preconfigurePackages() { fi if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then - AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | - grep -m1 'Candidate: ' | - grep -v '(none)' | - awk '{print $2}')" + AVAILABLE_WIREGUARD="$(apt-cache policy wireguard \ + | grep -m1 'Candidate: ' \ + | grep -v '(none)' \ + | awk '{print $2}')" elif [[ "${PKG_MANAGER}" == 'apk' ]]; then - AVAILABLE_WIREGUARD="$(apk search -e wireguard-tools | - sed -E -e 's/wireguard\-tools\-(.*)/\1/')" + AVAILABLE_WIREGUARD="$(apk search -e wireguard-tools \ + | sed -E -e 's/wireguard\-tools\-(.*)/\1/')" fi WIREGUARD_SUPPORT=0 @@ -649,9 +649,9 @@ preconfigurePackages() { WIREGUARD_BUILTIN=0 if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then - if dpkg-query -S '/lib/modules/*/wireguard.ko*' &> /dev/null || - modinfo wireguard 2> /dev/null | - grep -q '^filename:[[:blank:]]*(builtin)$'; then + if dpkg-query -S '/lib/modules/*/wireguard.ko*' &> /dev/null \ + || modinfo wireguard 2> /dev/null \ + | grep -q '^filename:[[:blank:]]*(builtin)$'; then WIREGUARD_BUILTIN=1 fi fi @@ -659,33 +659,40 @@ preconfigurePackages() { if # If the module is builtin and the package available, we only need # to install wireguard-tools. - [[ "${WIREGUARD_BUILTIN}" -eq 1 && -n "${AVAILABLE_WIREGUARD}" ]] || + [[ "${WIREGUARD_BUILTIN}" -eq 1 && -n "${AVAILABLE_WIREGUARD}" ]] \ + || # If the package is not available, on Debian and Raspbian we can # add it via Bullseye repository. - [[ "${WIREGUARD_BUILTIN}" -eq 1 && ("${PLAT}" == 'Debian' || "${PLAT}" == 'Raspbian') ]] || + [[ "${WIREGUARD_BUILTIN}" -eq 1 && ("${PLAT}" == 'Debian' || "${PLAT}" == 'Raspbian') ]] \ + || # If the module is not builtin, on Raspbian we know the headers # package: raspberrypi-kernel-headers - [[ "${PLAT}" == 'Raspbian' ]] || + [[ "${PLAT}" == 'Raspbian' ]] \ + || # On Alpine, the kernel must be linux-lts or linux-virt if we want to # load the kernel module - [[ "${PLAT}" == 'Alpine' && ! -f /.dockerenv && "$(uname -mrs)" =~ ^Linux\ +[0-9\.\-]+\-((lts)|(virt))\ +.*$ ]] || + [[ "${PLAT}" == 'Alpine' && ! -f /.dockerenv && "$(uname -mrs)" =~ ^Linux\ +[0-9\.\-]+\-((lts)|(virt))\ +.*$ ]] \ + || # On Alpine Docker Container, the responsibility to have a WireGuard # module on the host system is at user side - [[ "${PLAT}" == 'Alpine' && -f /.dockerenv ]] || + [[ "${PLAT}" == 'Alpine' && -f /.dockerenv ]] \ + || # On Debian (and Ubuntu), we can only reliably assume the headers package # for amd64: linux-image-amd64 - [[ "${PLAT}" == 'Debian' && "${DPKG_ARCH}" == 'amd64' ]] || + [[ "${PLAT}" == 'Debian' && "${DPKG_ARCH}" == 'amd64' ]] \ + || # On Ubuntu, additionally the WireGuard package needs to be available, # since we didn't test mixing Ubuntu repositories. - [[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'amd64' && -n "${AVAILABLE_WIREGUARD}" ]] || + [[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'amd64' && -n "${AVAILABLE_WIREGUARD}" ]] \ + || # Ubuntu focal has wireguard support [[ "${PLAT}" == 'Ubuntu' && "${DPKG_ARCH}" == 'arm64' && "${OSCN}" == 'focal' && -n "${AVAILABLE_WIREGUARD}" ]] then WIREGUARD_SUPPORT=1 fi - if [[ "${OPENVPN_SUPPORT}" -eq 0 ]] && - [[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then + if [[ "${OPENVPN_SUPPORT}" -eq 0 ]] \ + && [[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then err "::: Neither OpenVPN nor WireGuard are available to install by PiVPN, exiting..." exit 1 fi @@ -704,14 +711,14 @@ preconfigurePackages() { if [[ "${PKG_MANAGER}" == 'apt-get' ]] && [[ "${USING_UFW}" -eq 0 ]]; then BASE_DEPS+=(iptables-persistent) - echo iptables-persistent iptables-persistent/autosave_v4 boolean true | - ${SUDO} debconf-set-selections - echo iptables-persistent iptables-persistent/autosave_v6 boolean false | - ${SUDO} debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v4 boolean true \ + | ${SUDO} debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean false \ + | ${SUDO} debconf-set-selections fi - if [[ "${PLAT}" == 'Alpine' ]] && - ! command -v grepcidr &> /dev/null; then + if [[ "${PLAT}" == 'Alpine' ]] \ + && ! command -v grepcidr &> /dev/null; then local down_dir ## install dependencies # shellcheck disable=SC2086 @@ -762,8 +769,8 @@ installDependentPackages() { echo -n "::: Checking for ${i}..." if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then - if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null | - grep -q "ok installed"; then + if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null \ + | grep -q "ok installed"; then echo " already installed!" else echo " not installed!" @@ -790,8 +797,8 @@ installDependentPackages() { for i in "${TO_INSTALL[@]}"; do if [[ "${PKG_MANAGER}" == 'apt-get' ]]; then - if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null | - grep -q "ok installed"; then + if dpkg-query -W -f='${Status}' "${i}" 2> /dev/null \ + | grep -q "ok installed"; then echo "::: Package ${i} successfully installed!" # Add this package to the total list of packages that were actually # installed by the script @@ -868,20 +875,20 @@ chooseInterface() { # Show every network interface, could be useful for those who # install PiVPN inside virtual machines or on Raspberry Pis # with USB adapters - availableInterfaces="$(echo "${availableInterfaces}" | - awk '{print $2}')" + availableInterfaces="$(echo "${availableInterfaces}" \ + | awk '{print $2}')" else # Find network interfaces whose state is UP - availableInterfaces="$(echo "${availableInterfaces}" | - awk '/state UP/ {print $2}')" + availableInterfaces="$(echo "${availableInterfaces}" \ + | awk '/state UP/ {print $2}')" fi # Skip virtual, loopback and docker interfaces - availableInterfaces="$(echo "${availableInterfaces}" | - cut -d ':' -f 1 | - cut -d '@' -f 1 | - grep -v -w 'lo' | - grep -v '^docker')" + availableInterfaces="$(echo "${availableInterfaces}" \ + | cut -d ':' -f 1 \ + | cut -d '@' -f 1 \ + | grep -v -w 'lo' \ + | grep -v '^docker')" if [[ -z "${availableInterfaces}" ]]; then err "::: Could not find any active network interface, exiting" @@ -942,8 +949,8 @@ chooseInterface() { { echo "IPv4dev=${IPv4dev}" - if [[ "${pivpnenableipv6}" -eq 1 ]] && - [[ -z "${IPv6dev}" ]]; then + if [[ "${pivpnenableipv6}" -eq 1 ]] \ + && [[ -z "${IPv6dev}" ]]; then echo "IPv6dev=${IPv6dev}" fi } >> "${tempsetupVarsFile}" @@ -1012,8 +1019,8 @@ checkStaticIpSupported() { return 0 # If we are on 'Debian' but the raspi.list file is present, # then we actually are on 64-bit Raspberry Pi OS. - elif [[ "${PLAT}" == "Debian" ]] && - [[ -s /etc/apt/sources.list.d/raspi.list ]]; then + elif [[ "${PLAT}" == "Debian" ]] \ + && [[ -s /etc/apt/sources.list.d/raspi.list ]]; then return 0 else return 1 @@ -1120,7 +1127,7 @@ force all IPv6 connections through the VPN.\\n\\nThis will prevent the \ client from bypassing the tunnel and leaking its real IPv6 address to servers, \ though it might cause the client to have slow response when browsing the web \ on IPv6 networks. - + Do you want to force routing IPv6 to block the leakage?" "${r}" "${c}"; then pivpnforceipv6route=1 else @@ -1132,23 +1139,23 @@ Do you want to force routing IPv6 to block the leakage?" "${r}" "${c}"; then getStaticIPv4Settings() { # Find the gateway IP used to route to outside world - CurrentIPv4gw="$(ip -o route get 192.0.2.1 | - grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | - awk 'NR==2')" + CurrentIPv4gw="$(ip -o route get 192.0.2.1 \ + | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \ + | awk 'NR==2')" # Find the IP address (and netmask) of the desidered interface - CurrentIPv4addr="$(ip -o -f inet address show dev "${IPv4dev}" | - grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" + CurrentIPv4addr="$(ip -o -f inet address show dev "${IPv4dev}" \ + | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" # Grab their current DNS servers - IPv4dns="$(grep -v "^#" /etc/resolv.conf | - grep -w nameserver | - grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | - xargs)" + IPv4dns="$(grep -v "^#" /etc/resolv.conf \ + | grep -w nameserver \ + | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \ + | xargs)" if [[ "${runUnattended}" == 'true' ]]; then - if [[ -z "${dhcpReserv}" ]] || - [[ "${dhcpReserv}" -ne 1 ]]; then + if [[ -z "${dhcpReserv}" ]] \ + || [[ "${dhcpReserv}" -ne 1 ]]; then local MISSING_STATIC_IPV4_SETTINGS=0 if [[ -z "${IPv4addr}" ]]; then @@ -1283,7 +1290,7 @@ IPv4 address" "${r}" "${c}" "${CurrentIPv4addr}" \ --backtitle "Calibrating network interface" \ --title "IPv4 address" \ --msgbox "You've entered an invalid IP address: ${IPv4addr} - + Please enter an IP address in the CIDR notation, example: 192.168.23.211/24 If you are not sure, please just keep the default." "${r}" "${c}" @@ -1313,7 +1320,7 @@ default gateway" "${r}" "${c}" "${CurrentIPv4gw}" \ --backtitle "Calibrating network interface" \ --title "IPv4 gateway (router)" \ --msgbox "You've entered an invalid gateway IP: ${IPv4gw} - + Please enter the IP address of your gateway (router), example: 192.168.23.1 If you are not sure, please just keep the default." "${r}" "${c}" @@ -1401,8 +1408,8 @@ chooseUser() { exit 1 fi else - if awk -F':' '$3>=1000 && $3<=60000 {print $1}' /etc/passwd | - grep -qw "${install_user}"; then + if awk -F':' '$3>=1000 && $3<=60000 {print $1}' /etc/passwd \ + | grep -qw "${install_user}"; then echo "::: ${install_user} will hold your ovpn configurations." else echo "::: User ${install_user} does not exist, creating..." @@ -1419,8 +1426,8 @@ chooseUser() { fi fi - install_home="$(grep -m1 "^${install_user}:" /etc/passwd | - cut -d ':' -f 6)" + install_home="$(grep -m1 "^${install_user}:" /etc/passwd \ + | cut -d ':' -f 6)" install_home="${install_home%/}" { @@ -1519,8 +1526,8 @@ chooseUser() { for desiredUser in ${chooseUserOptions}; do install_user=${desiredUser} echo "::: Using User: ${install_user}" - install_home=$(grep -m1 "^${install_user}:" /etc/passwd | - cut -d ':' -f 6) + install_home=$(grep -m1 "^${install_user}:" /etc/passwd \ + | cut -d ':' -f 6) install_home=${install_home%/} # remove possible trailing slash { @@ -1562,8 +1569,8 @@ updateRepo() { # Go back to /usr/local/src otherwise git will complain when the current # working directory has just been deleted (/usr/local/src/pivpn). - cd /usr/local/src && - ${SUDO} git clone \ + cd /usr/local/src \ + && ${SUDO} git clone \ -q \ --depth 1 \ --no-single-branch \ @@ -1600,8 +1607,8 @@ makeRepo() { # Go back to /usr/local/src otherwhise git will complain when the current # working directory has just been deleted (/usr/local/src/pivpn). - cd /usr/local/src && - ${SUDO} git clone \ + cd /usr/local/src \ + && ${SUDO} git clone \ -q \ --depth 1 \ --no-single-branch \ @@ -1643,8 +1650,8 @@ cloneOrUpdateRepos() { ${SUDO} mkdir -p /usr/local/src # Get Git files - getGitFiles "${pivpnFilesDir}" "${pivpnGitUrl}" || - { + getGitFiles "${pivpnFilesDir}" "${pivpnGitUrl}" \ + || { err "!!! Unable to clone ${pivpnGitUrl} into ${pivpnFilesDir}, unable to continue." exit 1 } @@ -1721,8 +1728,8 @@ generateRandomSubnet() { SUBNET_EXCLUDE_LIST+=(10.100.1.0/24) SUBNET_EXCLUDE_LIST+=(10.255.255.0/24) - readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show | - grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" + readarray -t CURRENTLY_USED_SUBNETS <<< "$(ip route show \ + | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,2}')" SUBNET_EXCLUDE_LIST=("${SUBNET_EXCLUDE_LIST[@]}" "${CURRENTLY_USED_SUBNETS[@]}") @@ -1769,8 +1776,8 @@ setWireguardDefaultVars() { pivpnNET="$(generateRandomSubnet)" fi - if [[ "${pivpnenableipv6}" -eq 1 ]] && - [[ -z "${pivpnNETv6}" ]]; then + if [[ "${pivpnenableipv6}" -eq 1 ]] \ + && [[ -z "${pivpnNETv6}" ]]; then pivpnNETv6="fd11:5ee:bad:c0de::" fi @@ -1787,8 +1794,8 @@ setWireguardDefaultVars() { # Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by # the user after the installation. - if [[ "${pivpnenableipv6}" -eq 1 ]] || - [[ "${pivpnforceipv6route}" -eq 1 ]]; then + if [[ "${pivpnenableipv6}" -eq 1 ]] \ + || [[ "${pivpnforceipv6route}" -eq 1 ]]; then ALLOWED_IPS="${ALLOWED_IPS}, ::0/0" fi fi @@ -1867,15 +1874,15 @@ askWhichVPN() { fi fi else - if [[ "${WIREGUARD_SUPPORT}" -eq 1 ]] && - [[ "${OPENVPN_SUPPORT}" -eq 1 ]]; then + if [[ "${WIREGUARD_SUPPORT}" -eq 1 ]] \ + && [[ "${OPENVPN_SUPPORT}" -eq 1 ]]; then chooseVPNCmd=(whiptail --backtitle "Setup PiVPN" --title "Installation mode" --separate-output --radiolist "WireGuard is a new kind of VPN that provides \ near-instantaneous connection speed, high performance, and modern cryptography. - + It's the recommended choice especially if you use mobile devices where \ WireGuard is easier on battery than OpenVPN. @@ -1895,12 +1902,12 @@ Choose a VPN (press space to select):" "${r}" "${c}" 2) err "::: Cancel selected, exiting...." exit 1 fi - elif [[ "${OPENVPN_SUPPORT}" -eq 1 ]] && - [[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then + elif [[ "${OPENVPN_SUPPORT}" -eq 1 ]] \ + && [[ "${WIREGUARD_SUPPORT}" -eq 0 ]]; then echo "::: Using VPN: OpenVPN" VPN="openvpn" - elif [[ "${OPENVPN_SUPPORT}" -eq 0 ]] && - [[ "${WIREGUARD_SUPPORT}" -eq 1 ]]; then + elif [[ "${OPENVPN_SUPPORT}" -eq 0 ]] \ + && [[ "${WIREGUARD_SUPPORT}" -eq 1 ]]; then echo "::: Using VPN: WireGuard" VPN="wireguard" fi @@ -1918,7 +1925,7 @@ askAboutCustomizing() { --yesno "PiVPN uses the following settings that we believe are good \ defaults for most users. However, we still want to keep flexibility, so if \ you need to customize them, choose Yes. - + * UDP or TCP protocol: UDP * Custom search domain for the DNS field: None * Modern features or best compatibility: Modern features \ @@ -1951,8 +1958,8 @@ installOpenVPN() { fi echo "::: Adding OpenVPN repository... " - echo "deb https://build.openvpn.net/debian/openvpn/stable ${OSCN} main" | - ${SUDO} tee /etc/apt/sources.list.d/pivpn-openvpn-repo.list > /dev/null + echo "deb https://build.openvpn.net/debian/openvpn/stable ${OSCN} main" \ + | ${SUDO} tee /etc/apt/sources.list.d/pivpn-openvpn-repo.list > /dev/null echo "::: Updating package cache..." updatePackageCache @@ -1999,16 +2006,16 @@ installWireGuard() { PIVPN_DEPS+=(libqrencode) fi - if [[ "${PLAT}" == "Raspbian" || "${PLAT}" == "Debian" ]] && - [[ -z "${AVAILABLE_WIREGUARD}" ]]; then + if [[ "${PLAT}" == "Raspbian" || "${PLAT}" == "Debian" ]] \ + && [[ -z "${AVAILABLE_WIREGUARD}" ]]; then if [[ "${PLAT}" == "Debian" ]]; then echo "::: Adding Debian Bullseye repository... " - echo "deb https://deb.debian.org/debian/ bullseye main" | - ${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null + echo "deb https://deb.debian.org/debian/ bullseye main" \ + | ${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null else echo "::: Adding Raspbian Bullseye repository... " - echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | - ${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null + echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" \ + | ${SUDO} tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null fi { @@ -2035,8 +2042,8 @@ askCustomProto() { else pivpnPROTO="${pivpnPROTO,,}" - if [[ "${pivpnPROTO}" == "udp" ]] || - [[ "${pivpnPROTO}" == "tcp" ]]; then + if [[ "${pivpnPROTO}" == "udp" ]] \ + || [[ "${pivpnPROTO}" == "tcp" ]]; then echo "::: Using the ${pivpnPROTO} protocol" else err ":: ${pivpnPROTO} is not a supported TCP/IP protocol, please specify 'udp' or 'tcp'" @@ -2091,9 +2098,9 @@ askCustomPort() { fi fi else - if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] && - [[ "${pivpnPORT}" -ge 1 ]] && - [[ "${pivpnPORT}" -le 65535 ]]; then + if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] \ + && [[ "${pivpnPORT}" -ge 1 ]] \ + && [[ "${pivpnPORT}" -le 65535 ]]; then echo "::: Using port ${pivpnPORT}" else err "::: ${pivpnPORT} is not a valid port, use a port within the range [1,65535] (inclusive)" @@ -2124,9 +2131,9 @@ askCustomPort() { Enter a new value or hit 'Enter' to retain \ the default" "${r}" "${c}" "${DEFAULT_PORT}" \ 3>&1 1>&2 2>&3)"; then - if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] && - [[ "${pivpnPORT}" -ge 1 ]] && - [[ "${pivpnPORT}" -le 65535 ]]; then + if [[ "${pivpnPORT}" =~ ^[0-9]+$ ]] \ + && [[ "${pivpnPORT}" -ge 1 ]] \ + && [[ "${pivpnPORT}" -le 65535 ]]; then : else pivpnPORT="${portInvalid}" @@ -2164,12 +2171,12 @@ the default" "${r}" "${c}" "${DEFAULT_PORT}" \ askClientDNS() { if [[ "${runUnattended}" == 'true' ]]; then - if [[ -z "${pivpnDNS1}" ]] && - [[ -n "${pivpnDNS2}" ]]; then + if [[ -z "${pivpnDNS1}" ]] \ + && [[ -n "${pivpnDNS2}" ]]; then pivpnDNS1="${pivpnDNS2}" unset pivpnDNS2 - elif [[ -z "${pivpnDNS1}" ]] && - [[ -z "${pivpnDNS2}" ]]; then + elif [[ -z "${pivpnDNS1}" ]] \ + && [[ -z "${pivpnDNS2}" ]]; then pivpnDNS1="9.9.9.9" pivpnDNS2="149.112.112.112" echo -n "::: No DNS provider specified, " @@ -2183,8 +2190,8 @@ askClientDNS() { echo "::: Invalid DNS ${pivpnDNS1}" fi - if [[ -n "${pivpnDNS2}" ]] && - ! validIP "${pivpnDNS2}"; then + if [[ -n "${pivpnDNS2}" ]] \ + && ! validIP "${pivpnDNS2}"; then INVALID_DNS_SETTINGS=1 echo "::: Invalid DNS ${pivpnDNS2}" fi @@ -2218,8 +2225,8 @@ get ad blocking on the go?" "${r}" "${c}"; then # Add a custom hosts file for VPN clients so they appear # as 'name.pivpn' in the Pi-hole dashboard as well as resolve # by their names. - echo "addn-hosts=/etc/pivpn/hosts.${VPN}" | - ${SUDO} tee "${dnsmasqConfig}" > /dev/null + echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \ + | ${SUDO} tee "${dnsmasqConfig}" > /dev/null # Then create an empty hosts file or clear if it exists. ${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}" @@ -2296,23 +2303,23 @@ In case you have a local resolver running, i.e. unbound, select \ --backtitle "Specify Upstream DNS Provider(s)" \ --inputbox "Enter your desired upstream DNS provider(s), \ separated by a comma. - + For example '1.1.1.1, 9.9.9.9'" "${r}" "${c}" "" \ 3>&1 1>&2 2>&3)"; then - pivpnDNS1="$(echo "${pivpnDNS}" | - sed 's/[, \t]\+/,/g' | - awk -F, '{print$1}')" - pivpnDNS2="$(echo "${pivpnDNS}" | - sed 's/[, \t]\+/,/g' | - awk -F, '{print$2}')" + pivpnDNS1="$(echo "${pivpnDNS}" \ + | sed 's/[, \t]\+/,/g' \ + | awk -F, '{print$1}')" + pivpnDNS2="$(echo "${pivpnDNS}" \ + | sed 's/[, \t]\+/,/g' \ + | awk -F, '{print$2}')" - if ! validIP "${pivpnDNS1}" || - [[ ! "${pivpnDNS1}" ]]; then + if ! validIP "${pivpnDNS1}" \ + || [[ ! "${pivpnDNS1}" ]]; then pivpnDNS1="${strInvalid}" fi - if ! validIP "${pivpnDNS2}" && - [[ "${pivpnDNS2}" ]]; then + if ! validIP "${pivpnDNS2}" \ + && [[ "${pivpnDNS2}" ]]; then pivpnDNS2="${strInvalid}" fi else @@ -2320,8 +2327,8 @@ For example '1.1.1.1, 9.9.9.9'" "${r}" "${c}" "" \ exit 1 fi - if [[ "${pivpnDNS1}" == "${strInvalid}" ]] || - [[ "${pivpnDNS2}" == "${strInvalid}" ]]; then + if [[ "${pivpnDNS1}" == "${strInvalid}" ]] \ + || [[ "${pivpnDNS2}" == "${strInvalid}" ]]; then whiptail \ --backtitle "Invalid IP" \ --title "Invalid IP" \ @@ -2448,12 +2455,12 @@ Format: mydomain.com" "${r}" "${c}" \ } askPublicIPOrDNS() { - if ! IPv4pub="$(dig +short myip.opendns.com @208.67.222.222)" || - ! validIP "${IPv4pub}"; then + if ! IPv4pub="$(dig +short myip.opendns.com @208.67.222.222)" \ + || ! validIP "${IPv4pub}"; then err "dig failed, now trying to curl checkip.amazonaws.com" - if ! IPv4pub="$(curl -sSf https://checkip.amazonaws.com)" || - ! validIP "${IPv4pub}"; then + if ! IPv4pub="$(curl -sSf https://checkip.amazonaws.com)" \ + || ! validIP "${IPv4pub}"; then err "checkip.amazonaws.com failed, please check your internet connection/DNS" exit 1 fi @@ -2539,8 +2546,8 @@ Public DNS Name: ${PUBLICDNS}" "${r}" "${c}"; then askEncryption() { if [[ "${runUnattended}" == 'true' ]]; then - if [[ -z "${TWO_POINT_FOUR}" ]] || - [[ "${TWO_POINT_FOUR}" -eq 1 ]]; then + if [[ -z "${TWO_POINT_FOUR}" ]] \ + || [[ "${TWO_POINT_FOUR}" -eq 1 ]]; then TWO_POINT_FOUR=1 echo "::: Using OpenVPN 2.4 features" @@ -2548,9 +2555,9 @@ askEncryption() { pivpnENCRYPT=256 fi - if [[ "${pivpnENCRYPT}" -eq 256 ]] || - [[ "${pivpnENCRYPT}" -eq 384 ]] || - [[ "${pivpnENCRYPT}" -eq 521 ]]; then + if [[ "${pivpnENCRYPT}" -eq 256 ]] \ + || [[ "${pivpnENCRYPT}" -eq 384 ]] \ + || [[ "${pivpnENCRYPT}" -eq 521 ]]; then echo "::: Using a ${pivpnENCRYPT}-bit certificate" else err "::: ${pivpnENCRYPT} is not a valid certificate size, use 256, 384, or 521" @@ -2564,9 +2571,9 @@ askEncryption() { pivpnENCRYPT=2048 fi - if [[ "${pivpnENCRYPT}" -eq 2048 ]] || - [[ "${pivpnENCRYPT}" -eq 3072 ]] || - [[ "${pivpnENCRYPT}" -eq 4096 ]]; then + if [[ "${pivpnENCRYPT}" -eq 2048 ]] \ + || [[ "${pivpnENCRYPT}" -eq 3072 ]] \ + || [[ "${pivpnENCRYPT}" -eq 4096 ]]; then echo "::: Using a ${pivpnENCRYPT}-bit certificate" else err "::: ${pivpnENCRYPT} is not a valid certificate size, use 2048, 3072, or 4096" @@ -2612,7 +2619,7 @@ askEncryption() { --yesno "OpenVPN 2.4 can take advantage of Elliptic Curves \ to provide higher connection speed and improved security over \ RSA, while keeping smaller certificates. - + Moreover, the 'tls-crypt' directive encrypts the certificates \ being used while authenticating, increasing privacy. @@ -2661,8 +2668,8 @@ then grab a cup of joe and pick 4096 bits." "${r}" "${c}" 3 \ exit 1 fi - if [[ "${pivpnENCRYPT}" -ge 2048 ]] && - whiptail \ + if [[ "${pivpnENCRYPT}" -ge 2048 ]] \ + && whiptail \ --backtitle "Setup OpenVPN" \ --title "Generate Diffie-Hellman Parameters" \ --yesno "Generating DH parameters can take many hours on a Raspberry Pi. \ @@ -2732,8 +2739,8 @@ confOpenVPN() { fi # Get easy-rsa - curl -sSfL "${easyrsaRel}" | - ${SUDO} tar -xz --one-top-level=/etc/openvpn/easy-rsa --strip-components 1 + curl -sSfL "${easyrsaRel}" \ + | ${SUDO} tar -xz --one-top-level=/etc/openvpn/easy-rsa --strip-components 1 if [[ ! -s /etc/openvpn/easy-rsa/easyrsa ]]; then err "${0}: ERR: Failed to download EasyRSA." @@ -2803,8 +2810,8 @@ confOpenVPN() { ${SUDOE} ./easyrsa --batch build-ca nopass printf "\\n::: CA Complete.\\n" - if [[ "${pivpnCERT}" == "rsa" ]] && - [[ "${USE_PREDEFINED_DH_PARAM}" -ne 1 ]]; then + if [[ "${pivpnCERT}" == "rsa" ]] \ + && [[ "${USE_PREDEFINED_DH_PARAM}" -ne 1 ]]; then if [[ "${runUnattended}" == 'true' ]]; then echo "::: The server key, Diffie-Hellman parameters, \ and HMAC key will now be generated." @@ -2818,8 +2825,8 @@ and HMAC key will now be generated." \ "${r}" \ "${c}" fi - elif [[ "${pivpnCERT}" == "ec" ]] || - [[ "${pivpnCERT}" == "rsa" && "${USE_PREDEFINED_DH_PARAM}" -eq 1 ]]; then + elif [[ "${pivpnCERT}" == "ec" ]] \ + || [[ "${pivpnCERT}" == "rsa" && "${USE_PREDEFINED_DH_PARAM}" -eq 1 ]]; then if [[ "${runUnattended}" == 'true' ]]; then echo "::: The server key and HMAC key will now be generated." else @@ -3100,11 +3107,11 @@ confWireGuard() { ${SUDO} mkdir -p /etc/wireguard/keys # Generate private key and derive public key from it - wg genkey | - ${SUDO} tee /etc/wireguard/keys/server_priv &> /dev/null - ${SUDO} cat /etc/wireguard/keys/server_priv | - wg pubkey | - ${SUDO} tee /etc/wireguard/keys/server_pub &> /dev/null + wg genkey \ + | ${SUDO} tee /etc/wireguard/keys/server_priv &> /dev/null + ${SUDO} cat /etc/wireguard/keys/server_priv \ + | wg pubkey \ + | ${SUDO} tee /etc/wireguard/keys/server_pub &> /dev/null echo "::: Server Keys have been generated." @@ -3128,8 +3135,8 @@ confWireGuard() { confNetwork() { # Enable forwarding of internet traffic - echo 'net.ipv4.ip_forward=1' | - ${SUDO} tee /etc/sysctl.d/99-pivpn.conf > /dev/null + echo 'net.ipv4.ip_forward=1' \ + | ${SUDO} tee /etc/sysctl.d/99-pivpn.conf > /dev/null if [[ "${pivpnenableipv6}" -eq 1 ]]; then { @@ -3249,8 +3256,8 @@ confNetwork() { # On a newly installed system all policies should be ACCEPT, # so the only required rule would be the MASQUERADE one. - if ! ${SUDO} iptables -t nat -S | - grep -q "${VPN}-nat-rule"; then + if ! ${SUDO} iptables -t nat -S \ + | grep -q "${VPN}-nat-rule"; then ${SUDO} iptables \ -t nat \ -I POSTROUTING \ @@ -3262,8 +3269,8 @@ confNetwork() { fi if [[ "${pivpnenableipv6}" -eq 1 ]]; then - if ! ${SUDO} ip6tables -t nat -S | - grep -q "${VPN}-nat-rule"; then + if ! ${SUDO} ip6tables -t nat -S \ + | grep -q "${VPN}-nat-rule"; then ${SUDO} ip6tables \ -t nat \ -I POSTROUTING \ @@ -3283,38 +3290,38 @@ confNetwork() { # Grep returns non 0 exit code where there are no matches, # however that would make the script exit, # for this reasons we use '|| true' to force exit code 0 - INPUT_RULES_COUNT="$(${SUDO} iptables -S INPUT | - grep -vcE '(^-P|ufw-)')" - FORWARD_RULES_COUNT="$(${SUDO} iptables -S FORWARD | - grep -vcE '(^-P|ufw-)')" - INPUT_POLICY="$(${SUDO} iptables -S INPUT | - grep '^-P' | - awk '{print $3}')" - FORWARD_POLICY="$(${SUDO} iptables -S FORWARD | - grep '^-P' | - awk '{print $3}')" + INPUT_RULES_COUNT="$(${SUDO} iptables -S INPUT \ + | grep -vcE '(^-P|ufw-)')" + FORWARD_RULES_COUNT="$(${SUDO} iptables -S FORWARD \ + | grep -vcE '(^-P|ufw-)')" + INPUT_POLICY="$(${SUDO} iptables -S INPUT \ + | grep '^-P' \ + | awk '{print $3}')" + FORWARD_POLICY="$(${SUDO} iptables -S FORWARD \ + | grep '^-P' \ + | awk '{print $3}')" if [[ "${pivpnenableipv6}" -eq 1 ]]; then - INPUT_RULES_COUNTv6="$(${SUDO} ip6tables -S INPUT | - grep -vcE '(^-P|ufw-)')" - FORWARD_RULES_COUNTv6="$(${SUDO} ip6tables -S FORWARD | - grep -vcE '(^-P|ufw-)')" - INPUT_POLICYv6="$(${SUDO} ip6tables -S INPUT | - grep '^-P' | - awk '{print $3}')" - FORWARD_POLICYv6="$(${SUDO} ip6tables -S FORWARD | - grep '^-P' | - awk '{print $3}')" + INPUT_RULES_COUNTv6="$(${SUDO} ip6tables -S INPUT \ + | grep -vcE '(^-P|ufw-)')" + FORWARD_RULES_COUNTv6="$(${SUDO} ip6tables -S FORWARD \ + | grep -vcE '(^-P|ufw-)')" + INPUT_POLICYv6="$(${SUDO} ip6tables -S INPUT \ + | grep '^-P' \ + | awk '{print $3}')" + FORWARD_POLICYv6="$(${SUDO} ip6tables -S FORWARD \ + | grep '^-P' \ + | awk '{print $3}')" fi # If rules count is not zero, we assume we need to explicitly allow traffic. # Same conclusion if there are no rules and the policy is not ACCEPT. # Note that rules are being added to the top of the chain (using -I). - if [[ "${INPUT_RULES_COUNT}" -ne 0 ]] || - [[ "${INPUT_POLICY}" != "ACCEPT" ]]; then - if ! ${SUDO} iptables -S | - grep -q "${VPN}-input-rule"; then + if [[ "${INPUT_RULES_COUNT}" -ne 0 ]] \ + || [[ "${INPUT_POLICY}" != "ACCEPT" ]]; then + if ! ${SUDO} iptables -S \ + | grep -q "${VPN}-input-rule"; then ${SUDO} iptables \ -I INPUT 1 \ -i "${IPv4dev}" \ @@ -3331,10 +3338,10 @@ confNetwork() { fi if [[ "${pivpnenableipv6}" -eq 1 ]]; then - if [[ "${INPUT_RULES_COUNTv6}" -ne 0 ]] || - [[ "${INPUT_POLICYv6}" != "ACCEPT" ]]; then - if ! ${SUDO} ip6tables -S | - grep -q "${VPN}-input-rule"; then + if [[ "${INPUT_RULES_COUNTv6}" -ne 0 ]] \ + || [[ "${INPUT_POLICYv6}" != "ACCEPT" ]]; then + if ! ${SUDO} ip6tables -S \ + | grep -q "${VPN}-input-rule"; then ${SUDO} ip6tables \ -I INPUT 1 \ -i "${IPv6dev}" \ @@ -3351,10 +3358,10 @@ confNetwork() { fi fi - if [[ "${FORWARD_RULES_COUNT}" -ne 0 ]] || - [[ "${FORWARD_POLICY}" != "ACCEPT" ]]; then - if ! ${SUDO} iptables -S | - grep -q "${VPN}-forward-rule"; then + if [[ "${FORWARD_RULES_COUNT}" -ne 0 ]] \ + || [[ "${FORWARD_POLICY}" != "ACCEPT" ]]; then + if ! ${SUDO} iptables -S \ + | grep -q "${VPN}-forward-rule"; then ${SUDO} iptables \ -I FORWARD 1 \ -d "${pivpnNET}/${subnetClass}" \ @@ -3381,10 +3388,10 @@ confNetwork() { fi if [[ "${pivpnenableipv6}" -eq 1 ]]; then - if [[ "${FORWARD_RULES_COUNTv6}" -ne 0 ]] || - [[ "${FORWARD_POLICYv6}" != "ACCEPT" ]]; then - if ! ${SUDO} ip6tables -S | - grep -q "${VPN}-forward-rule"; then + if [[ "${FORWARD_RULES_COUNTv6}" -ne 0 ]] \ + || [[ "${FORWARD_POLICYv6}" != "ACCEPT" ]]; then + if ! ${SUDO} ip6tables -S \ + | grep -q "${VPN}-forward-rule"; then ${SUDO} ip6tables \ -I FORWARD 1 \ -d "${pivpnNETv6}/${subnetClassv6}" \ @@ -3413,10 +3420,10 @@ confNetwork() { case "${PLAT}" in Debian | Raspbian | Ubuntu) - ${SUDO} iptables-save | - ${SUDO} tee /etc/iptables/rules.v4 > /dev/null - ${SUDO} ip6tables-save | - ${SUDO} tee /etc/iptables/rules.v6 > /dev/null + ${SUDO} iptables-save \ + | ${SUDO} tee /etc/iptables/rules.v4 > /dev/null + ${SUDO} ip6tables-save \ + | ${SUDO} tee /etc/iptables/rules.v6 > /dev/null ;; esac @@ -3464,8 +3471,8 @@ confLogging() { # Restart the logging service case "${PLAT}" in Debian | Raspbian | Ubuntu) - ${SUDO} systemctl -q is-active rsyslog.service && - ${SUDO} systemctl restart rsyslog.service + ${SUDO} systemctl -q is-active rsyslog.service \ + && ${SUDO} systemctl restart rsyslog.service ;; Alpine) ${SUDO} rc-service -is rsyslog restart diff --git a/ciscripts/startup.sh b/ciscripts/startup.sh index 6f6e56d..aa03c8d 100644 --- a/ciscripts/startup.sh +++ b/ciscripts/startup.sh @@ -1,13 +1,13 @@ #!/bin/bash -interface=$(ip -o link | - awk '{print $2}' | - cut -d ':' -f 1 | - cut -d '@' -f 1 | - grep -v -w 'lo' | - head -1) -ipaddress=$(ip addr show "${interface}" | - grep -o -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}/[0-9]{2}") +interface=$(ip -o link \ + | awk '{print $2}' \ + | cut -d ':' -f 1 \ + | cut -d '@' -f 1 \ + | grep -v -w 'lo' \ + | head -1) +ipaddress=$(ip addr show "${interface}" \ + | grep -o -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}/[0-9]{2}") gateway=$(ip route show | awk '/default/ {print $3}') hostname="pivpn.test" diff --git a/scripts/backup.sh b/scripts/backup.sh index dc932dd..f711e5b 100755 --- a/scripts/backup.sh +++ b/scripts/backup.sh @@ -20,8 +20,8 @@ setupConfigDir="/etc/pivpn" CHECK_PKG_INSTALLED='dpkg-query -s' -if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] && - [[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then +if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] \ + && [[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then # Two protocols have been installed, check if the script has passed # an argument, otherwise ask the user which one he wants to remove if [[ "$#" -ge 1 ]]; then diff --git a/scripts/openvpn/bash-completion b/scripts/openvpn/bash-completion index 775d221..1aa353c 100644 --- a/scripts/openvpn/bash-completion +++ b/scripts/openvpn/bash-completion @@ -14,8 +14,8 @@ _pivpn() { else COMPREPLY=("$(compgen -W "${opts}" -- "${cur}")") fi - elif [[ ("${prev}" == "add" || "${prev}" == "-a") ]] && - [[ "${#COMP_WORDS[@]}" -eq 3 ]]; then + elif [[ ("${prev}" == "add" || "${prev}" == "-a") ]] \ + && [[ "${#COMP_WORDS[@]}" -eq 3 ]]; then COMPREPLY=("$(compgen -W "nopass" -- "${cur}")") fi diff --git a/scripts/openvpn/listOVPN.sh b/scripts/openvpn/listOVPN.sh index 3257198..ccba5d3 100755 --- a/scripts/openvpn/listOVPN.sh +++ b/scripts/openvpn/listOVPN.sh @@ -35,10 +35,10 @@ printf "\\e[1m::: Certificate Status List :::\\e[0m\\n" while read -r line || [[ -n "${line}" ]]; do STATUS="$(echo "${line}" | awk '{print $1}')" NAME="$(echo "${line}" | awk -FCN= '{print $2}')" - EXPD="$(echo "${line}" | - awk '{if (length($2) == 15) print $2; else print "20"$2}' | - cut -b 1-8 | - date +"%b %d %Y" -f -)" + EXPD="$(echo "${line}" \ + | awk '{if (length($2) == 15) print $2; else print "20"$2}' \ + | cut -b 1-8 \ + | date +"%b %d %Y" -f -)" if [[ "${STATUS}" == "V" ]]; then printf "Valid" diff --git a/scripts/openvpn/makeOVPN.sh b/scripts/openvpn/makeOVPN.sh index 0f9558b..2d3a1a9 100755 --- a/scripts/openvpn/makeOVPN.sh +++ b/scripts/openvpn/makeOVPN.sh @@ -61,9 +61,9 @@ while [[ "$#" -gt 0 ]]; do _val="${_key##--name=}" if [[ "${_val}" == "${_key}" ]]; then - [[ "$#" -lt 2 ]] && - err "Missing value for the optional argument '${_key}'." && - exit 1 + [[ "$#" -lt 2 ]] \ + && err "Missing value for the optional argument '${_key}'." \ + && exit 1 _val="${2}" shift @@ -75,9 +75,9 @@ while [[ "$#" -gt 0 ]]; do _val="${_key##--password=}" if [[ "${_val}" == "${_key}" ]]; then - [[ "$#" -lt 2 ]] && - err "Missing value for the optional argument '${_key}'." && - exit 1 + [[ "$#" -lt 2 ]] \ + && err "Missing value for the optional argument '${_key}'." \ + && exit 1 _val="${2}" shift @@ -89,9 +89,9 @@ while [[ "$#" -gt 0 ]]; do _val="${_key##--days=}" if [[ "${_val}" == "${_key}" ]]; then - [[ "$#" -lt 2 ]] && - err "Missing value for the optional argument '${_key}'." && - exit 1 + [[ "$#" -lt 2 ]] \ + && err "Missing value for the optional argument '${_key}'." \ + && exit 1 _val="${2}" shift @@ -180,9 +180,9 @@ useBitwarden() { read -r NAME # check name - until [[ "${NAME}" =~ ^[a-zA-Z0-9.@_-]+$ ]] && - [[ "${NAME::1}" != "." ]] && - [[ "${NAME::1}" != "-" ]]; do + until [[ "${NAME}" =~ ^[a-zA-Z0-9.@_-]+$ ]] \ + && [[ "${NAME::1}" != "." ]] \ + && [[ "${NAME::1}" != "-" ]]; do echo -n "Name can only contain alphanumeric characters and these " echo -n "characters (.-@_). The name also cannot start with a dot (.)" echo " or a dash (-). Please try again." @@ -210,13 +210,13 @@ useBitwarden() { # create a new item for your PiVPN Password PASSWD="$(bw generate -usln --length "${LENGTH}")" - bw get template item | - jq '.login.type = "1"' | - jq '.name = "PiVPN"' | - jq -r --arg NAME "${NAME}" '.login.username = $NAME' | - jq -r --arg PASSWD "${PASSWD}" '.login.password = $PASSWD' | - bw encode | - bw create item + bw get template item \ + | jq '.login.type = "1"' \ + | jq '.name = "PiVPN"' \ + | jq -r --arg NAME "${NAME}" '.login.username = $NAME' \ + | jq -r --arg PASSWD "${PASSWD}" '.login.password = $PASSWD' \ + | bw encode \ + | bw create item bw logout } @@ -357,9 +357,9 @@ else err "Please choose another name or revoke this certificate first." exit 1 # Check if name is reserved - elif [[ "${NAME}" == "ta" ]] || - [[ "${NAME}" == "server" ]] || - [[ "${NAME}" == "ca" ]]; then + elif [[ "${NAME}" == "ta" ]] \ + || [[ "${NAME}" == "server" ]] \ + || [[ "${NAME}" == "ca" ]]; then err "Sorry, this is in use by the server and cannot be used by clients." exit 1 fi @@ -370,9 +370,9 @@ else read -r -e -p "How many days should the certificate last? " -i 1080 DAYS fi - if [[ ! "${DAYS}" =~ ^[0-9]+$ ]] || - [[ "${DAYS}" -lt 1 ]] || - [[ "${DAYS}" -gt 3650 ]]; then + if [[ ! "${DAYS}" =~ ^[0-9]+$ ]] \ + || [[ "${DAYS}" -lt 1 ]] \ + || [[ "${DAYS}" -gt 3650 ]]; then # The CRL lasts 3650 days so it doesn't make much sense # that certificates would last longer err "Please input a valid number of days, between 1 and 3650 inclusive." @@ -516,8 +516,8 @@ for i in {2..254}; do # cycle to the end without finding and available octet. # disabling SC2514, variable sourced externaly # shellcheck disable=SC2154 - if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] || - ! find /etc/openvpn/ccd \ + if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] \ + || ! find /etc/openvpn/ccd \ -type f \ -exec grep -q "${NET_REDUCED}.${i}" {} +; then COUNT="${i}" diff --git a/scripts/openvpn/pivpnDebug.sh b/scripts/openvpn/pivpnDebug.sh index fc78e8d..0df047c 100755 --- a/scripts/openvpn/pivpnDebug.sh +++ b/scripts/openvpn/pivpnDebug.sh @@ -65,10 +65,10 @@ if [[ "${PLAT}" != 'Alpine' ]]; then # Regular expession taken from https://superuser.com/a/202835, # it will match invalid IPs like 123.456.789.012 but it's fine # since the log only contains valid ones. - declare -a IPS_TO_HIDE=("$(echo "${OVPNLOG}" | - grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 | - grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | - uniq)") + declare -a IPS_TO_HIDE=("$(echo "${OVPNLOG}" \ + | grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \ + | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \ + | uniq)") for IP in "${IPS_TO_HIDE[@]}"; do OVPNLOG="${OVPNLOG//"$IP"/REDACTED}" diff --git a/scripts/openvpn/removeOVPN.sh b/scripts/openvpn/removeOVPN.sh index 35210b2..bc523c6 100755 --- a/scripts/openvpn/removeOVPN.sh +++ b/scripts/openvpn/removeOVPN.sh @@ -166,9 +166,9 @@ for ((ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do # shellcheck disable=SC2154 # Grab the client IP address NET_REDUCED="${pivpnNET::-2}" - STATIC_IP="$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | - grep -w ifconfig-push | - grep -oE "${NET_REDUCED}\.[0-9]{1,3}")" + STATIC_IP="$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" \ + | grep -w ifconfig-push \ + | grep -oE "${NET_REDUCED}\.[0-9]{1,3}")" rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" # disablung warning SC2154, $install_home sourced externally diff --git a/scripts/self_check.sh b/scripts/self_check.sh index 153cdab..218b502 100755 --- a/scripts/self_check.sh +++ b/scripts/self_check.sh @@ -1,7 +1,7 @@ #!/bin/bash -PLAT="$(grep -sEe '^NAME\=' /etc/os-release | - sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")" +PLAT="$(grep -sEe '^NAME\=' /etc/os-release \ + | sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")" # dual protocol, VPN type supplied as $1 VPN="${1}" @@ -255,8 +255,8 @@ else fi if [[ "${PLAT}" == 'Alpine' ]]; then - if [[ "$(rc-service "${VPN_SERVICE}" status | - sed -E -e 's/.*status\: (.*)/\1/')" == 'started' ]]; then + if [[ "$(rc-service "${VPN_SERVICE}" status \ + | sed -E -e 's/.*status\: (.*)/\1/')" == 'started' ]]; then echo ":: [OK] ${VPN_PRETTY_NAME} is running" else ERR=1 @@ -271,8 +271,8 @@ if [[ "${PLAT}" == 'Alpine' ]]; then fi fi - if rc-update show default | - grep -sEe "\s*${VPN_SERVICE} .*" &> /dev/null; then + if rc-update show default \ + | grep -sEe "\s*${VPN_SERVICE} .*" &> /dev/null; then echo -n ":: [OK] ${VPN_PRETTY_NAME} is enabled " echo "(it will automatically start on reboot)" else diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 1a1ba91..824556a 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -26,8 +26,8 @@ setupConfigDir="/etc/pivpn" pivpnFilesDir="/usr/local/src/pivpn" pivpnScriptDir="/opt/pivpn" -PLAT="$(grep -sEe '^NAME\=' /etc/os-release | - sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")" +PLAT="$(grep -sEe '^NAME\=' /etc/os-release \ + | sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")" if [[ "${PLAT}" == 'Alpine' ]]; then PKG_MANAGER='apk' @@ -36,8 +36,8 @@ fi UPDATE_PKG_CACHE="${PKG_MANAGER} update" -if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] && - [[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then +if [[ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ]] \ + && [[ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]]; then vpnStillExists=1 # Two protocols have been installed, check if the script has passed diff --git a/scripts/update.sh b/scripts/update.sh index 7c922d4..32709bc 100755 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -90,8 +90,8 @@ updatepivpnscripts() { echo fi - if [[ -d "${pivpnlocalpath}" ]] && - [[ -n "${pivpnlocalpath}" ]]; then + if [[ -d "${pivpnlocalpath}" ]] \ + && [[ -n "${pivpnlocalpath}" ]]; then rm -rf "${pivpnlocalpath}/../.pivpn" fi diff --git a/scripts/wireguard/clientSTAT.sh b/scripts/wireguard/clientSTAT.sh index 248db38..a9a740b 100755 --- a/scripts/wireguard/clientSTAT.sh +++ b/scripts/wireguard/clientSTAT.sh @@ -49,8 +49,8 @@ listClients() { BYTES_RECEIVED="$(awk '{ print $6 }' <<< "${LINE}")" BYTES_SENT="$(awk '{ print $7 }' <<< "${LINE}")" LAST_SEEN="$(awk '{ print $5 }' <<< "${LINE}")" - CLIENT_NAME="$(grep "${PUBLIC_KEY}" "${CLIENTS_FILE}" | - awk '{ print $1 }')" + CLIENT_NAME="$(grep "${PUBLIC_KEY}" "${CLIENTS_FILE}" \ + | awk '{ print $1 }')" printf "%s \t %s \t %s \t " \ "${CLIENT_NAME}" \ "${REMOTE_IP}" \ diff --git a/scripts/wireguard/makeCONF.sh b/scripts/wireguard/makeCONF.sh index c396125..6bbc6f8 100755 --- a/scripts/wireguard/makeCONF.sh +++ b/scripts/wireguard/makeCONF.sh @@ -40,9 +40,9 @@ while [[ "$#" -gt 0 ]]; do _val="${_key##--name=}" if [[ "${_val}" == "${_key}" ]]; then - [[ "$#" -lt 2 ]] && - err "::: Missing value for the optional argument '${_key}'." && - exit 1 + [[ "$#" -lt 2 ]] \ + && err "::: Missing value for the optional argument '${_key}'." \ + && exit 1 _val="${2}" shift @@ -94,9 +94,9 @@ elif [[ -f "configs/${CLIENT_NAME}.conf" ]]; then exit 1 fi -wg genkey | - tee "keys/${CLIENT_NAME}_priv" | - wg pubkey > "keys/${CLIENT_NAME}_pub" +wg genkey \ + | tee "keys/${CLIENT_NAME}_priv" \ + | wg pubkey > "keys/${CLIENT_NAME}_pub" wg genpsk | tee "keys/${CLIENT_NAME}_psk" &> /dev/null echo "::: Client Keys generated" @@ -104,8 +104,8 @@ echo "::: Client Keys generated" for i in {2..254}; do if ! grep -q " ${i}$" configs/clients.txt; then COUNT="${i}" - echo "${CLIENT_NAME} $(< keys/"${CLIENT_NAME}"_pub) $(date +%s) ${COUNT}" | - tee -a configs/clients.txt > /dev/null + echo "${CLIENT_NAME} $(< keys/"${CLIENT_NAME}"_pub) $(date +%s) ${COUNT}" \ + | tee -a configs/clients.txt > /dev/null break fi done @@ -167,12 +167,12 @@ echo "::: Client config generated" echo "::: Updated server config" if [[ -f /etc/pivpn/hosts.wireguard ]]; then - echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" | - tee -a /etc/pivpn/hosts.wireguard > /dev/null + echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" \ + | tee -a /etc/pivpn/hosts.wireguard > /dev/null if [[ "${pivpnenableipv6}" == 1 ]]; then - echo "${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn" | - tee -a /etc/pivpn/hosts.wireguard > /dev/null + echo "${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn" \ + | tee -a /etc/pivpn/hosts.wireguard > /dev/null fi if killall -SIGHUP pihole-FTL; then diff --git a/scripts/wireguard/removeCONF.sh b/scripts/wireguard/removeCONF.sh index 9f15b21..c10b10c 100755 --- a/scripts/wireguard/removeCONF.sh +++ b/scripts/wireguard/removeCONF.sh @@ -100,11 +100,11 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do # Grab the least significant octed of the client IP address COUNT="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')" # The creation date of the client - CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt | - awk '{print $3}')" + CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt \ + | awk '{print $3}')" # And its public key - PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt | - awk '{print $2}')" + PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt \ + | awk '{print $2}')" # Then remove the client matching the variables above sed \